"Smart lock? Nah dude.": Pwning a smart lock with Python
Anirudh (~icyphox) |
With the digitization of nearly all things imaginable, or in terms of buzzwords — Internet of Things, "smart" devices have become the norm. This talk tells the story of one such smart lock we picked up on Amazon, and how we pwned it. Using Python, of course.
Who is the talk for?
- Security enthusiasts
- Hardware and IoT developers
- Or just anyone who finds the absolute state of IoT security today, laughable :)
Brief outline of the session
- Speaker(s) Intro [2 mins]
- The IoT security scene today [5 mins]
- The lock and its companion app [3 mins]
- How we approached the lock (what didn't work) [6-7 mins]
- The bug, the (Python) exploit and the disclosure [10 mins] (Including a video demo)
- Conclusion and Q/A [5 mins]
- An insight into a new domain in security
- A lesson on "smart" devices
- Applied Python in security
- Basics of Python
- Some level of understanding of application security
As this vulnerability is undergoing responsible disclosure, the video PoC will be updated after about 15 days.
Speaker 1 — Anirudh
I'm a computer science major at SRM IST, Kattankulathur, Chennai. My primary interest is computer security, and more specifically — offensive security, digital forensics and privacy. I’m also a security researcher/CTF player at Sector443, an infosec community at our University. I've worked closely with a lot of organizations to provide security solutions, and have conducted pentests on their infrastructure. Apart from security, I actively contribute to open source projects, my most favourite being the Nim programming language.
Speaker 2 — Raghav
I'm also a CS undergrad at SRM IST, Kattankulathur. I've been into hardware security for over 3 years. I do security research at Sector443 too.