https://bishopfox.com - As smart home technology becomes increasingly mainstream, the market has seen a surge in low-cost IoT devices flooding platforms like Amazon. Many of these products are backed by lesser-known manufacturers, often overseas, that prioritize rapid deployment and market share over security and long-term support. This trend has led to a growing number of insecure devices being integrated into home networks, exposing users to significant privacy and security risks.
What We’ll Cover: - How to get started in IoT security research and what skills or tools are most valuable - A walkthrough of prior IoT research that led to the discovery and responsible disclosure of new 0-day vulnerabilities - Practical testing techniques for identifying critical vulnerabilities in consumer IoT devices - Step-by-step approaches to analyzing firmware, hardware components, and companion mobile applications - How device-focused research can uncover hidden API vulnerabilities that typical web assessments often miss
Chapters 00:00 - Introduction to IoT Security 01:33 - The Importance of IoT Security 07:13 - Understanding IoT Ecosystems 09:15 - Key Protocols in IoT Communication 14:18 - Setting Up an IoT Testing Lab 22:41 - Vulnerability Identification Methodology 26:50 - Analyzing Mobile Applications 29:01 - Device Disassembly and Chip Analysis 31:21 - Firmware Extraction Techniques 34:08 - Identifying Vulnerabilities in IoT Devices 36:34 - Understanding Firmware Reverse Engineering 42:38 - Exploiting Vulnerabilities in MQTT Protocol 47:19 - Responsible Disclosure Timeline 49:04 - Prior Research on Authorization Issues 51:17 - Q&A Session: Addressing Audience Questions 55:47 - Navigating Communication with Companies 57:02 - Final Thoughts and Additional Resources
