IoT Village - Kicking Devices, Taking CVEs

Cite

DEF CON

Sarda, Sanjana

Formal Metadata

Title

IoT Village - Kicking Devices, Taking CVEs

Subtitle

Zoomer Guide to Hacking

Title of Series

DEF CON Safe Mode

Number of Parts

374

Author

Sarda, Sanjana

License

CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.

Identifiers

10.5446/50734 (DOI)

Publisher

DEF CON

Release Date

2020

Language

English

Content Metadata

Subject Area

Computer Science

Genre

Conference/Talk

Abstract

Do you ever play iSpy with the smart devices around you and wonder how easy it is to hack shit and get CVEs? In the Zoomer era, smart devices are extremely accessible, generally cheap and not very security focused. In this talk, Sarda (a fellow Zoomer) will walk the audience through the basic methodology, tooling, exploitation, and disclosure process used when hacking an IoT device. This talk will include a “livish” demo of the exploitation of 5 CVEs, including remote code execution and telnet access, discovered while researching the Tenda AC1900 router—which can be chained to provide persistent root shell access to the device