What threats are hidden in IoT hardware? Jan Adamski and Marcin Rytel invite you to OH MY H@CK 2023

14.11.2023

On December 5, during the OH MY H@CK 2023 conference, Jan Adamski and Marcin Rytel from the NASK SCIENCE team will present new data on a critical vulnerability in the API of one of the manufacturers of popular devices during their lecture “Security research of IoT devices.” The vulnerability they detected allows a device to be remotely (via the Internet) added to a personal user account and remotely controlled, without any authorization.

Page image

If the Coordinated Vulnerability Disclosure (CVD) is completed by the time the conference begins, our researchers will present details of the vulnerability, the research process that allowed it to be discovered, and a full PoC with a video example of how the vulnerability could be used in practice. It will also be possible to discuss countermeasures that would effectively eliminate the vulnerability. So keep your fingers crossed that this will be possible! However, in the event that the CVD process is not completed, the speech will present the methodology developed by researchers in the LaVA project for testing IoT devices, as well as lessons learned from this research.

Jan and Marcin will talk about the security challenges of some everyday devices connected to the Internet. They will present the critical security areas defined in the methodology for IoT devices, along with research methods for modeling attack scenarios and then verifying their feasibility. They will present vulnerabilities reported to date to manufacturers of Internet of Things equipment.

This year’s OH MY H@CK 2023 conference will be held at the National PGE, and those who want to take advantage of a discount on a ticket to attend the event should use the code OMH-20

Enjoy the event!