Assessing IoT Surveillance Arlo
Offered By: YouTube
Course Description
Overview
Explore the vulnerabilities and security implications of IoT surveillance systems in this 24-minute conference talk from Derbycon 2019. Delve into the assessment of Arlo devices, examining their setup, components, and functionality. Uncover critical vulnerabilities, including CVE-2016-10115, and learn about initial scans, attack surfaces, and device teardown processes. Gain insights into connecting to serial interfaces, booting procedures, and authentication requirements. Discover methods for finding sensitive information, conducting config reconnaissance, and identifying running services. Investigate insufficient UART protections, plaintext data exposure, and networking misconfigurations. Understand camera snooping techniques, decryption routines, and encryption keys. Follow a timeline summary of the assessment and explore the implications of SIP interfaces in IoT surveillance systems.
Syllabus
Intro
Overview of Past Surveillance Systems
Why Arlo?
Device Setup
Components
Functionality
CVE-2016-10115
Initial Scans and Attack Surface
Device Teardown
Connecting to Serial
Booting
Authentication Required
Bootloader
CFE Save Command
Finding Goodies
Config Recon
Service Running
Primary Services
Insufficient UART Protections
Plaintext Goodies
Networking Misconfiguration
Camera Snooping
Decryption Routines and Keys
Timeline Summary
The damn SIP interface
Final Thoughts
Related Courses
A developer's guide to the Internet of Things (IoT)IBM via Coursera Enterprise and Infrastructure Security
New York University (NYU) via Coursera Getting Started with the Internet of Things (IoT)
Microsoft via edX AWS IoT: Developing and Deploying an Internet of Things
Amazon Web Services via edX Components And Applications Of Internet Of Things
Indian Institute of Technology Patna via Swayam