I run a lab inwhich I let a lot of computers, as well as networked "IoT" devices, phonehome, and then I use enterprise-level tools to decrypt and capture that TLS/SSL network traffic. In the past year, I've been observing a steady increase in the number of devices and services which flat-out refuse to let medecrypt their communications - an unequivocally Good Thing for privacy andsecurity. But I've also witnessed some disastrous problems, such as largecorporations, who should know better, behaving badly, using self-signedor expired certificates for critical sites used to, for instance, deliver firmware updates.
In this overview, I'll discuss the good, bad, and really, really ugly things I've learned about what, how, and to whom these devices communicate, and in some cases, the contents of those communications. I'll also provide an overview of the tools and techniques I've used to re-sign certificates and capture the decrypted data, including how (and why) you can (and probably should) do this yourself. Finally, I plan to offer my own manifesto to businesses large and small about how they should do a much better job at protecting the privacy of their customers.
Andrew Brandt is the Director of Threat Research for Symantec, whose previous employer was acquired in the past year. In his role, he runs a malware research lab in which he infects all manner of devices with malware andpermits the devices to phone home, in order to learn more about how, andto whom, malware communicates. Twitter handle of presenter(s): @threatresearch