SlideShare a Scribd company logo

Weaponization of IoT

Jose L. Quiñones-Borrero
Jose L. Quiñones-Borrero

This document discusses the weaponization of IoT devices through malware like Mirai botnets and hacking tools. It provides details on common IoT devices that are vulnerable like the TP-Link TL-MR3020 router. It describes how to install custom firmware like OpenWRT and development boards like the ESP8266 that can be used to create Wi-Fi jammers or botnets. The document also mentions hacking tools and techniques for compromising wireless networks and devices.

Technology
1 of 17
Download to read offline
Weaponization of IoT Jose L. Quiñones, BSEET MCP, MCSA, RHSA, HIT, C|EH, C|EI C)PEH, C)M2I, GCIH, GPEN
… nope, this is not it.
Mirai Botnet Mirai (Japanese for "the future", 未来) is malware that turns computer systems running Linux into remotely controlled "bots", that can be used as part of a botnet in large-scale network attacks. It primarily targets online consumer devices such as remote cameras and home routers.
TP-Link TL-MR3020 • Mobile broadband (3G/3.75G) router. • 2.4GHz frequency. • 3G/WISP/AP connection modes. • Fast Ethernet port for WAN/LAN connections. • USB 2.0. • Mini-USB. • 64/128bit WEP. • WPA2
Custom Firmware - OpenWRT • OPKG Package Manager • Opkg attempts to resolve dependencies with packages in the repositories
Development boards
Kali Linux ARM images
“New” Kid on the block … ESP8266 • 32-bit RISC CPU: • 64 KiB of instruction RAM, 96 KiB of data RAM • External QSPI flash: 512 KiB to 4 MiB* (up to 16 MiB is supported) • IEEE 802.11 b/g/n Wi-Fi • Integrated TR switch, balun, LNA, power amplifier and matching network • WEP or WPA/WPA2 authentication, or open networks • 16 GPIO pins • I²S interfaces with DMA (sharing pins with GPIO) • UART on dedicated pins, plus a transmit- only UART can be enabled on GPIO2 • 10-bit ADC
ESP8266 Wi-Fi Jammer
Poisontap • emulates an Ethernet device over USB (or Thunderbolt) • hijacks all Internet traffic from the machine (despite being a low priority/unknown network interface) • siphons and stores HTTP cookies and sessions from the web browser for the Alexa top 1,000,000 websites • exposes the internal router to the attacker, making it accessible remotely via outbound WebSocket and DNS rebinding (thanks Matt Austin for rebinding idea!) • installs a persistent web-based backdoor in HTTP cache for hundreds of thousands of domains and common Javascript CDN URLs, all with access to the user’s cookies via cache poisoning • allows attacker to remotely force the user to make HTTP requests and proxy back responses (GET & POSTs) with the user’s cookies on any backdoored domain • does not require the machine to be unlocked • backdoors and remote access persist even after device is removed and attacker sashays away
Hack all the things! USB Killer LAN Turtle Bash Bunny
Wireless Tools • Ubertooth RF • HackRF One • FreakUSB (Zigbee) • WiFi Pineapple
Thanks! • josequinones@codefidelio.org • @josequinones • http://codefidelio.org • jquinones@obsidisconsortia.org • @obsidis_NGO • http://obsidisconsortia.org

Recommended

Cryto Party at CCU
Cryto Party at CCUCryto Party at CCU
Cryto Party at CCU
Jose L. Quiñones-Borrero
 
Incident response, Hacker Techniques and Countermeasures
Incident response, Hacker Techniques and CountermeasuresIncident response, Hacker Techniques and Countermeasures
Incident response, Hacker Techniques and Countermeasures
Jose L. Quiñones-Borrero
 
Network Exploitation
Network ExploitationNetwork Exploitation
Network Exploitation
UTD Computer Security Group
 
Tor project and Darknet Report
Tor project and Darknet ReportTor project and Darknet Report
Tor project and Darknet Report
Ahmed Mater
 
Introduction to Exploitation
Introduction to ExploitationIntroduction to Exploitation
Introduction to Exploitation
UTD Computer Security Group
 
Hacking Question and Answer
Hacking Question and Answer Hacking Question and Answer
Hacking Question and Answer
Greater Noida Institute Of Technology
 
cryptography deepan fav subject
cryptography deepan fav subjectcryptography deepan fav subject
cryptography deepan fav subject
deepan v
 
Hacking its types and the art of exploitation
Hacking its types and the art of exploitationHacking its types and the art of exploitation
Hacking its types and the art of exploitation
ShubhamChoudhary171
 

Recommended

Cryto Party at CCU
Cryto Party at CCUCryto Party at CCU
Cryto Party at CCU
Jose L. Quiñones-Borrero
 
Incident response, Hacker Techniques and Countermeasures
Incident response, Hacker Techniques and CountermeasuresIncident response, Hacker Techniques and Countermeasures
Incident response, Hacker Techniques and Countermeasures
Jose L. Quiñones-Borrero
 
Network Exploitation
Network ExploitationNetwork Exploitation
Network Exploitation
UTD Computer Security Group
 
Tor project and Darknet Report
Tor project and Darknet ReportTor project and Darknet Report
Tor project and Darknet Report
Ahmed Mater
 
Introduction to Exploitation
Introduction to ExploitationIntroduction to Exploitation
Introduction to Exploitation
UTD Computer Security Group
 
Hacking Question and Answer
Hacking Question and Answer Hacking Question and Answer
Hacking Question and Answer
Greater Noida Institute Of Technology
 
cryptography deepan fav subject
cryptography deepan fav subjectcryptography deepan fav subject
cryptography deepan fav subject
deepan v
 
Hacking its types and the art of exploitation
Hacking its types and the art of exploitationHacking its types and the art of exploitation
Hacking its types and the art of exploitation
ShubhamChoudhary171
 
Dark web
Dark webDark web
Dark web
aakshidhingra
 
Internet of Things - Breaking 20 devices in 20 minutes preview
Internet of Things - Breaking 20 devices in 20 minutes previewInternet of Things - Breaking 20 devices in 20 minutes preview
Internet of Things - Breaking 20 devices in 20 minutes preview
Swapnil Deshmukh
 
Computer networks and network security
Computer networks and network securityComputer networks and network security
Computer networks and network security
UTD Computer Security Group
 
CISSP Week 21
CISSP Week 21CISSP Week 21
CISSP Week 21jemtallon
 
CISSP Week 20
CISSP Week 20CISSP Week 20
CISSP Week 20jemtallon
 
Network ssecurity toolkit
Network ssecurity toolkitNetwork ssecurity toolkit
Network ssecurity toolkitأحلام انصارى
 
A Look Into Emerging Security Issues Within Cryptocurrency Ecosystems
A Look Into Emerging Security Issues Within Cryptocurrency EcosystemsA Look Into Emerging Security Issues Within Cryptocurrency Ecosystems
A Look Into Emerging Security Issues Within Cryptocurrency Ecosystems
Beau Bullock
 
Darknet
DarknetDarknet
Darknet
Shubham Dwivedi
 
Pa or die
Pa or diePa or die
Pa or die
Setia Juli Irzal Ismail
 
Hacker bootcamp
Hacker bootcampHacker bootcamp
Hacker bootcamp
Gregory Hanis
 
Eng12
Eng12Eng12
Eng12s1170029
 
Security Onion - Brief
Security Onion - BriefSecurity Onion - Brief
Security Onion - BriefAshley Deuble
 
Sw2 b12
Sw2 b12Sw2 b12
Sw2 b12Irvine_ps
 
Security Onion - Introduction
Security Onion - IntroductionSecurity Onion - Introduction
Security Onion - Introduction
n|u - The Open Security Community
 
Creds extraction
Creds extractionCreds extraction
Creds extraction
Ilan Mindel
 
Suricata: A Decade Under the Influence (of packet sniffing)
Suricata: A Decade Under the Influence (of packet sniffing)Suricata: A Decade Under the Influence (of packet sniffing)
Suricata: A Decade Under the Influence (of packet sniffing)
Jason Williams
 
UTD Computer Security Group - Cracking the domain
UTD Computer Security Group - Cracking the domainUTD Computer Security Group - Cracking the domain
UTD Computer Security Group - Cracking the domain
UTD Computer Security Group
 
Security Onion: Watching for Leeks
Security Onion: Watching for LeeksSecurity Onion: Watching for Leeks
Security Onion: Watching for Leeks
Kory Kyzar
 
Encrytion ppt
Encrytion pptEncrytion ppt
Encrytion ppt
Raj Sampat
 
Malware cryptomining uploadv3
Malware cryptomining uploadv3Malware cryptomining uploadv3
Malware cryptomining uploadv3
Setia Juli Irzal Ismail
 
Beginner’s Guide on How to Start Exploring IoT Security 1st Session
Beginner’s Guide on How to Start Exploring IoT Security 1st SessionBeginner’s Guide on How to Start Exploring IoT Security 1st Session
Beginner’s Guide on How to Start Exploring IoT Security 1st Session
veerababu penugonda(Mr-IoT)
 
Single chip computer for iot application
Single chip computer for iot application Single chip computer for iot application
Single chip computer for iot application
iotleague
 

More Related Content

What's hot

Dark web
Dark webDark web
Dark web
aakshidhingra
 
Internet of Things - Breaking 20 devices in 20 minutes preview
Internet of Things - Breaking 20 devices in 20 minutes previewInternet of Things - Breaking 20 devices in 20 minutes preview
Internet of Things - Breaking 20 devices in 20 minutes preview
Swapnil Deshmukh
 
Computer networks and network security
Computer networks and network securityComputer networks and network security
Computer networks and network security
UTD Computer Security Group
 
CISSP Week 21
CISSP Week 21CISSP Week 21
CISSP Week 21jemtallon
 
CISSP Week 20
CISSP Week 20CISSP Week 20
CISSP Week 20jemtallon
 
A Look Into Emerging Security Issues Within Cryptocurrency Ecosystems
A Look Into Emerging Security Issues Within Cryptocurrency EcosystemsA Look Into Emerging Security Issues Within Cryptocurrency Ecosystems
A Look Into Emerging Security Issues Within Cryptocurrency Ecosystems
Beau Bullock
 
Darknet
DarknetDarknet
Darknet
Shubham Dwivedi
 
Pa or die
Pa or diePa or die
Pa or die
Setia Juli Irzal Ismail
 
Hacker bootcamp
Hacker bootcampHacker bootcamp
Hacker bootcamp
Gregory Hanis
 
Security Onion - Brief
Security Onion - BriefSecurity Onion - Brief
Security Onion - BriefAshley Deuble
 
Security Onion - Introduction
Security Onion - IntroductionSecurity Onion - Introduction
Security Onion - Introduction
n|u - The Open Security Community
 
Creds extraction
Creds extractionCreds extraction
Creds extraction
Ilan Mindel
 
Suricata: A Decade Under the Influence (of packet sniffing)
Suricata: A Decade Under the Influence (of packet sniffing)Suricata: A Decade Under the Influence (of packet sniffing)
Suricata: A Decade Under the Influence (of packet sniffing)
Jason Williams
 
UTD Computer Security Group - Cracking the domain
UTD Computer Security Group - Cracking the domainUTD Computer Security Group - Cracking the domain
UTD Computer Security Group - Cracking the domain
UTD Computer Security Group
 
Security Onion: Watching for Leeks
Security Onion: Watching for LeeksSecurity Onion: Watching for Leeks
Security Onion: Watching for Leeks
Kory Kyzar
 
Encrytion ppt
Encrytion pptEncrytion ppt
Encrytion ppt
Raj Sampat
 
Malware cryptomining uploadv3
Malware cryptomining uploadv3Malware cryptomining uploadv3
Malware cryptomining uploadv3
Setia Juli Irzal Ismail
 

What's hot (20)

Dark web
Dark webDark web
Dark web
 
Internet of Things - Breaking 20 devices in 20 minutes preview
Internet of Things - Breaking 20 devices in 20 minutes previewInternet of Things - Breaking 20 devices in 20 minutes preview
Internet of Things - Breaking 20 devices in 20 minutes preview
 
Computer networks and network security
Computer networks and network securityComputer networks and network security
Computer networks and network security
 
CISSP Week 21
CISSP Week 21CISSP Week 21
CISSP Week 21
 
CISSP Week 20
CISSP Week 20CISSP Week 20
CISSP Week 20
 
Network ssecurity toolkit
Network ssecurity toolkitNetwork ssecurity toolkit
Network ssecurity toolkit
 
A Look Into Emerging Security Issues Within Cryptocurrency Ecosystems
A Look Into Emerging Security Issues Within Cryptocurrency EcosystemsA Look Into Emerging Security Issues Within Cryptocurrency Ecosystems
A Look Into Emerging Security Issues Within Cryptocurrency Ecosystems
 
Darknet
DarknetDarknet
Darknet
 
Pa or die
Pa or diePa or die
Pa or die
 
Hacker bootcamp
Hacker bootcampHacker bootcamp
Hacker bootcamp
 
Eng12
Eng12Eng12
Eng12
 
Security Onion - Brief
Security Onion - BriefSecurity Onion - Brief
Security Onion - Brief
 
Sw2 b12
Sw2 b12Sw2 b12
Sw2 b12
 
Security Onion - Introduction
Security Onion - IntroductionSecurity Onion - Introduction
Security Onion - Introduction
 
Creds extraction
Creds extractionCreds extraction
Creds extraction
 
Suricata: A Decade Under the Influence (of packet sniffing)
Suricata: A Decade Under the Influence (of packet sniffing)Suricata: A Decade Under the Influence (of packet sniffing)
Suricata: A Decade Under the Influence (of packet sniffing)
 
UTD Computer Security Group - Cracking the domain
UTD Computer Security Group - Cracking the domainUTD Computer Security Group - Cracking the domain
UTD Computer Security Group - Cracking the domain
 
Security Onion: Watching for Leeks
Security Onion: Watching for LeeksSecurity Onion: Watching for Leeks
Security Onion: Watching for Leeks
 
Encrytion ppt
Encrytion pptEncrytion ppt
Encrytion ppt
 
Malware cryptomining uploadv3
Malware cryptomining uploadv3Malware cryptomining uploadv3
Malware cryptomining uploadv3
 

Similar to Weaponization of IoT

Beginner’s Guide on How to Start Exploring IoT Security 1st Session
Beginner’s Guide on How to Start Exploring IoT Security 1st SessionBeginner’s Guide on How to Start Exploring IoT Security 1st Session
Beginner’s Guide on How to Start Exploring IoT Security 1st Session
veerababu penugonda(Mr-IoT)
 
Single chip computer for iot application
Single chip computer for iot application Single chip computer for iot application
Single chip computer for iot application
iotleague
 
Gab 2015 aymeric weinbach azure iot
Gab 2015 aymeric weinbach azure iot Gab 2015 aymeric weinbach azure iot
Gab 2015 aymeric weinbach azure iot Aymeric Weinbach
 
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
Santhosh Kumar
 
Detecting and Confronting Flash Attacks from IoT Botnets
Detecting and Confronting Flash Attacks from IoT BotnetsDetecting and Confronting Flash Attacks from IoT Botnets
Detecting and Confronting Flash Attacks from IoT Botnets
Farjad Noor
 
Internet of Things, Mobility & .Net Micro Framework SydMobNet March 2014
Internet of Things, Mobility & .Net Micro Framework SydMobNet March 2014Internet of Things, Mobility & .Net Micro Framework SydMobNet March 2014
Internet of Things, Mobility & .Net Micro Framework SydMobNet March 2014
Alec Tucker
 
2018 all lens bag of tricks v1.2
2018 all lens bag of tricks v1.22018 all lens bag of tricks v1.2
2018 all lens bag of tricks v1.2
Len Noe
 
RIOT: towards open source, secure DevOps on microcontroller-based IoT
RIOT: towards open source, secure DevOps on microcontroller-based IoTRIOT: towards open source, secure DevOps on microcontroller-based IoT
RIOT: towards open source, secure DevOps on microcontroller-based IoT
Alexandre Abadie
 
#OSSPARIS19 : RIOT: towards open source, secure DevOps on microcontroller-bas...
#OSSPARIS19 : RIOT: towards open source, secure DevOps on microcontroller-bas...#OSSPARIS19 : RIOT: towards open source, secure DevOps on microcontroller-bas...
#OSSPARIS19 : RIOT: towards open source, secure DevOps on microcontroller-bas...
Paris Open Source Summit
 
DDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT DevicesDDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT Devices
Seungjoo Kim
 
Mesh IoT Networks Explained
Mesh IoT Networks ExplainedMesh IoT Networks Explained
Mesh IoT Networks Explained
GlobalLogic Ukraine
 
Avast @ Machine Learning
Avast @ Machine LearningAvast @ Machine Learning
Avast @ Machine Learning
Avast
 
Presentation for IoT workshop at Sinhagad University (Feb 4, 2016) - 2/2
Presentation for IoT workshop at Sinhagad University (Feb 4, 2016) - 2/2Presentation for IoT workshop at Sinhagad University (Feb 4, 2016) - 2/2
Presentation for IoT workshop at Sinhagad University (Feb 4, 2016) - 2/2
Bhavin Chandarana
 
Global Azure boot camp 2015 - Microsoft IoT Solutions with Azure
Global Azure boot camp 2015 - Microsoft IoT Solutions with AzureGlobal Azure boot camp 2015 - Microsoft IoT Solutions with Azure
Global Azure boot camp 2015 - Microsoft IoT Solutions with Azure
Vinoth Rajagopalan
 
Cotopaxi - IoT testing toolkit (3rd release - Black Hat Europe 2019 Arsenal)
Cotopaxi - IoT testing toolkit (3rd release - Black Hat Europe 2019 Arsenal)Cotopaxi - IoT testing toolkit (3rd release - Black Hat Europe 2019 Arsenal)
Cotopaxi - IoT testing toolkit (3rd release - Black Hat Europe 2019 Arsenal)
Jakub Botwicz
 
IoT Security, Mirai Revisited
IoT Security, Mirai RevisitedIoT Security, Mirai Revisited
IoT Security, Mirai Revisited
Clare Nelson, CISSP, CIPP-E
 
20130226 How Personal Is Your Cloud?
20130226 How Personal Is Your Cloud?20130226 How Personal Is Your Cloud?
20130226 How Personal Is Your Cloud?
T.Rob Wyatt
 
Windows 10 IoT Core
Windows 10 IoT CoreWindows 10 IoT Core
Windows 10 IoT Core
Canada's Technology Triangle .NET User Group
 

Similar to Weaponization of IoT (20)

Beginner’s Guide on How to Start Exploring IoT Security 1st Session
Beginner’s Guide on How to Start Exploring IoT Security 1st SessionBeginner’s Guide on How to Start Exploring IoT Security 1st Session
Beginner’s Guide on How to Start Exploring IoT Security 1st Session
 
Single chip computer for iot application
Single chip computer for iot application Single chip computer for iot application
Single chip computer for iot application
 
Gab 2015 aymeric weinbach azure iot
Gab 2015 aymeric weinbach azure iot Gab 2015 aymeric weinbach azure iot
Gab 2015 aymeric weinbach azure iot
 
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
 
Detecting and Confronting Flash Attacks from IoT Botnets
Detecting and Confronting Flash Attacks from IoT BotnetsDetecting and Confronting Flash Attacks from IoT Botnets
Detecting and Confronting Flash Attacks from IoT Botnets
 
Internet of Things, Mobility & .Net Micro Framework SydMobNet March 2014
Internet of Things, Mobility & .Net Micro Framework SydMobNet March 2014Internet of Things, Mobility & .Net Micro Framework SydMobNet March 2014
Internet of Things, Mobility & .Net Micro Framework SydMobNet March 2014
 
2018 all lens bag of tricks v1.2
2018 all lens bag of tricks v1.22018 all lens bag of tricks v1.2
2018 all lens bag of tricks v1.2
 
RIOT: towards open source, secure DevOps on microcontroller-based IoT
RIOT: towards open source, secure DevOps on microcontroller-based IoTRIOT: towards open source, secure DevOps on microcontroller-based IoT
RIOT: towards open source, secure DevOps on microcontroller-based IoT
 
#OSSPARIS19 : RIOT: towards open source, secure DevOps on microcontroller-bas...
#OSSPARIS19 : RIOT: towards open source, secure DevOps on microcontroller-bas...#OSSPARIS19 : RIOT: towards open source, secure DevOps on microcontroller-bas...
#OSSPARIS19 : RIOT: towards open source, secure DevOps on microcontroller-bas...
 
DDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT DevicesDDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT Devices
 
Mesh IoT Networks Explained
Mesh IoT Networks ExplainedMesh IoT Networks Explained
Mesh IoT Networks Explained
 
Avast @ Machine Learning
Avast @ Machine LearningAvast @ Machine Learning
Avast @ Machine Learning
 
Presentation for IoT workshop at Sinhagad University (Feb 4, 2016) - 2/2
Presentation for IoT workshop at Sinhagad University (Feb 4, 2016) - 2/2Presentation for IoT workshop at Sinhagad University (Feb 4, 2016) - 2/2
Presentation for IoT workshop at Sinhagad University (Feb 4, 2016) - 2/2
 
Global Azure boot camp 2015 - Microsoft IoT Solutions with Azure
Global Azure boot camp 2015 - Microsoft IoT Solutions with AzureGlobal Azure boot camp 2015 - Microsoft IoT Solutions with Azure
Global Azure boot camp 2015 - Microsoft IoT Solutions with Azure
 
IoT and Its Application
IoT and Its ApplicationIoT and Its Application
IoT and Its Application
 
Cotopaxi - IoT testing toolkit (3rd release - Black Hat Europe 2019 Arsenal)
Cotopaxi - IoT testing toolkit (3rd release - Black Hat Europe 2019 Arsenal)Cotopaxi - IoT testing toolkit (3rd release - Black Hat Europe 2019 Arsenal)
Cotopaxi - IoT testing toolkit (3rd release - Black Hat Europe 2019 Arsenal)
 
098
098098
098
 
IoT Security, Mirai Revisited
IoT Security, Mirai RevisitedIoT Security, Mirai Revisited
IoT Security, Mirai Revisited
 
20130226 How Personal Is Your Cloud?
20130226 How Personal Is Your Cloud?20130226 How Personal Is Your Cloud?
20130226 How Personal Is Your Cloud?
 
Windows 10 IoT Core
Windows 10 IoT CoreWindows 10 IoT Core
Windows 10 IoT Core
 

More from Jose L. Quiñones-Borrero

Hacking blockchain
Hacking blockchainHacking blockchain
Hacking blockchain
Jose L. Quiñones-Borrero
 
Application Security: What do we need to know?
Application Security: What do we need to know?Application Security: What do we need to know?
Application Security: What do we need to know?
Jose L. Quiñones-Borrero
 
Security B Sides Puerto Rico - Weaponizing your Drone
Security B Sides Puerto Rico - Weaponizing your DroneSecurity B Sides Puerto Rico - Weaponizing your Drone
Security B Sides Puerto Rico - Weaponizing your Drone
Jose L. Quiñones-Borrero
 
CyberCrime attacks on Small Businesses
CyberCrime attacks on Small BusinessesCyberCrime attacks on Small Businesses
CyberCrime attacks on Small Businesses
Jose L. Quiñones-Borrero
 
Securing Your Business
Securing Your BusinessSecuring Your Business
Securing Your Business
Jose L. Quiñones-Borrero
 
InfoSec Gamification
InfoSec GamificationInfoSec Gamification
InfoSec Gamification
Jose L. Quiñones-Borrero
 
Privacy on the Internet - Init6 InfoSec August Meeting
Privacy on the Internet - Init6 InfoSec August MeetingPrivacy on the Internet - Init6 InfoSec August Meeting
Privacy on the Internet - Init6 InfoSec August Meeting
Jose L. Quiñones-Borrero
 
Pivoting Networks - CSSIG Presentation
Pivoting Networks - CSSIG PresentationPivoting Networks - CSSIG Presentation
Pivoting Networks - CSSIG Presentation
Jose L. Quiñones-Borrero
 
Hacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterHacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR Chapter
Jose L. Quiñones-Borrero
 
Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012
Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012
Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012
Jose L. Quiñones-Borrero
 
Security and Compliance Panel at the PR TechSummit 2013
Security and Compliance Panel at the PR TechSummit 2013Security and Compliance Panel at the PR TechSummit 2013
Security and Compliance Panel at the PR TechSummit 2013
Jose L. Quiñones-Borrero
 
InfoSec professional advice to university students
InfoSec professional advice to university students InfoSec professional advice to university students
InfoSec professional advice to university students
Jose L. Quiñones-Borrero
 
BYOD presentation Init 6 + ISSA PR Chapter joint meeting
BYOD presentation Init 6 + ISSA PR Chapter joint meetingBYOD presentation Init 6 + ISSA PR Chapter joint meeting
BYOD presentation Init 6 + ISSA PR Chapter joint meeting
Jose L. Quiñones-Borrero
 

More from Jose L. Quiñones-Borrero (13)

Hacking blockchain
Hacking blockchainHacking blockchain
Hacking blockchain
 
Application Security: What do we need to know?
Application Security: What do we need to know?Application Security: What do we need to know?
Application Security: What do we need to know?
 
Security B Sides Puerto Rico - Weaponizing your Drone
Security B Sides Puerto Rico - Weaponizing your DroneSecurity B Sides Puerto Rico - Weaponizing your Drone
Security B Sides Puerto Rico - Weaponizing your Drone
 
CyberCrime attacks on Small Businesses
CyberCrime attacks on Small BusinessesCyberCrime attacks on Small Businesses
CyberCrime attacks on Small Businesses
 
Securing Your Business
Securing Your BusinessSecuring Your Business
Securing Your Business
 
InfoSec Gamification
InfoSec GamificationInfoSec Gamification
InfoSec Gamification
 
Privacy on the Internet - Init6 InfoSec August Meeting
Privacy on the Internet - Init6 InfoSec August MeetingPrivacy on the Internet - Init6 InfoSec August Meeting
Privacy on the Internet - Init6 InfoSec August Meeting
 
Pivoting Networks - CSSIG Presentation
Pivoting Networks - CSSIG PresentationPivoting Networks - CSSIG Presentation
Pivoting Networks - CSSIG Presentation
 
Hacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR ChapterHacker risks presentation to ACFE PR Chapter
Hacker risks presentation to ACFE PR Chapter
 
Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012
Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012
Linux for Security Professionals (Tips and Tricks) - Init 6 10/2012
 
Security and Compliance Panel at the PR TechSummit 2013
Security and Compliance Panel at the PR TechSummit 2013Security and Compliance Panel at the PR TechSummit 2013
Security and Compliance Panel at the PR TechSummit 2013
 
InfoSec professional advice to university students
InfoSec professional advice to university students InfoSec professional advice to university students
InfoSec professional advice to university students
 
BYOD presentation Init 6 + ISSA PR Chapter joint meeting
BYOD presentation Init 6 + ISSA PR Chapter joint meetingBYOD presentation Init 6 + ISSA PR Chapter joint meeting
BYOD presentation Init 6 + ISSA PR Chapter joint meeting
 

Recently uploaded

How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 

Recently uploaded (20)

How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 

Weaponization of IoT

  • 1. Weaponization of IoT Jose L. Quiñones, BSEET MCP, MCSA, RHSA, HIT, C|EH, C|EI C)PEH, C)M2I, GCIH, GPEN
  • 2.
  • 3. … nope, this is not it.
  • 4. Mirai Botnet Mirai (Japanese for "the future", 未来) is malware that turns computer systems running Linux into remotely controlled "bots", that can be used as part of a botnet in large-scale network attacks. It primarily targets online consumer devices such as remote cameras and home routers.
  • 5.
  • 6.
  • 7. TP-Link TL-MR3020 • Mobile broadband (3G/3.75G) router. • 2.4GHz frequency. • 3G/WISP/AP connection modes. • Fast Ethernet port for WAN/LAN connections. • USB 2.0. • Mini-USB. • 64/128bit WEP. • WPA2
  • 8. Custom Firmware - OpenWRT • OPKG Package Manager • Opkg attempts to resolve dependencies with packages in the repositories
  • 10. Kali Linux ARM images
  • 11. “New” Kid on the block … ESP8266 • 32-bit RISC CPU: • 64 KiB of instruction RAM, 96 KiB of data RAM • External QSPI flash: 512 KiB to 4 MiB* (up to 16 MiB is supported) • IEEE 802.11 b/g/n Wi-Fi • Integrated TR switch, balun, LNA, power amplifier and matching network • WEP or WPA/WPA2 authentication, or open networks • 16 GPIO pins • I²S interfaces with DMA (sharing pins with GPIO) • UART on dedicated pins, plus a transmit- only UART can be enabled on GPIO2 • 10-bit ADC
  • 13.
  • 14. Poisontap • emulates an Ethernet device over USB (or Thunderbolt) • hijacks all Internet traffic from the machine (despite being a low priority/unknown network interface) • siphons and stores HTTP cookies and sessions from the web browser for the Alexa top 1,000,000 websites • exposes the internal router to the attacker, making it accessible remotely via outbound WebSocket and DNS rebinding (thanks Matt Austin for rebinding idea!) • installs a persistent web-based backdoor in HTTP cache for hundreds of thousands of domains and common Javascript CDN URLs, all with access to the user’s cookies via cache poisoning • allows attacker to remotely force the user to make HTTP requests and proxy back responses (GET & POSTs) with the user’s cookies on any backdoored domain • does not require the machine to be unlocked • backdoors and remote access persist even after device is removed and attacker sashays away
  • 15. Hack all the things! USB Killer LAN Turtle Bash Bunny
  • 16. Wireless Tools • Ubertooth RF • HackRF One • FreakUSB (Zigbee) • WiFi Pineapple
  • 17. Thanks! • josequinones@codefidelio.org • @josequinones • http://codefidelio.org • jquinones@obsidisconsortia.org • @obsidis_NGO • http://obsidisconsortia.org