1. Understand How Malware Can Infect IoT Devices

Ken Munro is a successful entrepreneur and is founder and partner in Pen Test Partners, a partnership of like-minded professional penetration testers all of whom have a stake in the business. He takes a key role in conducting investigations as well as encouraging team members to pursue their own research, the results of which are published on the company blog and in the wider media. Ken has a wealth of experience in penetration testing but it’s the systems and objects we come into contact with on an everyday basis that really pique his interest. This has seen him hack everything from hotel keycards, to cars and a range of Internet of Things (IoT) devices, from wearable tech to children’s toys (Cayla) and smart home control systems. Ken has been in the infosecurity business for 15 years.

Following the PoC of thermostat ransomware that Pen Test Partners showed at DefCon 24, this presentation digs deep into IoT devices and their “controlling” apps. We’ll walk you through the ransomware attack and then move onto general malware, which by-the-way has no easy method for detection. Even when firewalled correctly these devices are still vulnerable to local attacks, and we’ll show you how compromises can be achieved. We’ll also take a look at CSRF spraying, IoT equipment in public areas, supply chain tampering, and malicious firmware updates.

We want people to get maximum value from this session so we ask that everyone attending comes armed with questions and opinions, especially following the IoT DDoS botnet Mirai and the attack on Dyn.