IoT thoughts: “Too Much Access Points – Exploitation Roundup” (2010)


Recent DDoS cases and the release of the Mirai botnet source code made clear, if needed at all, that insecure IoT devices can be a threat not only for their owners, but for the whole connected ecosystem.
Many security researchers were already aware of these potential threats, even before the “IoT wave” of the latest years.
The “wave” brought a name change from “network-connected embedded devices” to “IoT devices” and a constantly increasing frequency of “IoT threats” mentions. To the point that they have become a sort of a “mantra” in the security community and marketing departments.

The talks I gave in 2010 on Access Points exploitation already explored, in the context of APs, some of the advantages an attacker might gain when in control of such devices. With the proliferation of IoT devices now, those considerations are even more relevant and certainly not limited to APs only.
I realized that, although that research from 2010 is now outdated and fixes have been provided, those presentations might still be interesting for a glance into embedded exploitation and provide some insights which might still be useful today.
Unfortunately, they are not easily found on conference sites anymore. So, I decided to fill the gap and make them available here.

This posting also comes with an inner smile in seeing how and how much I personally evolved since those times.
Six years are definitely a significant amount of time.
…but I guess this happens to anybody peeking a bit back into his own past. 🙂

The slides of my presentation at Confidence 2010 can be found here:
CONFidence_2010_Too _much_Access_Points_-_Exploitation_Roundup_1.1
A condensed version of such slides has been presented in a 15-minutes lightning talk at HITB Amsterdam 2010.

The talk at SyScan 2010 encompassed the same topics, but demonstrated how remote exploitation of an internal LAN device could be performed by pivoting on a smartphone. URL shortening services and Social Networks perfectly fitted in the picture for such an attack scenario.
The slides of SyScan 2010 can be found here:
Syscan_10_Taipei_- _Too _much_Access_Points_-_Exploitation_Roundup

..and if you are still curious on these topics, you can dive in the posts of this blog, which provide further technical details.

Have fun!

Categories : IoT  Security