From smart home devices to smart cars, IoT actually gave us our “connected world”, but maybe not a “Safe” one. Imagine all your smart devices on your home network being controlled by someone on the other side of the world, your smart TVs, smart lights, baby monitors, routers, printers, workspace surveillance cameras, and literally everything else! This talk explores how the methods of manipulating domain name resolution can be used to exploit and remotely take over most of the connected devices in a private network. We will talk about how it can be used to scan a private network externally for IoT devices, and how it can put even private devices open to the public! We will cover some tools that can be used to takeover a device and exfiltrate the data of a victim under a minute with minimum user interaction. We demonstrate how the data can be exfiltrated and used to perform unwanted actions on the victim's devices from anywhere in the world. We furthermore, talk about methods of prevention and best practices that a developer and product designer can consider to protect their devices against such attacks. So if you're a pentester or a developer we've got something for everyone! Bio:
Get notified about new features and conference additions.