Home > On-Demand Archives > Talks >

IoT Hacks: Behind the Scenes

Joe Hopper - Watch Now - EOC 2020 - Duration: 40:01

News reports of IoT breaches are now commonplace, with manufacturers often blaming end-user misconfigurations or 'sophisticated attacks'. This implies the victim customers and organizations were simply unlucky, but have you ever wondered exactly how these hacks occurred and what could have been done to prevent them?

Joe Hopper, a professional hacker for the Fracture Labs technology security company, will walk you through:

  • How hackers target the victim devices
  • How vulnerabilities are discovered
  • How the weaknesses are exploited
  • What could have been done to prevent the breaches in the first place
M↓ MARKDOWN HELP
italicssurround text with
*asterisks*
boldsurround text with
**two asterisks**
hyperlink
[hyperlink](https://example.com)
or just a bare URL
code
surround text with
`backticks`
strikethroughsurround text with
~~two tilde characters~~
quote
prefix with
>

GSmith
Score: 0 | 4 years ago | no reply

Hi, Joe. Great presentation.
You mentioned that there's a lot of training available now for software developers to learn about incorporating security. Can you provide some examples of where to find these resources?
Thank you.

mic.tec
Score: 0 | 5 years ago | no reply
This post has been deleted by the author
pepipox
Score: 0 | 5 years ago | 1 reply

Excellent presentation! Joe, could you explain a little bit about TPMs? were we can get some more info on them? thank you.

Joe_HopperSpeaker
Score: 0 | 5 years ago | no reply

Thank you!
The main reason I mentioned TPM is to have some place to store sensitive secrets. Many IoT systems today still include secrets (think AWS credentials, encryption keys, etc) in firmware or in the OS file system. This makes it easier for a hacker to obtain those secrets through firmware update file inspection, firmware extraction from flash, or through console access (via UART, telnet, SSH, or an OS command injection attack for example). The use of TPM - or even more broadly Trusted Execution Element (TEE) or Secure Element (SE) - provides for a secure place to store the sensitive data or at least their encryption keys (see: https://security.stackexchange.com/questions/122738/difference-between-tpm-tee-and-se).
I hope that helps!

JBlen
Score: 0 | 5 years ago | 1 reply

Hi Joe
It's a brilliant and explanatory presentation. I wish I have time to tell you: Any change to learn and work with you?

Joe_HopperSpeaker
Score: 0 | 5 years ago | no reply

Thank you, I appreciate that. Please feel free to connect with me on LinkedIn so we can chat further.

Alexey
Score: 0 | 5 years ago | no reply

fancy beard and smooth introductory to the subj
Thanks

LeeT
Score: 0 | 5 years ago | 1 reply

Any chance this presentation could be made available? My management is starting to get the idea that security is something we should start considering.

Joe_HopperSpeaker
Score: 0 | 5 years ago | no reply

Hi Lee, glad to hear they are starting to consider security more now. I would love to chat with you to hear more what concerns your organization might have. We provide free introductory sessions - like this but more collaborative - to help raise awareness and get the gears turnings. Could you please shoot me an email (info@fracturelabs.com) or schedule a quick chat from our site (https://www.fracturelabs.com/contact-us)?

Joe_HopperSpeaker
Score: 0 | 5 years ago | no reply

Hello everyone, and thank you for joining my session! Please let me know if you have any questions or comments!

OUR SPONSORS

OUR PARTNERS