We are constantly expanding and sharing our understanding of the Internet of Things and generally discovering that it is really quite broken. It’s easy to put remote controlled chipsets into everyday appliances and gadgets and manage their data in the cloud, but where are the safeguards and security frameworks? We have researched many app enabled “things” from kids toys to sex toys and kettles and every single one was found wanting. While the findings are fun, the implications are not. We’ll show you how they can create serious security headaches, from giving up Wi-Fi PSKs to being used as network implants.
The workshop will start with a brief slot covering our research to date with Fitbit’s Aria scales; what we’ve found, what we’ve learned, where we’ve got stuck, and what we’ve guessed at. We will discuss a few vulnerabilities that we have discovered and help get you started on finding some more. Once we’ve set the scene the workshop can begin. This is really a 101 on logic probing and hardware analysis, so we’ll share some basic techniques for logic probing; UART, SPI, Flash etc.