[AREA 41] Reversing Internet of Things from Mobile Applications
Those slides were presented at Area 41, (Zurich, Switzerland) June 10, 2016
Video of the talk:
Internet of Things (IoT) are not a hype: they are already here and
growing, Despite concerns on their security and privacy - IDC predicted
that in two years 90% of IT networks s will have an IoT-based security
breach - not so many security researchers are investigating the field
yet. The (likely) reason for this status is that the reverse engineering
of IoT is difficult. Indeed, nearly each product has its own custom
hardware, firmware, operating system, protocols etc. Consequently, the
first few steps are painful: gather the equipment,
start research with close to no help from the community (no tools,
documentation...).
However, there is an easier way in: IoT often come with a mobile
companion application. That’s where to focus your initial efforts,
because the app contains lots of valuable information. That’s what I did
with several devices (Recon Jet smart glasses, a house safety alarm of
Meian etc). Very fruitful! The reverse engineering of the mobile apps
was fruitful beyond expectations! Hardware details,interactions with the
devices, where to place protection against viruses, and discovery of
vulnerabilities ;)