Exploring Security of IoT Devices
Ben Kero
Ben is a long-time Linux systems engineer and hacker who focuses on Devops topics, embedded Linux, and free software advocate.
Previously he has held positions designing and administering systems at the OSU Open Source Lab, Mozilla, and Red Hat. He specializes in Linux systems, configuration management, and continuous integration.
When he is not deploying and testing new computers he is riding his homemade electric bike, tuning the free software computer in his car, or rebuilding old ThinkPads.
Internet of Things devices are becoming increasingly common in our lives and in our homes. Connected sensors and controls are inexpensive and popular to buy online and in stores. Their sleek plastic shells promise a well designed package, but these devices can harbor surprising secrets.
With a 4-star rating from hundreds of reviewers on Amazon, a slick mobile app, and $99 price tag, the Reolink Argus 2 wireless camera seems to tick all the boxes for a savvy shopper. I bought one to use in my home, but after hearing horror stories about IoT devices I decided to open it up to see how it worked, and to investigate if the software was respecting my privacy and security.
This talk will share my discoveries in reverse engineering this device and explore the the implications for their design decisions. I'll go through contacting the vendor and trying to responsibly disclose my discoveries. I'll also share the resources that I've discovered and written to fix the security problems and make it a useful, more secure device.
- Date:
- 2018 November 10 - 15:00
- Duration:
- 50 min
- Room:
- Room 3184
- Conference:
- Seattle GNU/Linux Conference 2018
- Language:
- Track:
- Hardware, IoT
- Difficulty:
- Some experience required
- Client Side Video Editing - Lessons in WebAssembly and FFmpeg
- Start Time:
- 2018 November 10 15:00
- Room:
- Room 3180
- You got chocolate in my peanut butter! .NET on Mac & Linux
- Start Time:
- 2018 November 10 15:00
- Room:
- Room 3179
- Open Source DocOps: How Open Data Kit Writes, Tests, and Publishes Documentation
- Start Time:
- 2018 November 10 15:00
- Room:
- Room 3178
- Monitoring and Alerting: Knowing the Unknown
- Start Time:
- 2018 November 10 15:00
- Room:
- Room 3183