ABSTRACT:
The Internet of Things (IoT) is the next Internet revolution that aims at
interconnecting devices that we use on a daily basis e.g. household
appliances, wearables, cars, cameras, and sensors. Enabling the IoT can be
done by introducing new smart devices, or by equipping legacy devices with
sensors to accommodate them with smart capabilities. But how secure are these
IoT appliances? And why limit yourself to commercial off-the-shelf devices if
you can design and build them yourself?
Our workshop will (1) guide all participants through all steps that are
required to build their own Internet of Things enabling embedded systems and
(2) give an introduction on the assessment of security and exploitation of
vulnerabilities in embedded systems.
Our, very practically oriented, workshop will consist of a presentation that
briefly explains all required steps to build and assess the security of
embedded systems and a guided hands-on lab session in which all participants
will actually program and exploit their own basic, but smart temperature
sensor.
The presentation will provide the participants with all the means to design their own IoT-enabling embedded systems and will focus on how to transfer ideas into real plans and designs. We will elaborate on how to gather information on the required electronics, where to buy them, how to use their datasheets and we will even teach the audience how they can design, print and test their ideas on self-designed PCBs. Topped off with some of our lessons learned and practical tips 'n tricks, the main presentation will provide the audience with everything they need to know to start building.
The guided and hands-on lab session will even take everything a step further. We will provide the participants with an already assembled version of the smart temperature sensor we have designed during the presentation and we will go into writing and flashing our own bare-metal ARM firmware.
After we have all successfully created our first embedded system, we will move towards a basic firmware analysis and exploitation session by flashing our temperature sensor board with custom made, but vulnerable firmware. This will allow us to assess our embedded system by reverse engineering the firmware with Radare and gdb and exploit it using basic shellcode.
WORKSHOP REQUIREMENTS:
PLEASE BRING THE FOLLOWING HARDWARE TO THE WORKSHOP:
- LAPTOP CAPABLE TO BOOT FROM USB (PREFERRED!) OR RUN VIRTUAL MACHINES (e.g.
via VirtualBox)
- 2 MINI USB CABLES
- 2 AVAILABLE USB PORTS
- IF POSSIBLE: USB-TO-SERIAL ADAPTER (e.g. http://ebay.to/2a595mP or
http://bit.ly/2a1fUY4)
(we will bring our personal stock to provide adapters for 25 participants, so
bring yours if you have one yourself)
If you would not be capable to bring 2 usb cables and/or a usb-to-serial adapter, there will be a possibility to borrow one from our personal stock (a small security deposit of 10 USD might be asked). We only have usb cables/usb- to-serial adapters for 25 participants, so please bring yours if you have one.
Vulnerable temperature board
The hands-on workshop requires, next to what is listed above, a smart, but
vulnerable, temperature sensor board. As these are custom build (based on an
ARM development board (http://bit.ly/29StwW0) and our own PCB+components), we
will provide them for you. Again, a small security deposit of 40 USD will be
asked at the start of the workshop (so make sure you have some cash). This
also gives you the possibility to keep/buy the development and victim boards
for 40 USD after the workshop.
As we only have 40 of them, the hands-on workshop part of this workshop will be limited to 40 participants (first come, first serve).
Jens is a Senior Technology Consultant within the Advisory service line of PwC since September 2014.At PwC, Jens is involved in a wide variety of more technical assignments with a focus on IoT and mobile. Prior to joining PwC, Jens obtained a degree in Civil Engineering with a Master in Information- and Communications Technology at Ghent University and has developed his social and management skills as a group leader at his local youth movement. In his spare time, Jens spends a lot of time volunteering.