Abstract: Nowadays, hardware and operating system (OS) securities have become more robust, so hackers and researchers look for exploits in other areas such as firmware. Many IoT devices become vulnerable to cyber attacks because their firmware isn’t updated. One of the instances where we might have heard of firmware security is during the time of Mirai Botnet being widespread. Mirai Botnet infects devices by getting access to the device using default credentials. The question arises, how we can keep our IoT device safe from Mirai or ensure that they are not vulnerable. The basic agenda of this workshop is to aware of the security threats into the firmware. Additionally, this workshop will also share doable pointers on how you as a developer can avoid possible security issues in your IoT device at the firmware level. This workshop will take the approach of break it fixes it where the speaker would show techniques on how IoT devices are hacked in a real-world scenario at the firmware level. In addition to this, there will be a discussion on the various case studies of past attacks and common tools and methods used for exploitation. This workshop gives both the developers and the layman end-user an understanding of how a device can be exploited, especially focusing on products made in India.
Introduction: The Internet of Things is one of “the” upcoming trends nowadays. IoT Involves adding internet connectivity to a system of interrelated computing devices, mechanical and digital machines, objects and people to each other. Each thing is provided with unique identifiers and the ability to transfer data over a network without requiring human interaction. As the simple terms when we think of a typical day in the current world, it involves various helpful devices such as a smartwatch, smart refrigerator, wearable bands, fitness tracker, and more. There are two major things which have led us to a world where we are today, advancement in communication mediums and the advancement in the embedded device manufacturing ecosystem.Both, together have created an ecosystem where devices can talk to each other, share data and even performs actions automatically. With a growing number of devices both in our home and enterprise environment, it is now an inseparable part of our day-to-day existence. Every month there are hundreds of thousands of smart devices being connected to the internet and potentially being exposed to malicious attackers because there are a number of privacy and security concerns in those smart devices. There are roughly 8 billion devices connected to the internet as of now and by early 2020, it’s estimated that there will be 25 to 35 billion IoT devices worldwide, however, little added attention is being paid to the device’s security. Due to the rapid development of the IoT and the demand for more features by users, the process of updating the firmware of the things on the internet gained importance regarding its security. Updating the firmware means correcting bugs, adding new features, patching security, etc. If we think aboutsecurity we mainly think about protection against unauthorized access to the device and against threats from malware and the internet. Most of the IoT devices existing in the market are riddled with the security issue. It doesn’t mean that all the devices we saw in the store or online are vulnerable, it means that there are higher chances of the devices being vulnerable. The reason why so many IoT devices have security issues is that the Internet of things is a combination of several components,
These components are:
Hardware or the Embedded Devices
Web Application, Mobile application, and cloud Based Assets
Course Content (ToC):
Reversing and Exploiting Firmware is a unique workshop that offers security professionals the ability to assess the security of the firmware images. This workshop will demonstrate the actual hacking into the real firmware images and highlight the top vulnerabilities.