VDA gave a number of talks in 2017 on embedded and IoT security, and how it relates to other pentesting services. The full video (and some additional clips) are embedded below. In this talk we cover the following points (and many more):
- IoT devices are appearing in our offices and organizations, but oftentimes no one is owning the security of those devices
- IoT device manufacturers are not doing all they should in terms of security testing, and don’t necessarily follow secure coding practices
- The term IoT encompasses more devices than you would think – building controllers, smart appliances, industrial control systems
- One of the many issues with connected devices is default passwords
- Building controllers and camera systems were developed and sold to last a long time – but are not always updated
- How to secure IoT devices – for both manufacturers, but also owners
Watch below to learn more, and let us know if you have any thoughts or opinions to share on our talk!
Also, here’s a couple videos of the open camera footage discovered. Remember: this was done only for research and to make people more secure, not for any malicious reasons. Please use such knowledge only to help security people and companies.
Example of zoomable view in Jewelry Store: