[Defcon 2020] Paul Marrapeses' speech about IoT P2P protocol design flaws
Dear Collegues, Paul Marrapese did some excellent work on researching about protocol vulnarabilities in popular IoT devices. https://www.youtube.com/watch?v=Z_gKEF76oMM Unfortunately I did not find a transcript, yet. Nevertheless the conclusion is to keep IoT devices disabled to communicate with the internet if possible and it also shows - again - the lack of interest from the device makers to adress the security flaws. Wishing you all a productive week and stay healthy. - Peter
nice pointer Peter! for such lack of interests from IoT providers, one tentative angle could be from white hats and ethical hacking - here is an initial look: http://homepage.tudelft.nl/8e79t/bib/ictrs2019.html ACM IMC had a cool study last year, covering around 81 devices: https://moniotrlab.ccis.neu.edu/wp-content/uploads/2019/09/ren-imc19.pdf while mitigation/protection directly on low-budget iot became daunting, IoT-Keeper suggests a lightweight alternative: http://homepage.tudelft.nl/8e79t/files/pre-print-tnsm2020.pdf Cheers, Aaron On 10/08/2020, 09:42, "iot-wg on behalf of Peter Steinhäuser" <iot-wg-bounces@ripe.net on behalf of ps@embedd.com> wrote: Dear Collegues, Paul Marrapese did some excellent work on researching about protocol vulnarabilities in popular IoT devices. https://urldefense.proofpoint.com/v2/url?u=https-3A__www.youtube.com_watch-3Fv-3DZ-5FgKEF76oMM&d=DwICAg&c=XYzUhXBD2cD-CornpT4QE19xOJBbRy-TBPLK0X9U2o8&r=Iui-R0PdSAiRXYstq499vMjc_0AA9xFpAzYBY5yBmJc&m=l12xAregfzvkvjz2MWb0tgBy9k9gH1lPmC-VqMX5mKg&s=lwD7kLB-2K66-jwIzmYt3GqGmpzeeSVHSz_Y-LcDY1M&e= Unfortunately I did not find a transcript, yet. Nevertheless the conclusion is to keep IoT devices disabled to communicate with the internet if possible and it also shows - again - the lack of interest from the device makers to adress the security flaws. Wishing you all a productive week and stay healthy. - Peter _______________________________________________ iot-wg mailing list iot-wg@ripe.net https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.ripe.net_mailman_listinfo_iot-2Dwg&d=DwICAg&c=XYzUhXBD2cD-CornpT4QE19xOJBbRy-TBPLK0X9U2o8&r=Iui-R0PdSAiRXYstq499vMjc_0AA9xFpAzYBY5yBmJc&m=l12xAregfzvkvjz2MWb0tgBy9k9gH1lPmC-VqMX5mKg&s=-Q3U0yM23yllzuaqAeQIOwQXTquYC0Lwbsjz4rCycKw&e=
participants (2)
-
Aaron Ding
-
Peter Steinhäuser