IOT web of intrigue

THOTCON 0x8

Presented by: Jason Kent
Date: Thursday May 04, 2017
Time: 13:00 - 13:50
Location: Track 1
Track: Talk

Everyone is afraid of IOT and its insecure protocols and communications that leak out data like Wifi Passwords in the clear. But have we done enough experimentation with the web side of this menace? In this talk we will look at the Web Services side of IOT and the protocols and communications that are there, gotta be safer ... right? What are we really doing when we start using IOT device mobile apps in our daily lives? What happens when the normal app communication and protocols aren't really designed or built with security in mind? These and some other questions will be addressed with example communication and protocol captures along with some standard pen-testing results to point out who's doing it right and a little schadenfreude on who isn't. We will dwell on the technical and learn how to instrument ourselves so we all can test these things and provide feedback to those that need it. I will also cover a responsible disclosure I went through with an IOT company and what that looks and feels like for them.

Jason Kent

Jason Kent is an information security and web application security professional with 20 years in IT. Jason's curiosity has led him to responsible disclosures, web security automation as well as product development for some of the largest security organizations. If you have a web security problem, api security concerns or simple curiosity, Jason is happy to help navigate the waters of the waves the Internet can bring.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats