Company: Pen Test Partners
Role in Company: Senior Partner
Country: United Kingdom
Following the PoC of thermostat ransomware that Pen Test Partners showed at DefCon 24, this presentation digs deep into IoT devices and their “controlling” apps. We’ll walk you through the ransomware attack and then move onto general malware, which by-the-way has no easy method for detection. Even when firewalled correctly these devices are still vulnerable to local attacks, and we’ll show you how compromises can be achieved. We’ll also take a look at CSRF spraying, IoT equipment in public areas, supply chain tampering, and malicious firmware updates.
We want people to get maximum value from this session so we ask that everyone attending comes armed with questions and opinions, especially following the IoT DDoS botnet Mirai and the attack on Dyn.