reverse engineering

Is A Nest Botnet In Our Future? A Conversation With IoT Researcher Daniel Buentello

Daniel Buentello is one of the top security researchers out there looking into the security of common, consumer products that are part of the growing “Internet of Things.” Most recently, Buentello has been making the rounds of security cons with a presentation he calls “Weaponizing Your Coffee Pot.” The talk, which Bountello presented at the recent DerbyCon hacker conference in Kentucky and at ToorCon in Seattle in July. That talk was something of a call to arms for security folk to start poking around the growing list of IP-enabled consumer products. Buentello notes that most – including products from large firms like Belkin are insecure by design and in deployment. As we noted when we wrote about Buentello presentation early in October, the interesting stuff here is Daniel’s methodology for reverse engineering the software that runs these commercial developments, which offers something of a blueprint for others to follow.  More recently, Buentello turned his gaze to […]

Continue Reading

Video: Weaponizing Your Coffee Pot

The third annual DerbyCon wrapped up last week. Alas, I wasn’t able to make it down to Louisville, Kentucky and don a pork-pie hat with the smart people there. Still, there were some great presentations, and most of them are available online. One worth checking out if you’re into the Internet of Things hacking -thing is Daniel Buentello’s (@danielbuentell0) presentation of “Weaponizing Your Coffee Pot.” This is a repeat performance for Daniel, who also presented it at the ToorCon Conference in Seattle back in July. The first half of this talk is a high level overview of IoT and the security implications thereof. Mostly this is stuff you’ve read on this blog before. In the second half, Daniel goes down into the weeds on hacking a couple of classic IoT devices: Belkin’s WeMo IP enabled power outlet and Nest’s iconic thermostat. Without getting into all the details (its worth watching […]

Continue Reading

Podcast: The Art Of Hiring Hackers

The Black Hat and DEFCON security conferences wrapped up last week in Las Vegas. Most of the media attention was (naturally) focused on the content of the presentations – including talks on the security of consumer electronics, automobiles and, of course, on the privacy implications of the recently revealed NSA surveillance program PRISM. But for the companies that pay money to send staff to these shows, the content of the talks is only one draw. Black Hat and DEFCON also serve a lesser known, but equally important role as magnets for some of the world’s top talent in obscure disciplines like reverse engineering, vulnerability research, application security analysis and more. Come August, any organization with a dog in the cyber security fight (and these days, that’s a lot of organizations) is in Las Vegas for a chance of meeting and hiring that top cyber security talent. What do companies that […]

Continue Reading
1 3 4 5