Home > On-Demand Archives > Q&A Sessions >
Live Q&A - Live Hack: Demonstrating Common IoT Security Weaknesses
Joe Hopper - Watch Now - EOC 2022 - Duration: 20:59
Live Q&A - Live Hack: Demonstrating Common IoT Security Weaknesses
Joe Hopper
Live Q&A with Joe Hopper for the talk titled Live Hack: Demonstrating Common IoT Security Weaknesses
16:13:33 From Eric Lundquist : In the presentation you mentioned extra security measures in u-boot. Could you discuss that a little further. 16:13:52 From Erwin : Awesome live hack! Embarrassing how easy it was to get into devices. Have you any thoughts/numbers how many devices in the field are so easy to attack? 16:15:33 From Robert Hancock : Newer U-Boot versions have a way to password protect the console access (the password is stored hashed so you can't just extract it from the binary). Or you can just disable console access entirely. 16:16:04 From Erwin : Another thing is, you showed how to get Access to Linux based devices. Is getting access to FreeRTOS or bare metal devices as easy or are those per definition better? 16:19:27 From Eric Lundquist : Thanks! 16:23:47 From enrico perera : How do you work out a threat model if you canโt see ahead what someone will do ?My company makes a utility meter, should I assume someone is going to take a meter from (electric, gas, water) line as part of my threat model ? 16:24:20 From Erwin : Thanks for your detailed answer. 16:27:57 From Leandro Pรฉrez : Thanks Joe... Amazing talk ๐๐๐๐ 16:28:37 From jefcap : Do you have suggestions for secure update IoT devices? 16:28:38 From Phillip Kajubi : Are these the most common attacks you've seen in the field? what should we be most prepared for when designing? 16:31:42 From Phillip Kajubi : Thanks! 16:31:59 From Jay Cosper : thanks!
Thanks for the awesome talk Joe, I learned so much that I'm now afraid to connect any wireless device in my house ha. But seriously there are some great examples in this talk about how devices can be exploited, and how easily it can happen. It has really openned my eyes a lot more to IoT security.