Attacking and assessing IoT can easily miss the forest for the trees. However we need to be comprehensive in our methodology and not end up down a rabbit hole; we need to know how the wind affects each tree, but also the forest as a whole. We even need to make sure we consider the trailer park adjacent to the forest, which may not be quite as resilient to a tornado. We're here to pass along a methodology for testing all of the components of any end-to end IoT solution; from end user hardware, proprietary and standards-based RF (Zigbee, Zwave, BLE/Bluetooth and all sorts of modulation), Wi-Fi, network protocols, mobile device applications (Android and iOS), internet-connected servers, web applications and databases. Come learn how to build a testing lab, investigate some testing tools, and how to apply to a real world test.
Larry Pesce is employed at InGuardians as the Director of Research. His history with hardware hacking began with the family TV when he was a kid, rebuilding it after it caught on fire. Both times. Later, as a web developer for a university in the early days of the Internet, he managed some of the first 3 Layer Switching Networks in the world. His core specialties include hardware and wireless hacking, architectural review, and traditional pentesting, often in the financial and energy sectors and healthcare. and IoT. In 2006, he co-founded the multiple international award-winning security podcast, "Paul's Security Weekly", which he continues to co-host. Alongside inspiring 150,000 downloads a month, Larry’s independent research for the show has led to interviews with the New York times with MythBuster’s Adam Savage, hacking internet-connected marital aids on stage at DEFCON, and having his RFID implant cloned on stage at Shmoocon. When not hard at work, Larry enjoys long walks on the beach weighed down by his ham radio, (callsign KB1TNF), and thinking of ways to survive the pending zombie apocalypse.