Home > On-Demand Archives > Talks >

IoT Hacks: Behind the Scenes

Joe Hopper - Watch Now - EOC 2020 - Duration: 40:01

News reports of IoT breaches are now commonplace, with manufacturers often blaming end-user misconfigurations or 'sophisticated attacks'. This implies the victim customers and organizations were simply unlucky, but have you ever wondered exactly how these hacks occurred and what could have been done to prevent them?

Joe Hopper, a professional hacker for the Fracture Labs technology security company, will walk you through:

  • How hackers target the victim devices
  • How vulnerabilities are discovered
  • How the weaknesses are exploited
  • What could have been done to prevent the breaches in the first place
italicssurround text with
boldsurround text with
**two asterisks**
or just a bare URL
surround text with
strikethroughsurround text with
~~two tilde characters~~
prefix with

Score: 0 | 4 years ago | no reply

Hi, Joe. Great presentation.
You mentioned that there's a lot of training available now for software developers to learn about incorporating security. Can you provide some examples of where to find these resources?
Thank you.

Score: 0 | 4 years ago | no reply
This post has been deleted by the author
Score: 0 | 4 years ago | 1 reply

Excellent presentation! Joe, could you explain a little bit about TPMs? were we can get some more info on them? thank you.

Score: 0 | 4 years ago | no reply

Thank you!
The main reason I mentioned TPM is to have some place to store sensitive secrets. Many IoT systems today still include secrets (think AWS credentials, encryption keys, etc) in firmware or in the OS file system. This makes it easier for a hacker to obtain those secrets through firmware update file inspection, firmware extraction from flash, or through console access (via UART, telnet, SSH, or an OS command injection attack for example). The use of TPM - or even more broadly Trusted Execution Element (TEE) or Secure Element (SE) - provides for a secure place to store the sensitive data or at least their encryption keys (see: https://security.stackexchange.com/questions/122738/difference-between-tpm-tee-and-se).
I hope that helps!

Score: 0 | 4 years ago | 1 reply

Hi Joe
It's a brilliant and explanatory presentation. I wish I have time to tell you: Any change to learn and work with you?

Score: 0 | 4 years ago | no reply

Thank you, I appreciate that. Please feel free to connect with me on LinkedIn so we can chat further.

Score: 0 | 4 years ago | no reply

fancy beard and smooth introductory to the subj

Score: 0 | 4 years ago | 1 reply

Any chance this presentation could be made available? My management is starting to get the idea that security is something we should start considering.

Score: 0 | 4 years ago | no reply

Hi Lee, glad to hear they are starting to consider security more now. I would love to chat with you to hear more what concerns your organization might have. We provide free introductory sessions - like this but more collaborative - to help raise awareness and get the gears turnings. Could you please shoot me an email (info@fracturelabs.com) or schedule a quick chat from our site (https://www.fracturelabs.com/contact-us)?

Score: 0 | 4 years ago | no reply

Hello everyone, and thank you for joining my session! Please let me know if you have any questions or comments!