IoT Village - "Mixing industrial protocols with web applications flaws in order to exploit devices in the internet"

Cite

DEF CON

Bervis, Bertin

Formal Metadata

Title

IoT Village - "Mixing industrial protocols with web applications flaws in order to exploit devices in the internet"

Alternative Title

Mixing industrial protocols with web application security

Title of Series

DEF CON 27

Number of Parts

335

Author

Bervis, Bertin

License

CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.

Identifiers

10.5446/48866 (DOI)

Publisher

DEF CON

Release Date

2019

Language

English

Content Metadata

Subject Area

Computer Science

Genre

Conference/Talk

Abstract

In this talk i'm going to explain in detail a new technique to achieve javascript code persistence in web applications from devices using the Bacnet protocol (building automation) in the underlying device protocol/web app arquitecture. A remote attacker is able to inject javascript code in the Bacnet device abusing the read/write properties from the Bacnet protocol itself, the code is going to be stored in the Bacnet database helping the attacker to achieve persistence in the victim browser, we are talking about devices that operates in building enviroments or industrial facilities , the posibility to jump from that point to another point in the industrial network using this particular vector is really high.