YoVDO

Smart Vacuum Cleaners as Remote Wiretapping Devices - Easterhegg - 2019

Offered By: media.ccc.de via YouTube

Tags

Conference Talks Courses Cybersecurity Courses Buffer Overflow Courses Privacy Courses IoT Device Security Courses Remote Code Execution Courses Firmware Analysis Courses Firmware Extraction Courses

Course Description

Overview

Explore the security vulnerabilities of smart vacuum cleaners in this conference talk from Easterhegg 2019. Dive into the process of exploiting Neato Botvac Connected firmware to control high-end vacuum cleaners. Learn about firmware extraction techniques, including overcoming proprietary chip layouts and QNX systems. Discover how buffer overflow vulnerabilities can lead to remote command execution with root privileges. Understand the implications of these security flaws on user privacy and home security. Follow the speakers' journey through firmware analysis, vulnerability identification, and exploit development, including their methods for overcoming obstacles in proof-of-concept creation. Gain insights into the potential risks associated with cloud-connected smart home devices and the importance of robust security measures in IoT products.

Syllabus

Intro
Infrastructure
Firmware Updates
Firmware Update Process
Serial Debug Port
Breaking QNX SDP 6.5 License Management
Boot Me If You Can #2
Extracting the Neato IFS
QNX Boot Process
Secure Boot Bypass (CVE-2018-20785)
"BlackBox" Logs & Coredumps
RC4 For Beginners (CVE-2018-17177)
Generating and Interpreting Coredumps
Buffer Overflow Vulnerability
Controllable Registers
Vulnerable Function
Vulnerability Root Cause
Determining Factors for the Exploit
Our Exploit
Implications
Root Remote Code Execution via Cloud (CVE-2018-19442)


Taught by

media.ccc.de

Related Courses

Software Design Threats and Mitigations
University of Colorado System via Coursera
Information Security - 5 - Secure Systems Engineering
Indian Institute of Technology Madras via Swayam
Unlocking Information Security I: From Cryptography to Buffer Overflows
Tel Aviv University via edX
Unlocking Information Security
Tel Aviv University via edX
Buffer Overflow Exploits (Arabic) | OSCP Preparation
Udemy