Research Centre

[AREA 41] Reversing Internet of Things from Mobile Applications

Those slides were presented at Area 41, (Zurich, Switzerland) June 10, 2016

Video of the talk:

Internet of Things (IoT) are not a hype: they are already here and growing, Despite concerns on their security and privacy - IDC predicted that in two years 90% of IT networks s will have an IoT-based security breach - not so many security researchers are investigating the field yet. The (likely) reason for this status is that the reverse engineering of IoT is difficult. Indeed, nearly each product has its own custom hardware, firmware, operating system, protocols etc. Consequently, the first few steps are painful: gather the equipment, start research with close to no help from the community (no tools, documentation...).
However, there is an easier way in: IoT often come with a mobile companion application. Thats where to focus your initial efforts, because the app contains lots of valuable information. Thats what I did with several devices (Recon Jet smart glasses, a house safety alarm of Meian etc). Very fruitful! The reverse engineering of the mobile apps was fruitful beyond expectations! Hardware details,interactions with the devices, where to place protection against viruses, and discovery of vulnerabilities ;)