Over 14 years ago, Kevin Ashton was the first to coin the term "internet of things," and pointed out that data on the Internet is mostly created by humans. Things have changed considerably since 1999 - Lou Bega's Mambo No. 5 is no longer on the radio, many appliances ship with embedded systems that can be remotely monitored, and the smart home is something we're all excited for and terrified of.
Twine is a consumer device that provides remote environmental monitoring through a variety of sensors, such as moisture, temperature, vibration, etc... We will discuss our analysis of Twine, and will lead you through the steps taken to understand what's going on under the hood of a "black box" device. The audience will be introduced to the challenges faced, and to the different approaches that can be leveraged to understand (and exploit!) embedded devices (the fridge that tweets and similar devices). Topics include: capturing traffic on a non-proxy aware device, obtaining and reverse engineering the firmware, analyzing opaque binary traffic, emulating a Twine device and gaining console access via the debug serial port.