Smart Vacuum Cleaners as Remote Wiretapping Devices - Easterhegg - 2019
Offered By: media.ccc.de via YouTube
Course Description
Overview
Explore the security vulnerabilities of smart vacuum cleaners in this conference talk from Easterhegg 2019. Dive into the process of exploiting Neato Botvac Connected firmware to control high-end vacuum cleaners. Learn about firmware extraction techniques, including overcoming proprietary chip layouts and QNX systems. Discover how buffer overflow vulnerabilities can lead to remote command execution with root privileges. Understand the implications of these security flaws on user privacy and home security. Follow the speakers' journey through firmware analysis, vulnerability identification, and exploit development, including their methods for overcoming obstacles in proof-of-concept creation. Gain insights into the potential risks associated with cloud-connected smart home devices and the importance of robust security measures in IoT products.
Syllabus
Intro
Infrastructure
Firmware Updates
Firmware Update Process
Serial Debug Port
Breaking QNX SDP 6.5 License Management
Boot Me If You Can #2
Extracting the Neato IFS
QNX Boot Process
Secure Boot Bypass (CVE-2018-20785)
"BlackBox" Logs & Coredumps
RC4 For Beginners (CVE-2018-17177)
Generating and Interpreting Coredumps
Buffer Overflow Vulnerability
Controllable Registers
Vulnerable Function
Vulnerability Root Cause
Determining Factors for the Exploit
Our Exploit
Implications
Root Remote Code Execution via Cloud (CVE-2018-19442)
Taught by
media.ccc.de
Related Courses
Building Geospatial Apps on Postgres, PostGIS, & Citus at Large ScaleMicrosoft via YouTube Unlocking the Power of ML for Your JavaScript Applications with TensorFlow.js
TensorFlow via YouTube Managing the Reactive World with RxJava - Jake Wharton
ChariotSolutions via YouTube What's New in Grails 2.0
ChariotSolutions via YouTube Performance Analysis of Apache Spark and Presto in Cloud Environments
Databricks via YouTube