10-17, 12:30–12:50 (America/New_York), Track 4 (2104B)
Language: English
Everyone heard that home IoT is vulnerable with non-existing security. But what is the threat landscape of these devices? This talk will show how weaknesses at every layer can be exploited: wireless that can be sniffed or jammed, network-level attacks, application-level bugs, and hardware interfaces that yield firmware and keys. Drawing on practical results from real devices, I’ll demonstrate how even “consumer-grade” exploits can have severe impact, and how you can secure both your home and enterprises.
Everyone has heard the warning that consumer IoT devices are insecure. But what does that mean? What is the risk, impact, and probability for these attacks to target modern home automation?
This talk will map the threat landscape of smart plugs, cameras, and sensors, and other less expected devices that might reside on your network. This will show how weaknesses could exist at any layer of their design, and how attackers can exploit them in practice. These layers are wireless, network, application, and hardware.
For wireless, attackers might focus onWi-Fi, Zigbee, BLE, or proprietary RF protocols. What does generic jamming introduce? Network level attacks might attack APIs, poor encryption, default credentials, or outright intended functionality that can be destructive on the physical level. Application-level attacks might target mobile and web applications, and what does that mean for cloud integration? Finally, when hardware is discarded, what kind of information can be extracted? What can exposed debug ports, firmware, insecure storage can give an attacker direct your network, or even cloud accounts?
This talk will have some real world exploitation demos, and vulnerability breakdowns disclosed by the presenter. This will include recommendations, and what effort will be required if you want to ensure your insecure devices are properly defended.
Elysee Franchuk is a cybersecurity consultant and researcher with MOBIA Technology Innovations. He specializes in uncovering weaknesses across systems ranging from web applications and networks to hardware interfaces and firmware. Drawing on his experience in enterprise networks, penetration testing, programming, and vulnerability research, Elysee identifies emerging attack methods and translates those insights into actionable defense strategies for organizations.