SlideShare a Scribd company logo

RootedCon 2017 - Workshop: IoT Insecurity of Things?

Internet Security Auditors
Internet Security Auditors

En la presentación expuesta se puede apreciar los resultados de las auditorias efectuadas a los dispositivos Smart TV (LG 43uf6407, SAMSUNG UE32F5500AW, Panasonic TX-40CX680E) y la Barra de sonido OKI SB Media Player 1g. Durante el workshop se pudieron apreciar fugas de información en las cabeceras de respuesta, servicios expuestos y componentes desactualizados. En el caso de la Barra de sonido OKI y en todos los mediacenter InOut TV las carencias en seguridad son acentuadas, ya que disponen de servicios como XAMPP, con credenciales por defecto, esto sumado la falta de actualizaciones supone un potencial riesgo que ello conlleva. Durante la auditoría también se efectuó una captura del tráfico, llegando en algunos casos a enviar la lista total de canales sintonizados y el orden en que están ordenados en el Smart TV.

Internet
1 of 35
Download to read offline
Su Seguridad es Nuestro Éxito Marzo 2017 - Luis Enrique Benitez IoT Insecurity of Things?
3 © Internet Security Auditors Luis Enrique Benitez Quality Manager - Ethical Hacking & Vulnerability Assessment https://www.linkedin.com/in/luisbenitezj lebenitez@isecauditors.com
4 © Internet Security Auditors
55 © Internet Security Auditors
6 © Internet Security Auditors LG 43uf6407 TV LG LED de 43", Resolución 4K, Panel IPS, 900 HZ PMI, SmartTV (webOS 2.0) SAMSUNG UE32F5500AW TV SANSUMG de 32" Full HD Smart TV Wifi
7 © Internet Security Auditors Barra Sonido OKI Sb Media Player 1g Full HD 1080p, Sintonizador TDT Alta Definición, Sistema de sonido Dolby, Base para IPod / IPhone. Conexión a Internet mediante cable o WIF Panasonic TX-40CX680E TV LED 40" - Panasonic TX-40 CX680E, 4K Ultra HD, Firefox OS Quad Core
8 © Internet Security Auditors
9 © Internet Security Auditors
10 © Internet Security Auditors
11 © Internet Security Auditors
12 © Internet Security Auditors
13 © Internet Security Auditors
14 © Internet Security Auditors Samsung UE32F5500AW Puerto Servicio Versión 80 http Samsung Swift httpd 1.0 443 http Samsung Swift httpd 1.0 4443 Pharos 6000 X11 7676 upnp AllShare UPnP 52345 http Sansumg AllShare http 55000 unknown 55001 tcpwrapped
15 © Internet Security Auditors LG 43uf6407 10107 (4) - HTTP Server Type and Version Linux/i686 UPnP/1,0 DLNADOC/1.50 LGE WebOS TV/Version 0.9 friendlyName:[LG] webOS TV UF6407 manufacturer:LG Electronics. manufacturerURL:http://www.lge.com modelDescription:LG WebOSTV DMRplus modelName:LG TV modelNumber:1.0
16 © Internet Security Auditors LG 43uf6407 Puerto Servicio Versión 1113 upnp 1672 upnp 2026 upnp 2043 upnp 3000 http LG Smart TV http service 3001 http LG Smart TV http service 7778 Interwise 9955 Unknown 9998 http LG television page list http 18181 Opsec-cvp 36866 Unknown 43035 43036 43037 43038
17 © Internet Security Auditors LG 43uf6407 http://192.168.88.246:3000/ HTTP/1.1 200 OK Access-Control-Allow-Origin: * Date: Wed, 06 Jul 2016 10:18:13 GMT Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Last-Modified: Sun, 17 May 1998 03:00:00 GMT X-Content-Type-Options: nosniff Content-Type: image/gif Server: Golfe2 Content-Length: 35 Cache-Control: no-cache, no-store, must-revalidate Age: 282559 Respuesta:
18 © Internet Security Auditors Panasonic TX-40CX680E 58662 - Samba 3.x < 3.6.4 / 3.5.14 / 3.4.16 RPC Multiple Buffer Overflows 90508 - Samba 3.x < 4.2.10 / 4.2.x < 4.2.10 / 4.3.x < 4.3.7 / 4.4.x < 4.4.1 Multiple Vulnerabilities 76314 - Samba Unsupported Version Detection
19 © Internet Security Auditors OKI Sound 1G
20 © Internet Security Auditors 57825 (1) - PHP 5.3.9 'php_register_variable_ex()' Code Execution (banner check) 58987 (1) - PHP Unsupported Version Detection 60085 (1) - PHP 5.3.x < 5.3.15 Multiple Vulnerabilities 18037 (1) - XAMPP Default FTP Account 58183 (1) - Dropbear SSH Server Channel Concurrency Use-after-free Remote Code Execution 58988 (1) - PHP < 5.3.12 / 5.4.2 CGI Query String Code Execution 42263 (1) - Unencrypted Telnet Server 73289 (1) - PHP PHP_RSHUTDOWN_FUNCTION Security Bypass 34324 (1) - FTP Supports Cleartext Authentication OKI Sound 1G
21 © Internet Security Auditors OKI Sound 1G Puerto Servicio Versión 21 FTP Pure-TPDd 22 SSH Dropbear ssh 0.52 (protocol 2.0) 23 Telnet 80 http Lighttpd 81 http BusyBox http 7171 8082 Blackice-Alerts 9010 SDR 9020 Tambora
22 © Internet Security Auditors OKI Sound 1G inout TV mediacenter 4g
23 © Internet Security Auditors OKI Sound 1G inout TV mediacenter 4g
24 © Internet Security Auditors
25 © Internet Security Auditors
Canal IP Atreserie 52.28.85.115 BeMad 54.231.134.36 Discovery Max 46.31.56.161 La sexta HD 8.254.98.126 La sexta 8.254.98.126 Energy 54.231.134.100 Boing 54.231.134.100 La 1 72.247.210.17 La 2 72.247.210.17 24h 72.247.210.17 Clan 72.247.210.17 TV3 HD 8.254.36.126 Telecinco 54.231.136.13 Cuatro 54.231.136.13 Canal IP Cuatro HD 54.231.140.77 TV20 Terrassa 85.25.218.231 tdp 72.247.210.10 tdp HD 72.247.210.10 TV3 8.254.50.126 Super 3/33 137.117.170.224 3/24 8.254.50.126 Esport3 8.254.50.126 Canal Terrassa Valles 92.54.15.210 Disney Chanel 46.31.56.161 Paramount Chanel 46.31.56.161 FDF 54.231.136.13 Diviniti 54.231.140.77 Telecinco HD 54.231.140.77 Canales que envían información cuando se accede a ellos
Canal Antena3 Antena3 HD Neox Nova Mega 13TV 8TV Barça TV RAC105 EL PUNT AVUI MOLA TV TV SANT CUGAT DKISS TEN IB3 GLOBAL Rel Madrid TV Canales que No envían información cuando se accede a ellos
Canal C Telecinco 1 Cuatro 2 FDF 3 Diviniti 4 Telecinco HD 5 Cuatro HD 6 http://beacon.hbbtv.mediaset.es/topics/test?c=1|B49E0ABB9570335EB4A 64895EFA14CCB|k|{%22keyset%22:{%22ALPHA%22:512,%22BLUE%22:8,% 22GREEN%22:2,%22INFO%22:128,%22NAVIGATION%22:16,%22NUMERIC %22:256,%22SCROLL%22:64,%22VCR%22:32,%22RED%22:1,%22value%22: 0,%22YELLOW%22:4},%22currentChannel%22:{%22channelType%22:0,%22 ccid%22:%22ccid:23%22,%22dsd%22:%22Zu000bu0004)u0010@u001f %C2%81;%C3%BF%C3%BF%C3%BF%C3%BF%22,%22name%22:%22Telecin co%22,%22onid%22:8916,%22sid%22:186,%22tsid%22:16},%22channelList %22:%22Channel%20list%20items:%201:%20atreseries%20HD,%202:%20B eMad%20tv%20HD,%203:%20Realmadrid%20TV%20HD,%204:%20antena3 %20HD,%205:%20antena3,%206:%20laSexta%20HD,%207:%20laSexta,%20 8:%20neox,%209:%20nova,%2010:%20Energy,%2011:%20Boing,%2012:%2 0mega,%2013:%2013%20Tv%20Definitivo,%2014:%20La%201,%2015:%20L a%202,%2016:%2024h,%2017:%20Clan,%2018:%20La%201%20HD.,%2019 :%208TV,%2020:%20Bar%C3%A7a%20TV,%20%22} Petición Host: beacon.hbbtv.mediaset.es Origin: http://hbbtv.mediaset.es Accept-Language: en-us, en, fr, it User-Agent: Mozilla/5.0 (Unknown; Linux armv7l) AppleWebKit/537.1+ HbbTV/1.2.1 (+DRM; LGE; WEBOS2.0; 03.11.00; HE_DTV_W15B;) Referer: http://hbbtv.mediaset.es/hbbtv.xhtml?c=1 Accept: */* Accept-Encoding: gzip, deflate Connection: close Grupo de canales que información constantemente (cada 4 segundos) Entre los datos que envía está la lista de canales del TV y el orden en que el usuario los tiene ordenados en su dispositivo
29 © Internet Security Auditors Lo que nunca leemos pero todos aceptamos….
30 © Internet Security Auditors Seguridad / Privacidad
31 © Internet Security Auditors Seguridad / Privacidad
32 © Internet Security Auditors
33 © Internet Security Auditors
34 © Internet Security Auditors
35 © Internet Security Auditors

Recommended

Comelit 8501U Data Sheet
Comelit 8501U Data SheetComelit 8501U Data Sheet
Comelit 8501U Data SheetJMAC Supply
 
Equipamiento
EquipamientoEquipamiento
EquipamientoMargarita Zambrano
 
Cisco products bangladesh
Cisco products bangladeshCisco products bangladesh
Cisco products bangladeshTrimatrik Multimedia
 
Data sheet Peplink omni Antenna AC853
Data sheet Peplink omni Antenna AC853Data sheet Peplink omni Antenna AC853
Data sheet Peplink omni Antenna AC853HeadAdmin
 
St58 t8vc specification-www.ttbvs.com
St58 t8vc specification-www.ttbvs.comSt58 t8vc specification-www.ttbvs.com
St58 t8vc specification-www.ttbvs.comTTBVS
 
Điện thoại IP Temporis ip80 uk
Điện thoại IP Temporis ip80 ukĐiện thoại IP Temporis ip80 uk
Điện thoại IP Temporis ip80 ukwww.thegioitongdai .com.vn
 
Forti gate 280d-poe
Forti gate 280d-poeForti gate 280d-poe
Forti gate 280d-poeNicolas su
 
ComNet NWKED Data Sheet
ComNet NWKED Data SheetComNet NWKED Data Sheet
ComNet NWKED Data SheetJMAC Supply
 

Recommended

Comelit 8501U Data Sheet
Comelit 8501U Data SheetComelit 8501U Data Sheet
Comelit 8501U Data SheetJMAC Supply
 
Equipamiento
EquipamientoEquipamiento
EquipamientoMargarita Zambrano
 
Cisco products bangladesh
Cisco products bangladeshCisco products bangladesh
Cisco products bangladeshTrimatrik Multimedia
 
Data sheet Peplink omni Antenna AC853
Data sheet Peplink omni Antenna AC853Data sheet Peplink omni Antenna AC853
Data sheet Peplink omni Antenna AC853HeadAdmin
 
St58 t8vc specification-www.ttbvs.com
St58 t8vc specification-www.ttbvs.comSt58 t8vc specification-www.ttbvs.com
St58 t8vc specification-www.ttbvs.comTTBVS
 
Điện thoại IP Temporis ip80 uk
Điện thoại IP Temporis ip80 ukĐiện thoại IP Temporis ip80 uk
Điện thoại IP Temporis ip80 ukwww.thegioitongdai .com.vn
 
Forti gate 280d-poe
Forti gate 280d-poeForti gate 280d-poe
Forti gate 280d-poeNicolas su
 
ComNet NWKED Data Sheet
ComNet NWKED Data SheetComNet NWKED Data Sheet
ComNet NWKED Data SheetJMAC Supply
 
JCM STOCK LIST 2016
JCM STOCK LIST 2016JCM STOCK LIST 2016
JCM STOCK LIST 2016javed mukhtar
 
AWS VPC by hellocloud.io
AWS VPC by hellocloud.ioAWS VPC by hellocloud.io
AWS VPC by hellocloud.ioHello Cloud
 
Veracity VCS-4P1 Data Sheet
Veracity VCS-4P1 Data SheetVeracity VCS-4P1 Data Sheet
Veracity VCS-4P1 Data SheetJMAC Supply
 
Hacking a Professional Drone
Hacking a Professional DroneHacking a Professional Drone
Hacking a Professional DronePriyanka Aash
 
JACE8000
JACE8000JACE8000
JACE8000Adrian Hofmann
 
Seco Alarm System- Transmitter- Wireless Remote
Seco Alarm System- Transmitter- Wireless RemoteSeco Alarm System- Transmitter- Wireless Remote
Seco Alarm System- Transmitter- Wireless RemoteFPC Security
 
Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training ...
Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training ...Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training ...
Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training ...Jiunn-Jer Sun
 
AgriSECURE : Live Agricultural GPS Trac
AgriSECURE : Live Agricultural GPS TracAgriSECURE : Live Agricultural GPS Trac
AgriSECURE : Live Agricultural GPS TracJustin Bartholomew
 
T.vst29.03
T.vst29.03T.vst29.03
T.vst29.03Malik Arif
 
Srn 472 s-datasheet 15102014
Srn 472 s-datasheet 15102014Srn 472 s-datasheet 15102014
Srn 472 s-datasheet 15102014evi14
 
Make The Impossible Possible - Industrial PoE Brochure 2014
Make The Impossible Possible - Industrial PoE Brochure 2014Make The Impossible Possible - Industrial PoE Brochure 2014
Make The Impossible Possible - Industrial PoE Brochure 2014Jiunn-Jer Sun
 
Datasheet EnStationAC
Datasheet EnStationACDatasheet EnStationAC
Datasheet EnStationACEnGenius Europe
 
IP Advanced Radio System for hotels , stores , factories and hospitals
IP Advanced Radio System for hotels , stores , factories and hospitals IP Advanced Radio System for hotels , stores , factories and hospitals
IP Advanced Radio System for hotels , stores , factories and hospitals Loay Al Baba
 
Geniatech IoT solution for smart home and smart farming
Geniatech IoT solution for smart home and smart farmingGeniatech IoT solution for smart home and smart farming
Geniatech IoT solution for smart home and smart farmingGeniatech
 
Kenwood Catalogue
Kenwood CatalogueKenwood Catalogue
Kenwood CatalogueKentua Kayode
 
Wireless router hidden audio monitoring device (buy or rent)
Wireless router hidden audio monitoring device (buy or rent)Wireless router hidden audio monitoring device (buy or rent)
Wireless router hidden audio monitoring device (buy or rent)dplsurve
 
103881
103881103881
103881charles maina
 
ComNet CWGE2FE8MSPOE Data Sheet
ComNet CWGE2FE8MSPOE Data SheetComNet CWGE2FE8MSPOE Data Sheet
ComNet CWGE2FE8MSPOE Data SheetJMAC Supply
 
St5819 vc specification-www.ttbvs.com
St5819 vc specification-www.ttbvs.comSt5819 vc specification-www.ttbvs.com
St5819 vc specification-www.ttbvs.comTTBVS
 
Forti gate 200b poe
Forti gate 200b poeForti gate 200b poe
Forti gate 200b poeHuu Hieu
 
PCI DSS en la Nube
PCI DSS en la NubePCI DSS en la Nube
PCI DSS en la NubeInternet Security Auditors
 
OTT TV services on CE devices: feedback from the field
OTT TV services on CE devices: feedback from the fieldOTT TV services on CE devices: feedback from the field
OTT TV services on CE devices: feedback from the fieldErwan Nédellec
 

More Related Content

What's hot

AWS VPC by hellocloud.io
AWS VPC by hellocloud.ioAWS VPC by hellocloud.io
AWS VPC by hellocloud.ioHello Cloud
 
Veracity VCS-4P1 Data Sheet
Veracity VCS-4P1 Data SheetVeracity VCS-4P1 Data Sheet
Veracity VCS-4P1 Data SheetJMAC Supply
 
Hacking a Professional Drone
Hacking a Professional DroneHacking a Professional Drone
Hacking a Professional DronePriyanka Aash
 
Seco Alarm System- Transmitter- Wireless Remote
Seco Alarm System- Transmitter- Wireless RemoteSeco Alarm System- Transmitter- Wireless Remote
Seco Alarm System- Transmitter- Wireless RemoteFPC Security
 
Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training ...
Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training ...Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training ...
Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training ...Jiunn-Jer Sun
 
AgriSECURE : Live Agricultural GPS Trac
AgriSECURE : Live Agricultural GPS TracAgriSECURE : Live Agricultural GPS Trac
AgriSECURE : Live Agricultural GPS TracJustin Bartholomew
 
Srn 472 s-datasheet 15102014
Srn 472 s-datasheet 15102014Srn 472 s-datasheet 15102014
Srn 472 s-datasheet 15102014evi14
 
Make The Impossible Possible - Industrial PoE Brochure 2014
Make The Impossible Possible - Industrial PoE Brochure 2014Make The Impossible Possible - Industrial PoE Brochure 2014
Make The Impossible Possible - Industrial PoE Brochure 2014Jiunn-Jer Sun
 
IP Advanced Radio System for hotels , stores , factories and hospitals
IP Advanced Radio System for hotels , stores , factories and hospitals IP Advanced Radio System for hotels , stores , factories and hospitals
IP Advanced Radio System for hotels , stores , factories and hospitals Loay Al Baba
 
Geniatech IoT solution for smart home and smart farming
Geniatech IoT solution for smart home and smart farmingGeniatech IoT solution for smart home and smart farming
Geniatech IoT solution for smart home and smart farmingGeniatech
 
Wireless router hidden audio monitoring device (buy or rent)
Wireless router hidden audio monitoring device (buy or rent)Wireless router hidden audio monitoring device (buy or rent)
Wireless router hidden audio monitoring device (buy or rent)dplsurve
 
ComNet CWGE2FE8MSPOE Data Sheet
ComNet CWGE2FE8MSPOE Data SheetComNet CWGE2FE8MSPOE Data Sheet
ComNet CWGE2FE8MSPOE Data SheetJMAC Supply
 
St5819 vc specification-www.ttbvs.com
St5819 vc specification-www.ttbvs.comSt5819 vc specification-www.ttbvs.com
St5819 vc specification-www.ttbvs.comTTBVS
 
Forti gate 200b poe
Forti gate 200b poeForti gate 200b poe
Forti gate 200b poeHuu Hieu
 

What's hot (20)

JCM STOCK LIST 2016
JCM STOCK LIST 2016JCM STOCK LIST 2016
JCM STOCK LIST 2016
 
AWS VPC by hellocloud.io
AWS VPC by hellocloud.ioAWS VPC by hellocloud.io
AWS VPC by hellocloud.io
 
Veracity VCS-4P1 Data Sheet
Veracity VCS-4P1 Data SheetVeracity VCS-4P1 Data Sheet
Veracity VCS-4P1 Data Sheet
 
Hacking a Professional Drone
Hacking a Professional DroneHacking a Professional Drone
Hacking a Professional Drone
 
JACE8000
JACE8000JACE8000
JACE8000
 
Seco Alarm System- Transmitter- Wireless Remote
Seco Alarm System- Transmitter- Wireless RemoteSeco Alarm System- Transmitter- Wireless Remote
Seco Alarm System- Transmitter- Wireless Remote
 
Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training ...
Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training ...Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training ...
Protect Your DHCP Infrastructure from Cyber Attacks - Cybersecurity Training ...
 
AgriSECURE : Live Agricultural GPS Trac
AgriSECURE : Live Agricultural GPS TracAgriSECURE : Live Agricultural GPS Trac
AgriSECURE : Live Agricultural GPS Trac
 
T.vst29.03
T.vst29.03T.vst29.03
T.vst29.03
 
Srn 472 s-datasheet 15102014
Srn 472 s-datasheet 15102014Srn 472 s-datasheet 15102014
Srn 472 s-datasheet 15102014
 
Make The Impossible Possible - Industrial PoE Brochure 2014
Make The Impossible Possible - Industrial PoE Brochure 2014Make The Impossible Possible - Industrial PoE Brochure 2014
Make The Impossible Possible - Industrial PoE Brochure 2014
 
Datasheet EnStationAC
Datasheet EnStationACDatasheet EnStationAC
Datasheet EnStationAC
 
IP Advanced Radio System for hotels , stores , factories and hospitals
IP Advanced Radio System for hotels , stores , factories and hospitals IP Advanced Radio System for hotels , stores , factories and hospitals
IP Advanced Radio System for hotels , stores , factories and hospitals
 
Geniatech IoT solution for smart home and smart farming
Geniatech IoT solution for smart home and smart farmingGeniatech IoT solution for smart home and smart farming
Geniatech IoT solution for smart home and smart farming
 
Kenwood Catalogue
Kenwood CatalogueKenwood Catalogue
Kenwood Catalogue
 
Wireless router hidden audio monitoring device (buy or rent)
Wireless router hidden audio monitoring device (buy or rent)Wireless router hidden audio monitoring device (buy or rent)
Wireless router hidden audio monitoring device (buy or rent)
 
103881
103881103881
103881
 
ComNet CWGE2FE8MSPOE Data Sheet
ComNet CWGE2FE8MSPOE Data SheetComNet CWGE2FE8MSPOE Data Sheet
ComNet CWGE2FE8MSPOE Data Sheet
 
St5819 vc specification-www.ttbvs.com
St5819 vc specification-www.ttbvs.comSt5819 vc specification-www.ttbvs.com
St5819 vc specification-www.ttbvs.com
 
Forti gate 200b poe
Forti gate 200b poeForti gate 200b poe
Forti gate 200b poe
 

Viewers also liked

OTT TV services on CE devices: feedback from the field
OTT TV services on CE devices: feedback from the fieldOTT TV services on CE devices: feedback from the field
OTT TV services on CE devices: feedback from the fieldErwan Nédellec
 
Cambios de las versiones 3.2, Cuestionarios y Ecosistema de Normas PCI
Cambios de las versiones 3.2, Cuestionarios y Ecosistema de Normas PCICambios de las versiones 3.2, Cuestionarios y Ecosistema de Normas PCI
Cambios de las versiones 3.2, Cuestionarios y Ecosistema de Normas PCIInternet Security Auditors
 
Ncn2014. Vigilados: explotando las redes sociales para predecir nuestro compo...
Ncn2014. Vigilados: explotando las redes sociales para predecir nuestro compo...Ncn2014. Vigilados: explotando las redes sociales para predecir nuestro compo...
Ncn2014. Vigilados: explotando las redes sociales para predecir nuestro compo...Internet Security Auditors
 
Hackmeeting 2003: Métodos actuales de apropiación de dominios. Vicente Aguilera
Hackmeeting 2003: Métodos actuales de apropiación de dominios. Vicente AguileraHackmeeting 2003: Métodos actuales de apropiación de dominios. Vicente Aguilera
Hackmeeting 2003: Métodos actuales de apropiación de dominios. Vicente AguileraInternet Security Auditors
 
Curso de Práctica Operativa en Investigación. Módulo 5. Internet Security Aud...
Curso de Práctica Operativa en Investigación. Módulo 5. Internet Security Aud...Curso de Práctica Operativa en Investigación. Módulo 5. Internet Security Aud...
Curso de Práctica Operativa en Investigación. Módulo 5. Internet Security Aud...Internet Security Auditors
 
(ISC)2 Security Congress EMEA. You are being watched.
(ISC)2 Security Congress EMEA. You are being watched.(ISC)2 Security Congress EMEA. You are being watched.
(ISC)2 Security Congress EMEA. You are being watched.Internet Security Auditors
 
Cybercamp 2014. Tinfoleak: Analizando nuestras pautas y comportamientos a tr...
Cybercamp 2014. Tinfoleak: Analizando nuestras pautas y comportamientos a tr...Cybercamp 2014. Tinfoleak: Analizando nuestras pautas y comportamientos a tr...
Cybercamp 2014. Tinfoleak: Analizando nuestras pautas y comportamientos a tr...Internet Security Auditors
 
Catosfera 2016: Anàlisi de xarxes socials amb finalitats d'investigació: ris...
Catosfera 2016: Anàlisi de xarxes socials amb finalitats d'investigació: ris...Catosfera 2016: Anàlisi de xarxes socials amb finalitats d'investigació: ris...
Catosfera 2016: Anàlisi de xarxes socials amb finalitats d'investigació: ris...Internet Security Auditors
 
PERUHACK 2014: Cómo cumplir con PCI DSS...sin nombrarla
PERUHACK 2014: Cómo cumplir con PCI DSS...sin nombrarlaPERUHACK 2014: Cómo cumplir con PCI DSS...sin nombrarla
PERUHACK 2014: Cómo cumplir con PCI DSS...sin nombrarlaInternet Security Auditors
 
Overdrive Hacking Conference 2016 - Riesgos en el uso de las Redes Sociales (...
Overdrive Hacking Conference 2016 - Riesgos en el uso de las Redes Sociales (...Overdrive Hacking Conference 2016 - Riesgos en el uso de las Redes Sociales (...
Overdrive Hacking Conference 2016 - Riesgos en el uso de las Redes Sociales (...Internet Security Auditors
 
VI Foro Evidencias Electrónicas en la Investigación Policial. Análisis forens...
VI Foro Evidencias Electrónicas en la Investigación Policial. Análisis forens...VI Foro Evidencias Electrónicas en la Investigación Policial. Análisis forens...
VI Foro Evidencias Electrónicas en la Investigación Policial. Análisis forens...Internet Security Auditors
 
The (Io)Things you don't even need to hack. Should we worry?
The (Io)Things you don't even need to hack. Should we worry?The (Io)Things you don't even need to hack. Should we worry?
The (Io)Things you don't even need to hack. Should we worry?SecuRing
 
Kansallinen rekrytointitutkimus 2016
Kansallinen rekrytointitutkimus 2016Kansallinen rekrytointitutkimus 2016
Kansallinen rekrytointitutkimus 2016Thomas Grönholm
 
富蘭克林坦伯頓相關資料
富蘭克林坦伯頓相關資料富蘭克林坦伯頓相關資料
富蘭克林坦伯頓相關資料培峰 童
 
美元資訊運用
美元資訊運用美元資訊運用
美元資訊運用培峰 童
 

Viewers also liked (20)

PCI DSS en la Nube
PCI DSS en la NubePCI DSS en la Nube
PCI DSS en la Nube
 
OTT TV services on CE devices: feedback from the field
OTT TV services on CE devices: feedback from the fieldOTT TV services on CE devices: feedback from the field
OTT TV services on CE devices: feedback from the field
 
Cambios de las versiones 3.2, Cuestionarios y Ecosistema de Normas PCI
Cambios de las versiones 3.2, Cuestionarios y Ecosistema de Normas PCICambios de las versiones 3.2, Cuestionarios y Ecosistema de Normas PCI
Cambios de las versiones 3.2, Cuestionarios y Ecosistema de Normas PCI
 
CIBERSEG'16. Técnicas #OSINT
CIBERSEG'16. Técnicas #OSINTCIBERSEG'16. Técnicas #OSINT
CIBERSEG'16. Técnicas #OSINT
 
Ncn2014. Vigilados: explotando las redes sociales para predecir nuestro compo...
Ncn2014. Vigilados: explotando las redes sociales para predecir nuestro compo...Ncn2014. Vigilados: explotando las redes sociales para predecir nuestro compo...
Ncn2014. Vigilados: explotando las redes sociales para predecir nuestro compo...
 
Hackmeeting 2003: Métodos actuales de apropiación de dominios. Vicente Aguilera
Hackmeeting 2003: Métodos actuales de apropiación de dominios. Vicente AguileraHackmeeting 2003: Métodos actuales de apropiación de dominios. Vicente Aguilera
Hackmeeting 2003: Métodos actuales de apropiación de dominios. Vicente Aguilera
 
Curso de Práctica Operativa en Investigación. Módulo 5. Internet Security Aud...
Curso de Práctica Operativa en Investigación. Módulo 5. Internet Security Aud...Curso de Práctica Operativa en Investigación. Módulo 5. Internet Security Aud...
Curso de Práctica Operativa en Investigación. Módulo 5. Internet Security Aud...
 
(ISC)2 Security Congress EMEA. You are being watched.
(ISC)2 Security Congress EMEA. You are being watched.(ISC)2 Security Congress EMEA. You are being watched.
(ISC)2 Security Congress EMEA. You are being watched.
 
Cybercamp 2014. Tinfoleak: Analizando nuestras pautas y comportamientos a tr...
Cybercamp 2014. Tinfoleak: Analizando nuestras pautas y comportamientos a tr...Cybercamp 2014. Tinfoleak: Analizando nuestras pautas y comportamientos a tr...
Cybercamp 2014. Tinfoleak: Analizando nuestras pautas y comportamientos a tr...
 
Catosfera 2016: Anàlisi de xarxes socials amb finalitats d'investigació: ris...
Catosfera 2016: Anàlisi de xarxes socials amb finalitats d'investigació: ris...Catosfera 2016: Anàlisi de xarxes socials amb finalitats d'investigació: ris...
Catosfera 2016: Anàlisi de xarxes socials amb finalitats d'investigació: ris...
 
PERUHACK 2014: Cómo cumplir con PCI DSS...sin nombrarla
PERUHACK 2014: Cómo cumplir con PCI DSS...sin nombrarlaPERUHACK 2014: Cómo cumplir con PCI DSS...sin nombrarla
PERUHACK 2014: Cómo cumplir con PCI DSS...sin nombrarla
 
Overdrive Hacking Conference 2016 - Riesgos en el uso de las Redes Sociales (...
Overdrive Hacking Conference 2016 - Riesgos en el uso de las Redes Sociales (...Overdrive Hacking Conference 2016 - Riesgos en el uso de las Redes Sociales (...
Overdrive Hacking Conference 2016 - Riesgos en el uso de las Redes Sociales (...
 
VI Foro Evidencias Electrónicas en la Investigación Policial. Análisis forens...
VI Foro Evidencias Electrónicas en la Investigación Policial. Análisis forens...VI Foro Evidencias Electrónicas en la Investigación Policial. Análisis forens...
VI Foro Evidencias Electrónicas en la Investigación Policial. Análisis forens...
 
The (Io)Things you don't even need to hack. Should we worry?
The (Io)Things you don't even need to hack. Should we worry?The (Io)Things you don't even need to hack. Should we worry?
The (Io)Things you don't even need to hack. Should we worry?
 
Kansallinen rekrytointitutkimus 2016
Kansallinen rekrytointitutkimus 2016Kansallinen rekrytointitutkimus 2016
Kansallinen rekrytointitutkimus 2016
 
1227
12271227
1227
 
富蘭克林坦伯頓相關資料
富蘭克林坦伯頓相關資料富蘭克林坦伯頓相關資料
富蘭克林坦伯頓相關資料
 
Gente it
Gente itGente it
Gente it
 
美元資訊運用
美元資訊運用美元資訊運用
美元資訊運用
 
即時訊息
即時訊息即時訊息
即時訊息
 

Similar to RootedCon 2017 - Workshop: IoT Insecurity of Things?

2014 LG Commercial TV Catalogue
2014 LG Commercial TV Catalogue2014 LG Commercial TV Catalogue
2014 LG Commercial TV CatalogueLGAustralia
 
TikiLIVE White Label Set Top Box
TikiLIVE White Label Set Top BoxTikiLIVE White Label Set Top Box
TikiLIVE White Label Set Top BoxEyepartner
 
Chicony xa vi_profile_20160118
Chicony xa vi_profile_20160118Chicony xa vi_profile_20160118
Chicony xa vi_profile_20160118YC Pan
 
Chicony_XAVi_Profile_20160118
Chicony_XAVi_Profile_20160118Chicony_XAVi_Profile_20160118
Chicony_XAVi_Profile_20160118YC Pan
 
Setup VoIP System and Interconnection with LTE network
Setup VoIP System and Interconnection with LTE networkSetup VoIP System and Interconnection with LTE network
Setup VoIP System and Interconnection with LTE networkNazmul Hossain Rakib
 
KEDACOM - Recognitive IP video solutions
KEDACOM - Recognitive IP video solutionsKEDACOM - Recognitive IP video solutions
KEDACOM - Recognitive IP video solutionsKEDACOM
 
Presentazione Broadcast H.265 & H.264 Sematron Italia - Maggio 2016
Presentazione Broadcast H.265 & H.264 Sematron Italia - Maggio 2016Presentazione Broadcast H.265 & H.264 Sematron Italia - Maggio 2016
Presentazione Broadcast H.265 & H.264 Sematron Italia - Maggio 2016Sematron Italia S.r.l.
 
Wago perspecto brochure
Wago perspecto brochureWago perspecto brochure
Wago perspecto brochureElectromate
 
HITCON 2015: Your Lightbulb Is Not Hacking You: Observation from a Honeypot B...
HITCON 2015: Your Lightbulb Is Not Hacking You: Observation from a Honeypot B...HITCON 2015: Your Lightbulb Is Not Hacking You: Observation from a Honeypot B...
HITCON 2015: Your Lightbulb Is Not Hacking You: Observation from a Honeypot B...Philippe Lin
 
MA5800 FTTx System Overview huawei gpon.
MA5800 FTTx System Overview huawei gpon.MA5800 FTTx System Overview huawei gpon.
MA5800 FTTx System Overview huawei gpon.fauzihidayat28
 
Air Live FE-201DM - Especificaciones
Air Live FE-201DM - EspecificacionesAir Live FE-201DM - Especificaciones
Air Live FE-201DM - Especificacioneslcdtcorp
 
HIEON Best Security Solution
HIEON Best Security Solution HIEON Best Security Solution
HIEON Best Security Solution Hieon
 
WyreStorm: Next Level Digital HD Transmission
WyreStorm: Next Level Digital HD TransmissionWyreStorm: Next Level Digital HD Transmission
WyreStorm: Next Level Digital HD TransmissionrAVe [PUBS]
 
Outdoor 4G LTE CPE Installation Guide
Outdoor 4G LTE CPE Installation GuideOutdoor 4G LTE CPE Installation Guide
Outdoor 4G LTE CPE Installation GuideTerence Yong
 

Similar to RootedCon 2017 - Workshop: IoT Insecurity of Things? (20)

2014 LG Commercial TV Catalogue
2014 LG Commercial TV Catalogue2014 LG Commercial TV Catalogue
2014 LG Commercial TV Catalogue
 
TikiLIVE White Label Set Top Box
TikiLIVE White Label Set Top BoxTikiLIVE White Label Set Top Box
TikiLIVE White Label Set Top Box
 
Chicony xa vi_profile_20160118
Chicony xa vi_profile_20160118Chicony xa vi_profile_20160118
Chicony xa vi_profile_20160118
 
Chicony_XAVi_Profile_20160118
Chicony_XAVi_Profile_20160118Chicony_XAVi_Profile_20160118
Chicony_XAVi_Profile_20160118
 
Setup VoIP System and Interconnection with LTE network
Setup VoIP System and Interconnection with LTE networkSetup VoIP System and Interconnection with LTE network
Setup VoIP System and Interconnection with LTE network
 
productsheet
productsheetproductsheet
productsheet
 
KEDACOM - Recognitive IP video solutions
KEDACOM - Recognitive IP video solutionsKEDACOM - Recognitive IP video solutions
KEDACOM - Recognitive IP video solutions
 
Presentazione Broadcast H.265 & H.264 Sematron Italia - Maggio 2016
Presentazione Broadcast H.265 & H.264 Sematron Italia - Maggio 2016Presentazione Broadcast H.265 & H.264 Sematron Italia - Maggio 2016
Presentazione Broadcast H.265 & H.264 Sematron Italia - Maggio 2016
 
Wago perspecto brochure
Wago perspecto brochureWago perspecto brochure
Wago perspecto brochure
 
ZKTeco CCTV products Catalogue
ZKTeco CCTV products CatalogueZKTeco CCTV products Catalogue
ZKTeco CCTV products Catalogue
 
HITCON 2015: Your Lightbulb Is Not Hacking You: Observation from a Honeypot B...
HITCON 2015: Your Lightbulb Is Not Hacking You: Observation from a Honeypot B...HITCON 2015: Your Lightbulb Is Not Hacking You: Observation from a Honeypot B...
HITCON 2015: Your Lightbulb Is Not Hacking You: Observation from a Honeypot B...
 
MA5800 FTTx System Overview huawei gpon.
MA5800 FTTx System Overview huawei gpon.MA5800 FTTx System Overview huawei gpon.
MA5800 FTTx System Overview huawei gpon.
 
wecon catalogue
wecon cataloguewecon catalogue
wecon catalogue
 
1-150I11A352
1-150I11A3521-150I11A352
1-150I11A352
 
Air Live FE-201DM - Especificaciones
Air Live FE-201DM - EspecificacionesAir Live FE-201DM - Especificaciones
Air Live FE-201DM - Especificaciones
 
HIEON Best Security Solution
HIEON Best Security Solution HIEON Best Security Solution
HIEON Best Security Solution
 
pawach project.pptx
pawach project.pptxpawach project.pptx
pawach project.pptx
 
WyreStorm: Next Level Digital HD Transmission
WyreStorm: Next Level Digital HD TransmissionWyreStorm: Next Level Digital HD Transmission
WyreStorm: Next Level Digital HD Transmission
 
Outdoor 4G LTE CPE Installation Guide
Outdoor 4G LTE CPE Installation GuideOutdoor 4G LTE CPE Installation Guide
Outdoor 4G LTE CPE Installation Guide
 
Icecrypt
IcecryptIcecrypt
Icecrypt
 

More from Internet Security Auditors

Explotando los datos como materia prima del conocimiento
Explotando los datos como materia prima del conocimientoExplotando los datos como materia prima del conocimiento
Explotando los datos como materia prima del conocimientoInternet Security Auditors
 
XIII Jornadas STIC CCN-CERT. OSINT de la información a la inteligencia
XIII Jornadas STIC CCN-CERT. OSINT de la información a la inteligenciaXIII Jornadas STIC CCN-CERT. OSINT de la información a la inteligencia
XIII Jornadas STIC CCN-CERT. OSINT de la información a la inteligenciaInternet Security Auditors
 
Proceso de implementación de los sistemas de gestión ISO 27001 e ISO 22301
Proceso de implementación de los sistemas de gestión ISO 27001 e ISO 22301Proceso de implementación de los sistemas de gestión ISO 27001 e ISO 22301
Proceso de implementación de los sistemas de gestión ISO 27001 e ISO 22301Internet Security Auditors
 
Problemática de implementación de un SGSI o un SGCN en contact centers y BPOs
Problemática de implementación de un SGSI o un SGCN en contact centers y BPOsProblemática de implementación de un SGSI o un SGCN en contact centers y BPOs
Problemática de implementación de un SGSI o un SGCN en contact centers y BPOsInternet Security Auditors
 
PCI DSS en el Cloud: Transferencia Internacional Datos
PCI DSS en el Cloud: Transferencia Internacional DatosPCI DSS en el Cloud: Transferencia Internacional Datos
PCI DSS en el Cloud: Transferencia Internacional DatosInternet Security Auditors
 
Problematicas de PCI DSS en Contact Centers & BPO
Problematicas de PCI DSS en Contact Centers & BPOProblematicas de PCI DSS en Contact Centers & BPO
Problematicas de PCI DSS en Contact Centers & BPOInternet Security Auditors
 
Proteccion de Datos Personales: Conceptos, Sanciones, Metodologia
Proteccion de Datos Personales: Conceptos, Sanciones, MetodologiaProteccion de Datos Personales: Conceptos, Sanciones, Metodologia
Proteccion de Datos Personales: Conceptos, Sanciones, MetodologiaInternet Security Auditors
 
GigaTIC 2017 - Más allá del futuro: Negocio, tecnología y robótica. (Abril 2017)
GigaTIC 2017 - Más allá del futuro: Negocio, tecnología y robótica. (Abril 2017)GigaTIC 2017 - Más allá del futuro: Negocio, tecnología y robótica. (Abril 2017)
GigaTIC 2017 - Más allá del futuro: Negocio, tecnología y robótica. (Abril 2017)Internet Security Auditors
 
Conferencia sobre Protección de Datos (Bogotá): Errores comunes en la identif...
Conferencia sobre Protección de Datos (Bogotá): Errores comunes en la identif...Conferencia sobre Protección de Datos (Bogotá): Errores comunes en la identif...
Conferencia sobre Protección de Datos (Bogotá): Errores comunes en la identif...Internet Security Auditors
 
Conferencia sobre Protección de Datos (Bogotá): Aprendiendo de las Sanciones
Conferencia sobre Protección de Datos (Bogotá): Aprendiendo de las SancionesConferencia sobre Protección de Datos (Bogotá): Aprendiendo de las Sanciones
Conferencia sobre Protección de Datos (Bogotá): Aprendiendo de las SancionesInternet Security Auditors
 
CIBERSEG '15 - Taller: Ingeniería inversa en aplicaciones Android
CIBERSEG '15 - Taller: Ingeniería inversa en aplicaciones AndroidCIBERSEG '15 - Taller: Ingeniería inversa en aplicaciones Android
CIBERSEG '15 - Taller: Ingeniería inversa en aplicaciones AndroidInternet Security Auditors
 
NcN2015. Técnicas OSINT para investigadores de seguridad.
NcN2015. Técnicas OSINT para investigadores de seguridad.NcN2015. Técnicas OSINT para investigadores de seguridad.
NcN2015. Técnicas OSINT para investigadores de seguridad.Internet Security Auditors
 
Hack&beers 2015 - Vulnerabilidades animadas de ayer y hoy. Vicente Aguilera
Hack&beers 2015 - Vulnerabilidades animadas de ayer y hoy. Vicente AguileraHack&beers 2015 - Vulnerabilidades animadas de ayer y hoy. Vicente Aguilera
Hack&beers 2015 - Vulnerabilidades animadas de ayer y hoy. Vicente AguileraInternet Security Auditors
 
OWASP Europe Summit Portugal 2008. Web Application Assessments
OWASP Europe Summit Portugal 2008. Web Application AssessmentsOWASP Europe Summit Portugal 2008. Web Application Assessments
OWASP Europe Summit Portugal 2008. Web Application AssessmentsInternet Security Auditors
 

More from Internet Security Auditors (18)

Explotando los datos como materia prima del conocimiento
Explotando los datos como materia prima del conocimientoExplotando los datos como materia prima del conocimiento
Explotando los datos como materia prima del conocimiento
 
XIII Jornadas STIC CCN-CERT. OSINT de la información a la inteligencia
XIII Jornadas STIC CCN-CERT. OSINT de la información a la inteligenciaXIII Jornadas STIC CCN-CERT. OSINT de la información a la inteligencia
XIII Jornadas STIC CCN-CERT. OSINT de la información a la inteligencia
 
Proceso de implementación de los sistemas de gestión ISO 27001 e ISO 22301
Proceso de implementación de los sistemas de gestión ISO 27001 e ISO 22301Proceso de implementación de los sistemas de gestión ISO 27001 e ISO 22301
Proceso de implementación de los sistemas de gestión ISO 27001 e ISO 22301
 
Problemática de implementación de un SGSI o un SGCN en contact centers y BPOs
Problemática de implementación de un SGSI o un SGCN en contact centers y BPOsProblemática de implementación de un SGSI o un SGCN en contact centers y BPOs
Problemática de implementación de un SGSI o un SGCN en contact centers y BPOs
 
PCI DSS en el Cloud: Transferencia Internacional Datos
PCI DSS en el Cloud: Transferencia Internacional DatosPCI DSS en el Cloud: Transferencia Internacional Datos
PCI DSS en el Cloud: Transferencia Internacional Datos
 
Problematicas de PCI DSS en Contact Centers & BPO
Problematicas de PCI DSS en Contact Centers & BPOProblematicas de PCI DSS en Contact Centers & BPO
Problematicas de PCI DSS en Contact Centers & BPO
 
PCI DSS: Justificacion del Cumplimiento
PCI DSS: Justificacion del CumplimientoPCI DSS: Justificacion del Cumplimiento
PCI DSS: Justificacion del Cumplimiento
 
Proteccion de Datos Personales: Conceptos, Sanciones, Metodologia
Proteccion de Datos Personales: Conceptos, Sanciones, MetodologiaProteccion de Datos Personales: Conceptos, Sanciones, Metodologia
Proteccion de Datos Personales: Conceptos, Sanciones, Metodologia
 
GigaTIC 2017 - Más allá del futuro: Negocio, tecnología y robótica. (Abril 2017)
GigaTIC 2017 - Más allá del futuro: Negocio, tecnología y robótica. (Abril 2017)GigaTIC 2017 - Más allá del futuro: Negocio, tecnología y robótica. (Abril 2017)
GigaTIC 2017 - Más allá del futuro: Negocio, tecnología y robótica. (Abril 2017)
 
Conferencia sobre Protección de Datos (Bogotá): Errores comunes en la identif...
Conferencia sobre Protección de Datos (Bogotá): Errores comunes en la identif...Conferencia sobre Protección de Datos (Bogotá): Errores comunes en la identif...
Conferencia sobre Protección de Datos (Bogotá): Errores comunes en la identif...
 
Conferencia sobre Protección de Datos (Bogotá): Aprendiendo de las Sanciones
Conferencia sobre Protección de Datos (Bogotá): Aprendiendo de las SancionesConferencia sobre Protección de Datos (Bogotá): Aprendiendo de las Sanciones
Conferencia sobre Protección de Datos (Bogotá): Aprendiendo de las Sanciones
 
CIBERSEG '15 - Taller: Ingeniería inversa en aplicaciones Android
CIBERSEG '15 - Taller: Ingeniería inversa en aplicaciones AndroidCIBERSEG '15 - Taller: Ingeniería inversa en aplicaciones Android
CIBERSEG '15 - Taller: Ingeniería inversa en aplicaciones Android
 
NcN2015. Técnicas OSINT para investigadores de seguridad.
NcN2015. Técnicas OSINT para investigadores de seguridad.NcN2015. Técnicas OSINT para investigadores de seguridad.
NcN2015. Técnicas OSINT para investigadores de seguridad.
 
Hack&beers 2015 - Vulnerabilidades animadas de ayer y hoy. Vicente Aguilera
Hack&beers 2015 - Vulnerabilidades animadas de ayer y hoy. Vicente AguileraHack&beers 2015 - Vulnerabilidades animadas de ayer y hoy. Vicente Aguilera
Hack&beers 2015 - Vulnerabilidades animadas de ayer y hoy. Vicente Aguilera
 
OWASP Meeting. Tratamiento de Datos
OWASP Meeting. Tratamiento de DatosOWASP Meeting. Tratamiento de Datos
OWASP Meeting. Tratamiento de Datos
 
OWASP Europe Summit Portugal 2008. Web Application Assessments
OWASP Europe Summit Portugal 2008. Web Application AssessmentsOWASP Europe Summit Portugal 2008. Web Application Assessments
OWASP Europe Summit Portugal 2008. Web Application Assessments
 
OWASP Meeting. PCI DSS, un proceso continuo
OWASP Meeting. PCI DSS, un proceso continuoOWASP Meeting. PCI DSS, un proceso continuo
OWASP Meeting. PCI DSS, un proceso continuo
 
OWASP Meeting. Análisis de ECO
OWASP Meeting. Análisis de ECOOWASP Meeting. Análisis de ECO
OWASP Meeting. Análisis de ECO
 

Recently uploaded

Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012rehmti665
 
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With RoomVIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Roomgirls4nights
 
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsRadiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsstephieert
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girladitipandeya
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Roomishabajaj13
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)Damian Radcliffe
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service PuneVIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service PuneCall girls in Ahmedabad High profile
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...Diya Sharma
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...aditipandeya
 
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Callshivangimorya083
 
Russian Call Girls Thane Swara 8617697112 Independent Escort Service Thane
Russian Call Girls Thane Swara 8617697112 Independent Escort Service ThaneRussian Call Girls Thane Swara 8617697112 Independent Escort Service Thane
Russian Call Girls Thane Swara 8617697112 Independent Escort Service ThaneCall girls in Ahmedabad High profile
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...APNIC
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGAPNIC
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirtrahman018755
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Dana Luther
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Roomdivyansh0kumar0
 

Recently uploaded (20)

Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
 
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With RoomVIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
 
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsRadiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girls
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
 
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service PuneVIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
 
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
 
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
 
Russian Call Girls Thane Swara 8617697112 Independent Escort Service Thane
Russian Call Girls Thane Swara 8617697112 Independent Escort Service ThaneRussian Call Girls Thane Swara 8617697112 Independent Escort Service Thane
Russian Call Girls Thane Swara 8617697112 Independent Escort Service Thane
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
 
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICECall Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
 

RootedCon 2017 - Workshop: IoT Insecurity of Things?

  • 1. Su Seguridad es Nuestro Éxito Marzo 2017 - Luis Enrique Benitez IoT Insecurity of Things?
  • 2.
  • 3. 3 © Internet Security Auditors Luis Enrique Benitez Quality Manager - Ethical Hacking & Vulnerability Assessment https://www.linkedin.com/in/luisbenitezj lebenitez@isecauditors.com
  • 4. 4 © Internet Security Auditors
  • 5. 55 © Internet Security Auditors
  • 6. 6 © Internet Security Auditors LG 43uf6407 TV LG LED de 43", Resolución 4K, Panel IPS, 900 HZ PMI, SmartTV (webOS 2.0) SAMSUNG UE32F5500AW TV SANSUMG de 32" Full HD Smart TV Wifi
  • 7. 7 © Internet Security Auditors Barra Sonido OKI Sb Media Player 1g Full HD 1080p, Sintonizador TDT Alta Definición, Sistema de sonido Dolby, Base para IPod / IPhone. Conexión a Internet mediante cable o WIF Panasonic TX-40CX680E TV LED 40" - Panasonic TX-40 CX680E, 4K Ultra HD, Firefox OS Quad Core
  • 8. 8 © Internet Security Auditors
  • 9. 9 © Internet Security Auditors
  • 10. 10 © Internet Security Auditors
  • 11. 11 © Internet Security Auditors
  • 12. 12 © Internet Security Auditors
  • 13. 13 © Internet Security Auditors
  • 14. 14 © Internet Security Auditors Samsung UE32F5500AW Puerto Servicio Versión 80 http Samsung Swift httpd 1.0 443 http Samsung Swift httpd 1.0 4443 Pharos 6000 X11 7676 upnp AllShare UPnP 52345 http Sansumg AllShare http 55000 unknown 55001 tcpwrapped
  • 15. 15 © Internet Security Auditors LG 43uf6407 10107 (4) - HTTP Server Type and Version Linux/i686 UPnP/1,0 DLNADOC/1.50 LGE WebOS TV/Version 0.9 friendlyName:[LG] webOS TV UF6407 manufacturer:LG Electronics. manufacturerURL:http://www.lge.com modelDescription:LG WebOSTV DMRplus modelName:LG TV modelNumber:1.0
  • 16. 16 © Internet Security Auditors LG 43uf6407 Puerto Servicio Versión 1113 upnp 1672 upnp 2026 upnp 2043 upnp 3000 http LG Smart TV http service 3001 http LG Smart TV http service 7778 Interwise 9955 Unknown 9998 http LG television page list http 18181 Opsec-cvp 36866 Unknown 43035 43036 43037 43038
  • 17. 17 © Internet Security Auditors LG 43uf6407 http://192.168.88.246:3000/ HTTP/1.1 200 OK Access-Control-Allow-Origin: * Date: Wed, 06 Jul 2016 10:18:13 GMT Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Last-Modified: Sun, 17 May 1998 03:00:00 GMT X-Content-Type-Options: nosniff Content-Type: image/gif Server: Golfe2 Content-Length: 35 Cache-Control: no-cache, no-store, must-revalidate Age: 282559 Respuesta:
  • 18. 18 © Internet Security Auditors Panasonic TX-40CX680E 58662 - Samba 3.x < 3.6.4 / 3.5.14 / 3.4.16 RPC Multiple Buffer Overflows 90508 - Samba 3.x < 4.2.10 / 4.2.x < 4.2.10 / 4.3.x < 4.3.7 / 4.4.x < 4.4.1 Multiple Vulnerabilities 76314 - Samba Unsupported Version Detection
  • 19. 19 © Internet Security Auditors OKI Sound 1G
  • 20. 20 © Internet Security Auditors 57825 (1) - PHP 5.3.9 'php_register_variable_ex()' Code Execution (banner check) 58987 (1) - PHP Unsupported Version Detection 60085 (1) - PHP 5.3.x < 5.3.15 Multiple Vulnerabilities 18037 (1) - XAMPP Default FTP Account 58183 (1) - Dropbear SSH Server Channel Concurrency Use-after-free Remote Code Execution 58988 (1) - PHP < 5.3.12 / 5.4.2 CGI Query String Code Execution 42263 (1) - Unencrypted Telnet Server 73289 (1) - PHP PHP_RSHUTDOWN_FUNCTION Security Bypass 34324 (1) - FTP Supports Cleartext Authentication OKI Sound 1G
  • 21. 21 © Internet Security Auditors OKI Sound 1G Puerto Servicio Versión 21 FTP Pure-TPDd 22 SSH Dropbear ssh 0.52 (protocol 2.0) 23 Telnet 80 http Lighttpd 81 http BusyBox http 7171 8082 Blackice-Alerts 9010 SDR 9020 Tambora
  • 22. 22 © Internet Security Auditors OKI Sound 1G inout TV mediacenter 4g
  • 23. 23 © Internet Security Auditors OKI Sound 1G inout TV mediacenter 4g
  • 24. 24 © Internet Security Auditors
  • 25. 25 © Internet Security Auditors
  • 26. Canal IP Atreserie 52.28.85.115 BeMad 54.231.134.36 Discovery Max 46.31.56.161 La sexta HD 8.254.98.126 La sexta 8.254.98.126 Energy 54.231.134.100 Boing 54.231.134.100 La 1 72.247.210.17 La 2 72.247.210.17 24h 72.247.210.17 Clan 72.247.210.17 TV3 HD 8.254.36.126 Telecinco 54.231.136.13 Cuatro 54.231.136.13 Canal IP Cuatro HD 54.231.140.77 TV20 Terrassa 85.25.218.231 tdp 72.247.210.10 tdp HD 72.247.210.10 TV3 8.254.50.126 Super 3/33 137.117.170.224 3/24 8.254.50.126 Esport3 8.254.50.126 Canal Terrassa Valles 92.54.15.210 Disney Chanel 46.31.56.161 Paramount Chanel 46.31.56.161 FDF 54.231.136.13 Diviniti 54.231.140.77 Telecinco HD 54.231.140.77 Canales que envían información cuando se accede a ellos
  • 27. Canal Antena3 Antena3 HD Neox Nova Mega 13TV 8TV Barça TV RAC105 EL PUNT AVUI MOLA TV TV SANT CUGAT DKISS TEN IB3 GLOBAL Rel Madrid TV Canales que No envían información cuando se accede a ellos
  • 28. Canal C Telecinco 1 Cuatro 2 FDF 3 Diviniti 4 Telecinco HD 5 Cuatro HD 6 http://beacon.hbbtv.mediaset.es/topics/test?c=1|B49E0ABB9570335EB4A 64895EFA14CCB|k|{%22keyset%22:{%22ALPHA%22:512,%22BLUE%22:8,% 22GREEN%22:2,%22INFO%22:128,%22NAVIGATION%22:16,%22NUMERIC %22:256,%22SCROLL%22:64,%22VCR%22:32,%22RED%22:1,%22value%22: 0,%22YELLOW%22:4},%22currentChannel%22:{%22channelType%22:0,%22 ccid%22:%22ccid:23%22,%22dsd%22:%22Zu000bu0004)u0010@u001f %C2%81;%C3%BF%C3%BF%C3%BF%C3%BF%22,%22name%22:%22Telecin co%22,%22onid%22:8916,%22sid%22:186,%22tsid%22:16},%22channelList %22:%22Channel%20list%20items:%201:%20atreseries%20HD,%202:%20B eMad%20tv%20HD,%203:%20Realmadrid%20TV%20HD,%204:%20antena3 %20HD,%205:%20antena3,%206:%20laSexta%20HD,%207:%20laSexta,%20 8:%20neox,%209:%20nova,%2010:%20Energy,%2011:%20Boing,%2012:%2 0mega,%2013:%2013%20Tv%20Definitivo,%2014:%20La%201,%2015:%20L a%202,%2016:%2024h,%2017:%20Clan,%2018:%20La%201%20HD.,%2019 :%208TV,%2020:%20Bar%C3%A7a%20TV,%20%22} Petición Host: beacon.hbbtv.mediaset.es Origin: http://hbbtv.mediaset.es Accept-Language: en-us, en, fr, it User-Agent: Mozilla/5.0 (Unknown; Linux armv7l) AppleWebKit/537.1+ HbbTV/1.2.1 (+DRM; LGE; WEBOS2.0; 03.11.00; HE_DTV_W15B;) Referer: http://hbbtv.mediaset.es/hbbtv.xhtml?c=1 Accept: */* Accept-Encoding: gzip, deflate Connection: close Grupo de canales que información constantemente (cada 4 segundos) Entre los datos que envía está la lista de canales del TV y el orden en que el usuario los tiene ordenados en su dispositivo
  • 29. 29 © Internet Security Auditors Lo que nunca leemos pero todos aceptamos….
  • 30. 30 © Internet Security Auditors Seguridad / Privacidad
  • 31. 31 © Internet Security Auditors Seguridad / Privacidad
  • 32. 32 © Internet Security Auditors
  • 33. 33 © Internet Security Auditors
  • 34. 34 © Internet Security Auditors
  • 35. 35 © Internet Security Auditors