IoT Village

by Independent Security Evaluators

What Is the IoT Village?

IoT Village advocates for advancing security in the Internet of Things (IoT) industry through bringing researchers and industry together. IoT Village hosts talks by expert security researchers, interactive hacking labs, live bug hunting in the latest IoT tech, and competitive IoT hacking contests. Over the years IoT Village has served as a platform to showcase and uncover hundreds of new vulnerabilities, giving attendees the opportunity to learn about the most innovative techniques to both hack and secure IoT. IoT Village is organized by security consulting and research firm, Independent Security Evaluators (ISE), and the non-profit organization, Village Idiot Labs (VIL).

Follow both ISE (@ISEsecurity) and IoT Village (@IoTvillage) on Twitter for updates.

Check out the official IoT Village Store for all your IoT Village swag!

IoT Hacking 101

IoT Hacking 101 is a set of quick, hands-on labs developed to teach the tools and techniques for discovering and exploiting some of the common weaknesses found in IoT devices today.  Whether you’re a penetration tester that has never hacked IoT devices or even someone that has never hacked anything(!), these self-guided labs will walk you through all the steps from analyzing router firmware, finding hidden backdoors, enumerating devices and performing remote exploits.  Students work at their own pace following our IoT Hacking 101 guides, and instructors are on hand to provide assistance as needed and answer any questions.

Talks

These talks will be broadcast on Brella at the IoT Village booth and on the IoT Village Twitch

 

 18th November 19:00 GMT +4

 Kicking Devices and Taking CVEs : The Zoomer’s Guide to Hacking Shit

Sanjana Sarda

Sanjana Sarda is a Junior Security Analyst at Independent Security Evaluators and is a rising Electrical Engineering senior at UCLA. She is primarily focused on Cryptography, IoT and Hardware Security and hiding from her dog. Sarda has been researching various IoT devices and has discovered several CVEs. Her research has been covered by publications such as Motherboard, the Daily Swig, and ISMG.

Do you ever play iSpy with the smart devices around you and wonder how easy it is to hack shit and get CVEs? In the Zoomer era, smart devices are extremely accessible, generally cheap and not very security focused. In this talks, Sarda (a fellow Zoomer) will walk the audience through the basic methodology, tooling, exploitation, and disclosure process used when hacking an IoT device. This talk will include a “lavish” demo of the exploitation of 5 CVEs, including remote code execution and telnet access, discovered while researching the Tenda AC 1900 router- which can be chained to provide persistent root shell access to the device.

 19th November 19:00 GMT +4

Trying to be Heard in All This Noise: An Overview of Low Power Communications Used in Smart Cities

Trevor Stevado

The global installed base of low-power IoT devices rose by 110% from 2018 to 2019, reaching 231M devices and shows no sign of slowing down. Powering this growth is the rise of Smart Cities. But how are these devices, often spread out over large distances, being connected back to a city’s network infrastructure? What is LPWAN and how does it work? Is any of this secure? Join t1v0 from IoT Village as he dives into four major LPWAN technologies and discusses what makes them tick, and how a hacker might make them tock.

ISE is an independent security consulting firm headquartered in Baltimore, Maryland dedicated to securing high value assets for global enterprises and performing groundbreaking security research. Using an adversary-centric perspective driven by our elite team of analysts and developers, we improve our clients’ overall security posture, protect digital assets, harden existing technologies, secure infrastructures, and work with development teams to ensure product security prior to deployment.