Abstract
In this talk we will be discussing how we ended up gaining access to over 500+ Vehicles through a vulnerable vehicle anti-theft GPS device which helped us to monitor the precise location of the vehicle, lock/unlock the instrument cluster, check odometer readings and even track wherever the vehicle has travelled recently. All of this was achieved through a very simple yet effective flaw in their mobile app.
This talk will help the audience to understand the dangers of having misconfigurations in IoT devices and what safe practices could be followed to overcome any such issues in their projects/apps. The talk will even help bug hunters or penetration testers to gain insights on the approach we followed to uncover the vulnerability and scan for vulnerable instances at scale.