Workshop 12 - Practical Exploitation of Internet of Things (IoT) Networks and Ecosystems
|Speakers:||Mr. Sumanth Naropanth and Ms. Eliza Chelleng||
|HKPC Building, 78 Tat Chee Avenue, Kowloon, Hong Kong|
|Date:||18 - 19 Sep 2018 (2 days)||
|09:30 - 17:00|
||HK$7,000 (Early Bird: HK$6,800)|
|Member Fee for Organizer/Supporting Organization||HK$6,800 (Early Bird: HK$6,600)|
Medium of Instruction
Nature & Objectives
This workshop offers a holistic, hands-on approach to IoT security. Students will learn to analyze the architecture of IoT market products (Industrial IoT, wearables, etc.) from a security perspective, and using specialized hardware & software tools, perform their own hands-on vulnerability assessments of IoT platforms. Defensive security best practices to proactively identify such vulnerabilities, as well as methodologies to plan and execute end-to-end Security Development Lifecycle (SDL) for IoT products will also be taught.
Each student will receive a Microchip’s RZUSBStick Starter Kit, which includes a transceiver commonly used in IoT networks, including IEEE 802.15.4, ZigBee and 6LoWPAN, valued at over HK$350.
- Introduction to Internet of Things
- Deep-dive into commonly deployed IoT architectures
- Need for security in IoT and wearable products
- IoT ecosystem and security paradigms for hardware, mobile and cloud
- Commonly used communication protocols and standards
- Security considerations and features in these communication protocols
- Hands-on Exercise 1: Hacking an IoT Wireless Sensor Network
- Hands-on Exercise 2: Eavesdropping on an Activity Tracker
- Walkthrough Exercise 3: Breaking Bluetooth adaptations on Android and iOS
- Hands-on Exercise 4: Amazon Web Services (AWS) IoT Core & MQTT Security
- Secure by design: Code-level exercises to address vulnerabilities exploited in the hands-on hacking exercises
- Next-generation Security Development Lifecycle for IoT platforms
- Privacy topics
Who Should Attend
Security researchers and penetration testers interested in Internet of Things (IoT) and wearables; Security architects; Anyone who would like to learn about threats to next-generation computing platforms in the IoT space. The hands-on exercises require basic familiarity with Linux operating system, understanding of programming languages (to perform simple changes to source code provided), and network communication protocols.
Requirement for Participant
Each participant is required to create one free AWS account prior to the workshop, and which is used for Hands-on Exercise 4.
Mr. Sumanth Naropanth
Chief Executive Officer (CEO)
Deep Armor Technologies Private Limited
Sumanth Naropanth is a technical expert in security research, vulnerability assessments, security architecture & design, and incident response. He has held several security leadership positions, has developed detailed frameworks for Security Development Lifecycle (SDL) for large corporations, and has managed global teams that executed those SDL activities. Sumanth is the founder and CEO of Deep Armor. He previously worked for Sun Microsystems, Palm/HP and Intel. He and his team have published their research at well-known security conferences, including Black Hat Asia, Black Hat Europe, FIRST, PacSec, AppSec, Troopers, Nuit du Hack, Shakacon and so on. Sumanth has a Masters degree in Computer Science (Security) from Columbia University.
Ms. Eliza Chelleng
Senior Security Analyst
Deep Armor Technologies Private Limited
Eliza is a senior security analyst at Deep Armor. She has over four years of security consulting experience, primarily in IoT/Wearables, Mobile Solutions, Cloud Computing and Web Application penetration testing. She led Security Development Lifecycle (SDL) activities for multiple projects at Intel, and reported numerous vulnerabilities in pre-market products. Her research and exploitation techniques on Bluetooth and BLE weaknesses on wearables and mobile platforms has been presented at several prestigious security conferences. She has spoken about her work at the Nuit du Hack Conference in Paris. Eliza is trained in Network Pentesting by the SANS Institute. Eliza has a Master degree in Computer Science