Presentation Material

Abstract

As IoT becomes more integral to our lives, the need to secure them grows. One thing the security industry isn’t talking very often is - IoT security. We talk very often about application security but very rarely we talk about security in Hardware or in particular security in IoT. With application security, you as a penetration tester is confronted with a Windows or a Linux server, or a web application or even a TCP/UDP protocols. But with IoT penetration testing, you have very uncommon architectures like ARM, PowerPC, MIPS, etc. Sometimes, you are even confronted with communication protocols like ZigBee, BLE, NFC, RFID, etc and to make it more complex, many times hardware device manufacturers do have their custom RF frequencies. These require new expertise and severals toolsets which are very uncommon. It is no wonder that traditional penetration testers can get completely lost in the world of embedded devices security and their protocols. This talk is going to be a helpful resource to help you become IoT Penetration tester. In this talk, attendees will get an opportunity to learn about the potential risks and vulnerabilities carried by IoT systems. They will also get to learn about IoT security best practice and guidelines. You will learn how to build & secure a connected IoT platform and attack from a hacker’s perspective. Also, I will be sharing the secrets that no one tells you about penetrating the IoT device, which I have learned over the years working as IoT and Mobile application security analyst.