LASCON 2017

Using research from multiple projects involving IoT and the accompanying mobile app, we'll take a look at three main areas from the perspective of a researcher: where the most common mistakes lie, where to attack, and how to pull things apart. By looking at multiple research projects, patterns begin to emerge in the types of mistakes that are made. While many IoT devices focus what little security they might have on the end device itself, when data is being moved from device to cloud there are numerous methods for attack that emerge. And most importantly, as a security researcher there are certain tools and techniques that can make quick(er) work of the research. We will use at least two real world examples to show how all of this is done (more depending on vendor responses before the talk), including evaluations of research tools used.