YoVDO

Hitting the Gym - The Anatomy of a Killer Workout

Offered By: WEareTROOPERS via YouTube

Tags

TROOPERS Courses Cybersecurity Courses Compliance Courses Privilege Escalation Courses

Course Description

Overview

Explore the intersection of fitness technology and cybersecurity in this 54-minute conference talk. Delve into the anatomy of smart fitness equipment, examining their features, attack surfaces, and compliance considerations in both EU and US contexts. Analyze the unique challenges posed by Android-controlled devices and medical device classifications. Discover how to circumvent UI restrictions, exploit local file managers, and gain remote access to fitness equipment. Investigate privilege escalation techniques and methods for controlling hardware through Hi Kit. Learn about fingerprinting device types, identifying logged-in users, and remotely manipulating speed and incline settings. Examine known treadmill-related accidents and explore the potential for disabling safety features. Consider the implications of fitness IoT in corporate environments and potential attack scenarios. Gain insights into device vulnerabilities and their impact on gym security, equipping yourself with knowledge to address these emerging cybersecurity challenges in the fitness industry.

Syllabus

Intro
Fitness & Wellness Equipment
Smart Fitness Equipment Features
Information Security Attack Surface
Technology Tradeoffs
Compliance
Cybersecurity for Smart Fitness Devices (EU)
Medical Devices & the Fitness Paradox
Cybersecurity for Smart Fitness Devices (US)
Powered Treadmill Classification (US) • Powered Treadmills
Android Controlled Devices
MDM Technologies A set of technologies used in order to achinister
Smart Fitness Device Stack
Our case
Circumventing UI Restrictions #1
Local File Manager Abuse
Installing a custom app for remote shell access
Getting remote shell access
Privilege Escalation
Getting Hardware Control
Examination of the Android IPC and Data Sharing in Hi Kit (Display board)
Controlling the Hardware through Hi Kit
When you Press a Software Button
When you Press a Hardware Button
Fingerprinting the Device Type
Identifying a logged in User
Remotely Controlling Speed and Incline
Known cases of treadmill-related accidents
Can you make it stop?
Disabling Software / Physical buttons
Physical Emergency Button of Low Kit
Messing with the Low Kit
Fitness IoT & Corporate Environments
Red Teamers Hitting the Gym
Summary of Identified Device Vulnerabilities
Attack Scenarios for Gym Environments
Conclusions


Taught by

WEareTROOPERS

Related Courses

CNIT 127: Exploit Development
CNIT - City College of San Francisco via Independent Enterprise Security Fundamentals
Microsoft via edX Penetration Testing - Post Exploitation
New York University (NYU) via edX Ultimate Ethical Hacking and Penetration Testing (UEH)
Udemy Hands-on Penetration Testing Labs 4.0
Udemy