HackInParis 2018 training

Smart lockpicking - hands-on exploiting flaws in IoT devices based on electronic locks and access control systems

Paris

HackInParis

You can, quite reasonably, expect smart locks and access control systems to be free from alarming security vulnerabilities - such a common issue for an average IoT device. Well, this training will prove you wrong. After performing multiple hands-on exercises with a dozen of real devices and various technologies, you will never look at the devices the same way. During this course students will perform: wireless sniffing, spoofing, cloning, replay, DoS, authentication and command-injection attacks.

How to pick a BLE smart lock and cause "cancer" using just a mobile phone

SÅ‚awomir Jasek

20 minute read

Behold The Smart Lock! In case anyone would doubt its smartness, it is literally imprinted. Fitted with an enormously loud speaker - advertised as a feature to raise a solid anti-thief alarm. Using the same speaker for a normal unlock notification, thus enforcing you to cover your ears while opening, was not the smartest idea though. Security? Smart my shiny metal (…)!

Enough smart for the introduction. Give me the meat! TLDR exploit.

HackInTheBox Amsterdam 2018 training

Out of the blue: attacking BLE, NFC, HCE and more

Amsterdam

HITB Conference

Bluetooth Low Energy is one of the most exploding IoT technologies. BLE devices surround us more and more - not only as wearables, toothbrushes and sex toys, but also smart locks, medical devices and banking tokens. Alarming vulnerabilities of these devices have been exposed multiple times recently. And yet, the knowledge on how to comprehesively assess their security seems very uncommon. Not to mention best practices guidelines, which are practically absent.