War Stories on Embedded Security Pentesting IoT Building Managers and How to Do Better

Explore real-world embedded security challenges and solutions in this 50-minute conference talk from Derbycon 7. Delve into the unique aspects of IoT and building management systems pentesting, examining the differences between IoT and traditional IT security. Learn about physical effects, camera vulnerabilities, password management issues, and the complexities of vulnerability reporting in IoT environments. Gain insights into the knowledge gap between IT and OT, user password practices, and the importance of physical security in IoT deployments. Discover software security best practices and the potential of cyber deception techniques in protecting embedded systems. Acquire valuable knowledge to enhance your approach to IoT and building management systems security.

Intro
Thank you
This talk is different
EDA Labs
Todays Talk
Typical Pentesting
Its your problem
IoT vs IT
Physical Effects
Cameras
Password Change
Vulnerability Reporting
The Knowledge Gap
User Passwords
Whos to Blame
Physical Security
Software
Security Best Practices
Cyber Deception
Conclusion