Weaponization of IoT
-
Upload
jose-l-quinones-borrero -
Category
Technology
-
view
82 -
download
0
Transcript of Weaponization of IoT
![Page 1: Weaponization of IoT](https://reader031.fdocuments.net/reader031/viewer/2022021815/5a65c7197f8b9a3d248b457b/html5/thumbnails/1.jpg)
Weaponization of IoT
Jose L. Quiñones, BSEETMCP, MCSA, RHSA, HIT, C|EH, C|EI C)PEH, C)M2I, GCIH, GPEN
![Page 2: Weaponization of IoT](https://reader031.fdocuments.net/reader031/viewer/2022021815/5a65c7197f8b9a3d248b457b/html5/thumbnails/2.jpg)
![Page 3: Weaponization of IoT](https://reader031.fdocuments.net/reader031/viewer/2022021815/5a65c7197f8b9a3d248b457b/html5/thumbnails/3.jpg)
… nope, this is not it.
![Page 4: Weaponization of IoT](https://reader031.fdocuments.net/reader031/viewer/2022021815/5a65c7197f8b9a3d248b457b/html5/thumbnails/4.jpg)
Mirai Botnet
Mirai (Japanese for "the future", 未来) is malware that turns computer systems running Linux into remotely controlled "bots", that can be used as part of a botnet in large-scale network attacks. It primarily targets online consumer devices such as remote cameras and home routers.
![Page 5: Weaponization of IoT](https://reader031.fdocuments.net/reader031/viewer/2022021815/5a65c7197f8b9a3d248b457b/html5/thumbnails/5.jpg)
![Page 6: Weaponization of IoT](https://reader031.fdocuments.net/reader031/viewer/2022021815/5a65c7197f8b9a3d248b457b/html5/thumbnails/6.jpg)
![Page 7: Weaponization of IoT](https://reader031.fdocuments.net/reader031/viewer/2022021815/5a65c7197f8b9a3d248b457b/html5/thumbnails/7.jpg)
TP-Link TL-MR3020
• Mobile broadband (3G/3.75G) router.
• 2.4GHz frequency.• 3G/WISP/AP connection modes.• Fast Ethernet port for WAN/LAN
connections.• USB 2.0.• Mini-USB.• 64/128bit WEP.• WPA2
![Page 8: Weaponization of IoT](https://reader031.fdocuments.net/reader031/viewer/2022021815/5a65c7197f8b9a3d248b457b/html5/thumbnails/8.jpg)
Custom Firmware - OpenWRT
• OPKG Package Manager• Opkg attempts to resolve dependencies
with packages in the repositories
![Page 9: Weaponization of IoT](https://reader031.fdocuments.net/reader031/viewer/2022021815/5a65c7197f8b9a3d248b457b/html5/thumbnails/9.jpg)
Development boards
![Page 10: Weaponization of IoT](https://reader031.fdocuments.net/reader031/viewer/2022021815/5a65c7197f8b9a3d248b457b/html5/thumbnails/10.jpg)
Kali Linux ARM images
![Page 11: Weaponization of IoT](https://reader031.fdocuments.net/reader031/viewer/2022021815/5a65c7197f8b9a3d248b457b/html5/thumbnails/11.jpg)
“New” Kid on the block … ESP8266
• 32-bit RISC CPU:• 64 KiB of instruction RAM, 96 KiB of data
RAM• External QSPI flash: 512 KiB to 4 MiB* (up
to 16 MiB is supported)• IEEE 802.11 b/g/n Wi-Fi• Integrated TR switch, balun, LNA, power
amplifier and matching network• WEP or WPA/WPA2 authentication, or
open networks• 16 GPIO pins• I²S interfaces with DMA (sharing pins with
GPIO)• UART on dedicated pins, plus a transmit-
only UART can be enabled on GPIO2• 10-bit ADC
![Page 12: Weaponization of IoT](https://reader031.fdocuments.net/reader031/viewer/2022021815/5a65c7197f8b9a3d248b457b/html5/thumbnails/12.jpg)
ESP8266 Wi-Fi Jammer
![Page 13: Weaponization of IoT](https://reader031.fdocuments.net/reader031/viewer/2022021815/5a65c7197f8b9a3d248b457b/html5/thumbnails/13.jpg)
![Page 14: Weaponization of IoT](https://reader031.fdocuments.net/reader031/viewer/2022021815/5a65c7197f8b9a3d248b457b/html5/thumbnails/14.jpg)
Poisontap
• emulates an Ethernet device over USB (or Thunderbolt)
• hijacks all Internet traffic from the machine (despite being a low priority/unknown network
interface)
• siphons and stores HTTP cookies and sessions from the web browser for the Alexa top
1,000,000 websites
• exposes the internal router to the attacker, making it accessible remotely via outbound
WebSocket and DNS rebinding (thanks Matt Austin for rebinding idea!)
• installs a persistent web-based backdoor in HTTP cache for hundreds of thousands of
domains and common Javascript CDN URLs, all with access to the user’s cookies via
cache poisoning
• allows attacker to remotely force the user to make HTTP requests and proxy back
responses (GET & POSTs) with the user’s cookies on any backdoored domain
• does not require the machine to be unlocked
• backdoors and remote access persist even after device is removed and attacker sashays
away
![Page 15: Weaponization of IoT](https://reader031.fdocuments.net/reader031/viewer/2022021815/5a65c7197f8b9a3d248b457b/html5/thumbnails/15.jpg)
Hack all the things!
USB Killer LAN Turtle Bash Bunny
![Page 16: Weaponization of IoT](https://reader031.fdocuments.net/reader031/viewer/2022021815/5a65c7197f8b9a3d248b457b/html5/thumbnails/16.jpg)
Wireless Tools
• Ubertooth RF
• HackRF One
• FreakUSB (Zigbee)
• WiFi Pineapple
![Page 17: Weaponization of IoT](https://reader031.fdocuments.net/reader031/viewer/2022021815/5a65c7197f8b9a3d248b457b/html5/thumbnails/17.jpg)
Thanks!
• @josequinones
• http://codefidelio.org
• @obsidis_NGO
• http://obsidisconsortia.org