- CXO Track
- For You
- Horror Stories from Hacker World
- Resume Clinic
- Goa 2020
- Cristofaro Mune
PwdLess: Exploitation Tales from RouterLand
The talk leads the audience on a journey in an attacker mindset, techniques, and choices while targeting a real consumer IoT device. A wide range of techniques are used: Fuzzing, Reverse engineering, Code injection, Exploit development in constrained environments.
Full remote control of the target is achieved in multiple ways, allowing to discuss common patterns in IoT device security. Previously undisclosed vulnerabilities are discussed and demonstrated on stage. The research has been performed under specific constraints, hinting that, under some conditions, remote execution can be achieved even in very short timeframes.
Finally, the research allows touching upon the security challenges posed by supply chains, device obsolescence, and security support.
Cristofaro has 15+ years of experience in SW & HW security assessment of highly secure products. He has given talks at renown security conferences, like BlackHat, BlueHat, HITB, hardwear.io, on Fault Injection, TEEs, White-Box cryptography, IoT exploitation and mobile security.