Login Papers Register

Need an account to vote? Register to attend at gsec.hitb.org/sg2017/

<< previous next >>

Exploiting IoT Devices over Software Defined Radio, ZigBee, WiFi and BLE

Swaroop Yermalkar

3 vote(s)

With arrival of new smart devices every day, Internet of Things is one of the most upcoming trends in technology. Most of these devices have component to communicate over Wireless. However many of these devices communicate over proprietary protocols and it’s important to know the process of analyzing and finding flaws in it.

This paper will help you to understand Software Defined Radio, ZigBee, WiFi, BLE (Bluetooth Low Energy) with practical approach for identifying attack surface and exploiting IoT Devices. Talk will cover BLE hardware, ZigBee Sniffing Hardware, SDR Hardware - RTL SDR, HackRF, WiFi Sniffing / Injection hardware, Radio Frequencies Basic, ZigBee Profiles, WiFi, ZigBee, BLE attacks with IoT devices.

About Swaroop Yermalkar

Swaroop Yermalkar works as a Senior Security Engineer at Philips and his work includes threat modelling, security research and the assessment of IoT devices, healthcare products, web applications, networks, and Android, iOS applications. He is OWASP iGoat Project leader (https://www.owasp.org/index.php/OWASP_iGoat_Tool_Project) and also author of popular iOS security book ‘Learning iOS Penetration Testing’, Packt Publishing. He is also one of the top security researchers worldwide, working with Cobalt.io (https://app.cobalt.io/swaroopsy), Synack.inc.

He has been invited to give talks and training at various security conferences, such as Hacks In Taiwan (HITCON), Europeansec, GroundZero, c0c0n, 0x90, DefconLucknow, and GNUnify. He has been acknowledged by Microsoft, Amazon, eBay, Etsy, Dropbox, Evernote, Simple banking, iFixit, and many more for reporting high-severity security issues in their mobile apps.

He is an active member of NULL, an open security community in India, and is a contributor to the regular meetups and Humla sessions at the Pune, Bengaluru chapter. He holds various information security certifications, such as OSCP, OSWP, SLAE and CEH. He has written articles for clubHACK magazine and also authored a book, An Ethical Guide to Wi-Fi Hacking and Security.