Recent DDoS cases and the release of the Mirai botnet source code made clear, if needed at all, that insecure IoT devices can be a threat not only for their owners, but for the whole connected ecosystem. Many security researchers were already aware of these potential threats, even before the “IoT wave” of the latest years. The “wave” brought a name change from “network-connected embedded devices” to “IoT devices” and a constantly increasing frequency of “IoT threats” mentions. To the point that they have be
The talks I gave in 2010 on Access Points exploitation already explored, in the context of APs, some of the advantages an attacker might gain when in control of such devices. With the proliferation of IoT devices now, those considerations are even more relevant and certainly not limited to APs only. I realized that, although that research from 2010 is now outdated and fixes have been provided, those presentations might still be interesting for a glance into embedded exploitation and provide some insights wh
This posting also comes with an inner smile in seeing how and how much I personally evolved since those times. Six years are definitely a significant amount of time. …but I guess this happens to anybody peeking a bit back into his own past. 🙂