1
00:00:10,160 --> 00:00:13,200
hey everyone

2
00:00:10,880 --> 00:00:14,320
ryan here again with the cactus con crew

3
00:00:13,200 --> 00:00:17,119
and this is actually

4
00:00:14,320 --> 00:00:17,920
our last talk of the conference so this

5
00:00:17,119 --> 00:00:20,720
is the last

6
00:00:17,920 --> 00:00:22,640
q a session i'm here with tracy who just

7
00:00:20,720 --> 00:00:25,119
gave an awesome talk tracy hello and

8
00:00:22,640 --> 00:00:28,400
thank you for being with us

9
00:00:25,119 --> 00:00:30,800
hey thanks for having me heck yeah

10
00:00:28,400 --> 00:00:32,558
i am going to run a couple of our

11
00:00:30,800 --> 00:00:36,480
giveaways real quick for folks

12
00:00:32,558 --> 00:00:36,480
and then we'll get to your talk

13
00:00:37,360 --> 00:00:41,920
all right so here's a little giveaway

14
00:00:39,440 --> 00:00:43,040
for cactus con 8 hardware badges we have

15
00:00:41,920 --> 00:00:46,160
two of them available

16
00:00:43,040 --> 00:00:46,160
and they are going to

17
00:00:47,360 --> 00:00:51,360
burman and walmart i had to chuckle on

18
00:00:50,640 --> 00:00:54,320
that name

19
00:00:51,360 --> 00:00:55,519
and walmart all right and next up we

20
00:00:54,320 --> 00:00:57,600
have the complete

21
00:00:55,520 --> 00:00:59,039
boot rogue strategy guide we have two

22
00:00:57,600 --> 00:01:01,840
more of those available

23
00:00:59,039 --> 00:01:03,520
we did because now they're gone and they

24
00:01:01,840 --> 00:01:06,159
are going to

25
00:01:03,520 --> 00:01:06,960
oh how do you pronounce that serrano

26
00:01:06,159 --> 00:01:09,360
tama

27
00:01:06,960 --> 00:01:11,759
sure i'm sure i butchered that and i

28
00:01:09,360 --> 00:01:15,200
won't even try that one

29
00:01:11,760 --> 00:01:17,920
says bully awesome

30
00:01:15,200 --> 00:01:19,840
so congrats to those folks we have one

31
00:01:17,920 --> 00:01:21,119
more thing to give away and that was the

32
00:01:19,840 --> 00:01:24,720
final two copies

33
00:01:21,119 --> 00:01:26,960
of the physical signed ted demopolis's

34
00:01:24,720 --> 00:01:29,840
infosec rockstar book and those are

35
00:01:26,960 --> 00:01:29,839
going out too

36
00:01:30,479 --> 00:01:34,000
well look at that we have a repeat

37
00:01:32,000 --> 00:01:36,880
winner from the very last giveaway

38
00:01:34,000 --> 00:01:38,000
i just did serena tama that's how i'm

39
00:01:36,880 --> 00:01:40,320
gonna pronounce that

40
00:01:38,000 --> 00:01:41,360
oh cleaning up shop all right cool and

41
00:01:40,320 --> 00:01:44,720
then spike

42
00:01:41,360 --> 00:01:47,360
roach or spike roche one of those two uh

43
00:01:44,720 --> 00:01:48,960
thank you everyone uh who put in for

44
00:01:47,360 --> 00:01:50,000
those giveaways keep in mind we have

45
00:01:48,960 --> 00:01:52,240
another giveaway

46
00:01:50,000 --> 00:01:54,079
we have two more actually coming up in

47
00:01:52,240 --> 00:01:55,520
our closing ceremonies please be there

48
00:01:54,079 --> 00:01:57,439
we'll be giving away that free sans

49
00:01:55,520 --> 00:02:01,840
course

50
00:01:57,439 --> 00:02:04,158
so tracy uh where did you get the idea

51
00:02:01,840 --> 00:02:05,840
for this talk what like originally

52
00:02:04,159 --> 00:02:08,560
kicked it into you're like this this is

53
00:02:05,840 --> 00:02:11,039
what i want to present on

54
00:02:08,560 --> 00:02:11,840
uh so if anyone has been kind of

55
00:02:11,038 --> 00:02:13,679
following me

56
00:02:11,840 --> 00:02:15,120
on twitter you'll know that iot is a bit

57
00:02:13,680 --> 00:02:18,000
newish to me

58
00:02:15,120 --> 00:02:19,599
um so i kind of crash-landed into iot so

59
00:02:18,000 --> 00:02:22,400
a lot of this was when

60
00:02:19,599 --> 00:02:24,399
i started doing iot secure analysis i

61
00:02:22,400 --> 00:02:26,160
wanted to think like a hacker and the

62
00:02:24,400 --> 00:02:27,760
thing that any hacker knows is you want

63
00:02:26,160 --> 00:02:29,280
to go for your biggest blast radius with

64
00:02:27,760 --> 00:02:31,599
your lowest amount of effort

65
00:02:29,280 --> 00:02:33,599
and mqtt is really interesting in that

66
00:02:31,599 --> 00:02:35,040
way because if you guys remember the old

67
00:02:33,599 --> 00:02:36,959
hub and spoke networks

68
00:02:35,040 --> 00:02:38,799
it's very much like that you have a very

69
00:02:36,959 --> 00:02:40,720
central vulnerability because you have

70
00:02:38,800 --> 00:02:41,440
one central server that does a lot of

71
00:02:40,720 --> 00:02:44,000
things

72
00:02:41,440 --> 00:02:46,319
to a lot of things and so i started

73
00:02:44,000 --> 00:02:48,000
looking into how to attack mqtt

74
00:02:46,319 --> 00:02:50,160
and more importantly for my job how to

75
00:02:48,000 --> 00:02:51,920
secure it um and i got to

76
00:02:50,160 --> 00:02:53,920
talking to some other folks that i know

77
00:02:51,920 --> 00:02:55,839
that have been veterans in this industry

78
00:02:53,920 --> 00:02:57,679
and they said what's an mqtt

79
00:02:55,840 --> 00:02:59,040
and i thought well i bet if they don't

80
00:02:57,680 --> 00:03:00,159
know it there's some other folks out

81
00:02:59,040 --> 00:03:04,560
there that don't know it

82
00:03:00,159 --> 00:03:06,239
and so i made a talk and here we are

83
00:03:04,560 --> 00:03:08,159
i love that you mentioned that because

84
00:03:06,239 --> 00:03:09,280
as we were talking about offline i saw

85
00:03:08,159 --> 00:03:10,640
your tweet recently

86
00:03:09,280 --> 00:03:12,480
where you basically were saying i'm

87
00:03:10,640 --> 00:03:13,040
paraphrasing your your own words so

88
00:03:12,480 --> 00:03:14,560
maybe i

89
00:03:13,040 --> 00:03:16,799
just added but you know when you're

90
00:03:14,560 --> 00:03:17,599
saying i normally wouldn't do talks in

91
00:03:16,800 --> 00:03:19,200
the past but

92
00:03:17,599 --> 00:03:20,799
i've been at conferences or i've heard

93
00:03:19,200 --> 00:03:22,319
people asking questions and essentially

94
00:03:20,800 --> 00:03:23,599
realize well i know about that and if

95
00:03:22,319 --> 00:03:25,760
they didn't know about that why

96
00:03:23,599 --> 00:03:28,000
can't i just present on that so i love

97
00:03:25,760 --> 00:03:31,359
that attitude awesome

98
00:03:28,000 --> 00:03:33,280
awesome well and you know i

99
00:03:31,360 --> 00:03:34,560
i i started running a con here in

100
00:03:33,280 --> 00:03:36,159
seattle and that actually

101
00:03:34,560 --> 00:03:38,000
changed my perspective on a lot of

102
00:03:36,159 --> 00:03:40,239
things i think i always thought that

103
00:03:38,000 --> 00:03:41,920
in order to present at a con i had to be

104
00:03:40,239 --> 00:03:44,080
the person coming out on def con

105
00:03:41,920 --> 00:03:45,440
stage dropping oday you know like the

106
00:03:44,080 --> 00:03:47,599
latest of the elite

107
00:03:45,440 --> 00:03:49,040
the only thing i was it was me and god

108
00:03:47,599 --> 00:03:49,920
who knew that specific you know

109
00:03:49,040 --> 00:03:51,599
vulnerability

110
00:03:49,920 --> 00:03:53,839
and then i actually started thinking

111
00:03:51,599 --> 00:03:55,040
that there's a lot of space in infosec

112
00:03:53,840 --> 00:03:56,799
for folks that

113
00:03:55,040 --> 00:03:59,200
aren't doing advanced research aren't

114
00:03:56,799 --> 00:04:02,239
doing o days are doing you know

115
00:03:59,200 --> 00:04:03,920
pretty normal stuff every day and those

116
00:04:02,239 --> 00:04:06,720
are the talks that actually influence

117
00:04:03,920 --> 00:04:08,079
my work the most because i don't do

118
00:04:06,720 --> 00:04:09,599
advanced research

119
00:04:08,080 --> 00:04:12,720
detection or advanced you know malware

120
00:04:09,599 --> 00:04:12,720
development that's not what i do

121
00:04:13,120 --> 00:04:16,239
i like that you say that too because

122
00:04:14,720 --> 00:04:16,959
like personally i tell people all the

123
00:04:16,238 --> 00:04:18,560
time i'll

124
00:04:16,959 --> 00:04:21,120
i don't think i'll ever personally be on

125
00:04:18,560 --> 00:04:22,560
the defcon stage um i got to do a defcon

126
00:04:21,120 --> 00:04:23,680
workshop and that's because i realized i

127
00:04:22,560 --> 00:04:24,960
can just do a workshop

128
00:04:23,680 --> 00:04:26,560
i teach people i train people all the

129
00:04:24,960 --> 00:04:27,280
time like that's what i just wanted to

130
00:04:26,560 --> 00:04:29,840
live and breathe

131
00:04:27,280 --> 00:04:31,599
right but the fella or the gal or the

132
00:04:29,840 --> 00:04:33,758
person dropping o days that's that's not

133
00:04:31,600 --> 00:04:35,440
me so i love that i mean you and i think

134
00:04:33,759 --> 00:04:36,560
very similarly in that like let me just

135
00:04:35,440 --> 00:04:39,199
show you this cool stuff that

136
00:04:36,560 --> 00:04:39,680
i i learned um i've also sometimes in

137
00:04:39,199 --> 00:04:41,199
the past

138
00:04:39,680 --> 00:04:42,880
submitted talks for things i didn't know

139
00:04:41,199 --> 00:04:44,639
how to do and then just so that when

140
00:04:42,880 --> 00:04:48,560
they accept it i'm like all right well

141
00:04:44,639 --> 00:04:50,240
i need to learn now time to learn

142
00:04:48,560 --> 00:04:52,000
we had a pretty good question in the

143
00:04:50,240 --> 00:04:54,639
chat that came up and

144
00:04:52,000 --> 00:04:56,560
the question was are there any apts that

145
00:04:54,639 --> 00:04:59,520
are targeting iot devices

146
00:04:56,560 --> 00:05:02,160
on nqtt and then a reference essentially

147
00:04:59,520 --> 00:05:04,719
after that to the mirai botnet

148
00:05:02,160 --> 00:05:06,960
yeah so the interesting thing is most of

149
00:05:04,720 --> 00:05:08,720
the mqtt

150
00:05:06,960 --> 00:05:10,080
botnets and i'm going to use that term

151
00:05:08,720 --> 00:05:12,880
in a very squishy way

152
00:05:10,080 --> 00:05:14,880
um go after denial of service because

153
00:05:12,880 --> 00:05:16,560
mqtt one of the easiest things to do is

154
00:05:14,880 --> 00:05:20,240
to overwhelm the broker

155
00:05:16,560 --> 00:05:22,240
there hasn't been like a ton

156
00:05:20,240 --> 00:05:24,000
of what i would call super advanced

157
00:05:22,240 --> 00:05:26,080
level like let's go after mqtt

158
00:05:24,000 --> 00:05:27,759
and make all your light bulbs explode um

159
00:05:26,080 --> 00:05:29,840
like things like that but i mean if you

160
00:05:27,759 --> 00:05:31,520
can kind of wargame it out that is the

161
00:05:29,840 --> 00:05:32,159
potential that we see in front of us

162
00:05:31,520 --> 00:05:34,479
right like

163
00:05:32,160 --> 00:05:35,680
you have a bunch of mqtt brokers that

164
00:05:34,479 --> 00:05:37,680
are poorly configured

165
00:05:35,680 --> 00:05:39,520
a bunch of iot devices that are also

166
00:05:37,680 --> 00:05:42,560
poorly configured it's just kind of a

167
00:05:39,520 --> 00:05:42,560
recipe for disaster

168
00:05:43,840 --> 00:05:46,880
i like it working as an ir consultant we

169
00:05:46,400 --> 00:05:49,679
often

170
00:05:46,880 --> 00:05:50,960
run into exactly you know the blast

171
00:05:49,680 --> 00:05:52,479
radius trying to get the

172
00:05:50,960 --> 00:05:54,080
biggest bang for your buck you know it

173
00:05:52,479 --> 00:05:56,159
makes me think of general like exploit

174
00:05:54,080 --> 00:05:57,520
kits and mouse bam campaigns and just

175
00:05:56,160 --> 00:05:59,600
throw it out there and just you know see

176
00:05:57,520 --> 00:06:01,758
what happens so i i like

177
00:05:59,600 --> 00:06:02,720
the overall idea of how you approach it

178
00:06:01,759 --> 00:06:04,240
think like a hacker

179
00:06:02,720 --> 00:06:06,160
right and that's how you're successful

180
00:06:04,240 --> 00:06:08,240
in researching and or

181
00:06:06,160 --> 00:06:09,600
thwarting a lot of the stuff so you

182
00:06:08,240 --> 00:06:12,080
mentioned you haven't been along into

183
00:06:09,600 --> 00:06:13,600
iot what got what really got you into

184
00:06:12,080 --> 00:06:16,960
iot was there a specific

185
00:06:13,600 --> 00:06:17,759
thing or inventor um you know it's

186
00:06:16,960 --> 00:06:20,479
really funny

187
00:06:17,759 --> 00:06:22,240
um pure coincidence i think and i'm

188
00:06:20,479 --> 00:06:24,080
sorry my cat just broke into my office

189
00:06:22,240 --> 00:06:28,319
so i guess you're gonna drive

190
00:06:24,080 --> 00:06:30,318
for q a um sorry she's very

191
00:06:28,319 --> 00:06:31,919
not okay with being left out of anything

192
00:06:30,319 --> 00:06:35,840
so um

193
00:06:31,919 --> 00:06:36,719
so i kind of fell into q a or to iot

194
00:06:35,840 --> 00:06:40,880
sorry

195
00:06:36,720 --> 00:06:43,840
um this job opened up and i had done

196
00:06:40,880 --> 00:06:45,280
um missile defense systems which is sort

197
00:06:43,840 --> 00:06:47,119
of like the pre-iot

198
00:06:45,280 --> 00:06:48,638
if you will like back before there was

199
00:06:47,120 --> 00:06:49,599
the internet of things there was just

200
00:06:48,639 --> 00:06:52,160
the industrial

201
00:06:49,599 --> 00:06:53,680
internet of things um and so i had some

202
00:06:52,160 --> 00:06:54,960
experience with that but i'd spent most

203
00:06:53,680 --> 00:06:58,000
of my career doing

204
00:06:54,960 --> 00:06:59,520
um more traditional apsec i worked for

205
00:06:58,000 --> 00:07:02,639
microsoft doing

206
00:06:59,520 --> 00:07:05,840
office msrc work i worked doing tooling

207
00:07:02,639 --> 00:07:10,240
i've done a bunch of different things

208
00:07:05,840 --> 00:07:12,239
but um this opportunity kind of

209
00:07:10,240 --> 00:07:13,680
cross-sected my life and i thought why

210
00:07:12,240 --> 00:07:15,599
not um

211
00:07:13,680 --> 00:07:16,800
i can in fact i went in and i told all

212
00:07:15,599 --> 00:07:18,400
my friends i said i'll probably screw

213
00:07:16,800 --> 00:07:19,599
this up and i'll probably get fired in

214
00:07:18,400 --> 00:07:21,280
the first six months but

215
00:07:19,599 --> 00:07:24,560
in six months i will know more than i

216
00:07:21,280 --> 00:07:24,559
did six months ago so

217
00:07:28,800 --> 00:07:33,120
i like it i like that a lot it shows

218
00:07:30,720 --> 00:07:35,120
that uh it's just become a passion

219
00:07:33,120 --> 00:07:36,240
out of you know in general curiosity

220
00:07:35,120 --> 00:07:38,720
kind of got

221
00:07:36,240 --> 00:07:40,720
you and folks like us to really jump

222
00:07:38,720 --> 00:07:42,960
into the deep end you know

223
00:07:40,720 --> 00:07:45,120
uh here's a good question can our

224
00:07:42,960 --> 00:07:46,479
community convince the manufacturers of

225
00:07:45,120 --> 00:07:48,639
the iot devices

226
00:07:46,479 --> 00:07:51,360
to recommend network segmentation to

227
00:07:48,639 --> 00:07:51,360
their customers

228
00:07:52,560 --> 00:07:57,440
can we can we recommend it sure um i

229
00:07:55,280 --> 00:07:58,799
think there's a lot of body regulatory

230
00:07:57,440 --> 00:08:01,440
guidance out there that already

231
00:07:58,800 --> 00:08:04,080
recommends it um

232
00:08:01,440 --> 00:08:04,879
i think though that i mean this is the

233
00:08:04,080 --> 00:08:07,199
same fight

234
00:08:04,879 --> 00:08:08,800
i always tell people being in it iot is

235
00:08:07,199 --> 00:08:11,919
a lot like being in i.t

236
00:08:08,800 --> 00:08:13,199
in like the mid-2000s um where

237
00:08:11,919 --> 00:08:15,359
everything was just sort of

238
00:08:13,199 --> 00:08:16,639
a clown rodeo and it was like no

239
00:08:15,360 --> 00:08:18,639
passwords on anything

240
00:08:16,639 --> 00:08:20,160
and no you know nothing was segmented it

241
00:08:18,639 --> 00:08:21,199
was a completely flat network i mean

242
00:08:20,160 --> 00:08:23,039
it's very much

243
00:08:21,199 --> 00:08:24,840
it's almost deja vu like and so it's

244
00:08:23,039 --> 00:08:27,840
very much an evolution

245
00:08:24,840 --> 00:08:30,400
of maturity and engineering cycles

246
00:08:27,840 --> 00:08:30,878
and you know getting these devices that

247
00:08:30,400 --> 00:08:33,360
are

248
00:08:30,879 --> 00:08:34,959
manufactured at sometimes a couple

249
00:08:33,360 --> 00:08:36,320
dollars apiece

250
00:08:34,958 --> 00:08:38,239
getting them to include security

251
00:08:36,320 --> 00:08:39,680
features is a hard sell because

252
00:08:38,240 --> 00:08:41,599
consumers won't pay the difference and

253
00:08:39,679 --> 00:08:43,598
they just won't historically

254
00:08:41,599 --> 00:08:45,920
they won't so that falls back on

255
00:08:43,599 --> 00:08:47,600
providers of cloud services providers of

256
00:08:45,920 --> 00:08:49,360
connectivity services

257
00:08:47,600 --> 00:08:51,200
to make it easier for those

258
00:08:49,360 --> 00:08:52,320
manufacturers to do the right thing to

259
00:08:51,200 --> 00:08:54,240
do the secure thing

260
00:08:52,320 --> 00:08:56,880
and keep the cost to a way that they can

261
00:08:54,240 --> 00:08:59,040
still be profitable

262
00:08:56,880 --> 00:09:00,399
you know i purchased uh i guess i won't

263
00:08:59,040 --> 00:09:02,000
say the company i won't bust them out

264
00:09:00,399 --> 00:09:04,560
but i purchased that

265
00:09:02,000 --> 00:09:06,080
unit uh eight or twelve camera we had

266
00:09:04,560 --> 00:09:07,518
some break-ins at my our previous

267
00:09:06,080 --> 00:09:09,040
residence we first moved in we were

268
00:09:07,519 --> 00:09:10,399
greeted 30 days in we had our door

269
00:09:09,040 --> 00:09:13,360
kicked in like that's cool

270
00:09:10,399 --> 00:09:14,800
welcome to the neighborhood and uh i

271
00:09:13,360 --> 00:09:17,120
installed the camera system

272
00:09:14,800 --> 00:09:18,719
after we installed it all and then hit

273
00:09:17,120 --> 00:09:22,240
the receiver and all this

274
00:09:18,720 --> 00:09:25,440
stuff we then found out the password

275
00:09:22,240 --> 00:09:25,920
was can only be only there were no other

276
00:09:25,440 --> 00:09:28,720
options

277
00:09:25,920 --> 00:09:30,000
but to have a six digit password that

278
00:09:28,720 --> 00:09:31,279
was the only option

279
00:09:30,000 --> 00:09:33,839
so it didn't really matter what

280
00:09:31,279 --> 00:09:35,040
permutation i chose it was insecure is

281
00:09:33,839 --> 00:09:37,200
all

282
00:09:35,040 --> 00:09:38,480
the remote capability to it was always

283
00:09:37,200 --> 00:09:39,920
enabled if it was

284
00:09:38,480 --> 00:09:41,760
internet connected whatsoever and i'm

285
00:09:39,920 --> 00:09:43,839
like cool so

286
00:09:41,760 --> 00:09:45,120
so i can watch my house while i'm at

287
00:09:43,839 --> 00:09:49,360
work to feel secure

288
00:09:45,120 --> 00:09:51,519
but so can everyone else like yeah

289
00:09:49,360 --> 00:09:52,480
um and i do this for a living and this

290
00:09:51,519 --> 00:09:54,720
was sort of one of those

291
00:09:52,480 --> 00:09:56,320
dope moments that i had everyone knows

292
00:09:54,720 --> 00:09:58,080
you should segment your iot right like

293
00:09:56,320 --> 00:09:59,680
you shouldn't have it on the same

294
00:09:58,080 --> 00:10:01,920
land as like your computers and

295
00:09:59,680 --> 00:10:03,439
everything else sorry

296
00:10:01,920 --> 00:10:05,120
you are annoying i don't know if you

297
00:10:03,440 --> 00:10:08,240
know this um

298
00:10:05,120 --> 00:10:10,480
so i you know in the best of

299
00:10:08,240 --> 00:10:11,680
intentions i should probably get around

300
00:10:10,480 --> 00:10:14,800
to doing that

301
00:10:11,680 --> 00:10:17,199
and uh started in my google home

302
00:10:14,800 --> 00:10:18,000
wi-fi and realized that you have guest

303
00:10:17,200 --> 00:10:19,600
wi-fi

304
00:10:18,000 --> 00:10:21,360
and not guest wi-fi and those are your

305
00:10:19,600 --> 00:10:24,000
two options that's it

306
00:10:21,360 --> 00:10:25,120
so you know it's we don't make it easy

307
00:10:24,000 --> 00:10:28,480
for consumers to

308
00:10:25,120 --> 00:10:30,240
do this we don't make it obvious what to

309
00:10:28,480 --> 00:10:32,480
do or how to do it

310
00:10:30,240 --> 00:10:34,160
um and like we i was talking to another

311
00:10:32,480 --> 00:10:36,320
engineer on my team the other day he had

312
00:10:34,160 --> 00:10:37,360
restricted udp outbound on his on his

313
00:10:36,320 --> 00:10:40,880
home router

314
00:10:37,360 --> 00:10:42,800
and his smart plug stopped working why

315
00:10:40,880 --> 00:10:44,480
because it had a uvp keep alive beacon

316
00:10:42,800 --> 00:10:46,319
that homed back to shinzon

317
00:10:44,480 --> 00:10:48,560
that said hey i'm still here keep me

318
00:10:46,320 --> 00:10:50,399
alive he's like i don't know what it's

319
00:10:48,560 --> 00:10:52,160
doing or what they're getting from it

320
00:10:50,399 --> 00:10:54,480
but it will not work unless i allow

321
00:10:52,160 --> 00:10:56,560
udp outbound and it's you know there's

322
00:10:54,480 --> 00:10:57,440
just so much in the network that we

323
00:10:56,560 --> 00:11:00,479
don't know about

324
00:10:57,440 --> 00:11:03,200
and i think for not security people

325
00:11:00,480 --> 00:11:04,640
it can be almost overwhelming that was a

326
00:11:03,200 --> 00:11:06,959
really long answer to a very

327
00:11:04,640 --> 00:11:08,319
very short question i apologize you're

328
00:11:06,959 --> 00:11:10,079
you're perfectly fine but what you just

329
00:11:08,320 --> 00:11:10,880
made me think of as a potential attack

330
00:11:10,079 --> 00:11:12,719
if they have an in

331
00:11:10,880 --> 00:11:14,000
a udp based packet coming in with

332
00:11:12,720 --> 00:11:15,760
whatever data that basically

333
00:11:14,000 --> 00:11:17,279
says you're okay to continue running

334
00:11:15,760 --> 00:11:18,240
what would stop someone from sending one

335
00:11:17,279 --> 00:11:21,120
that says you're not

336
00:11:18,240 --> 00:11:22,240
okay to continue running exactly and

337
00:11:21,120 --> 00:11:25,200
then saying that and then

338
00:11:22,240 --> 00:11:25,519
all anyway you know yeah exactly and

339
00:11:25,200 --> 00:11:27,839
that's

340
00:11:25,519 --> 00:11:29,279
but that's you know now if you

341
00:11:27,839 --> 00:11:31,519
extrapolate that out to

342
00:11:29,279 --> 00:11:33,040
manufacturers who use the same you know

343
00:11:31,519 --> 00:11:34,720
if you listen to the talk you'll hear me

344
00:11:33,040 --> 00:11:35,839
say a lot about using certificate based

345
00:11:34,720 --> 00:11:37,760
auth and tls

346
00:11:35,839 --> 00:11:39,440
and that's great except you'll find that

347
00:11:37,760 --> 00:11:40,160
many manufacturers use the same

348
00:11:39,440 --> 00:11:43,519
certificate

349
00:11:40,160 --> 00:11:45,360
for hundreds of thousands of devices and

350
00:11:43,519 --> 00:11:47,120
and they put it in non-protected memory

351
00:11:45,360 --> 00:11:49,680
so i can buy

352
00:11:47,120 --> 00:11:50,959
you know camera a and camera b and steal

353
00:11:49,680 --> 00:11:53,120
the certificate off it

354
00:11:50,959 --> 00:11:57,839
and pretend like camera b is now camera

355
00:11:53,120 --> 00:11:57,839
a and it's virtually indistinguishable

356
00:11:57,920 --> 00:12:02,560
yeah that that uh gives me the warm and

357
00:12:01,200 --> 00:12:03,839
fuzzy i mean we're fine everything's

358
00:12:02,560 --> 00:12:05,439
fine

359
00:12:03,839 --> 00:12:07,680
everything's fine everything's fine it's

360
00:12:05,440 --> 00:12:09,360
fine yeah i think the

361
00:12:07,680 --> 00:12:10,959
the scary thing for me is like the

362
00:12:09,360 --> 00:12:13,200
future in terms of

363
00:12:10,959 --> 00:12:14,239
how much more prevalent iot is going to

364
00:12:13,200 --> 00:12:15,839
become

365
00:12:14,240 --> 00:12:17,040
i mean you look at it now right if we

366
00:12:15,839 --> 00:12:18,160
held we have shoelaces that connect to

367
00:12:17,040 --> 00:12:21,439
the internet at this point

368
00:12:18,160 --> 00:12:22,719
come on what so anywho tracy thank you

369
00:12:21,440 --> 00:12:23,279
very much for your time thank you for

370
00:12:22,720 --> 00:12:24,800
your talk

371
00:12:23,279 --> 00:12:26,959
thank you for hanging out with me here

372
00:12:24,800 --> 00:12:30,479
to do our q a and we're going to

373
00:12:26,959 --> 00:12:30,880
uh kick off now anything you want to end

374
00:12:30,480 --> 00:12:32,160
with

375
00:12:30,880 --> 00:12:33,920
uh if you want to give a shout out to

376
00:12:32,160 --> 00:12:37,040
your conference

377
00:12:33,920 --> 00:12:40,240
oh yeah uh for folks that

378
00:12:37,040 --> 00:12:42,240
have followed me on twitter

379
00:12:40,240 --> 00:12:44,800
that defend con has gone now for three

380
00:12:42,240 --> 00:12:44,800
years we took

381
00:12:45,040 --> 00:12:48,480
2020 we're trying really hopefully in

382
00:12:47,440 --> 00:12:49,959
meet space whenever

383
00:12:48,480 --> 00:12:52,079
everything is over but check us out at

384
00:12:49,959 --> 00:12:53,518
defendcon.org or you can follow us on

385
00:12:52,079 --> 00:12:55,040
twitter at defence

386
00:12:53,519 --> 00:12:56,959
or you can follow me on twitter at

387
00:12:55,040 --> 00:12:57,599
securitychick and you'll get all the

388
00:12:56,959 --> 00:12:59,599
information

389
00:12:57,600 --> 00:13:01,600
on i think a really cool con here up in

390
00:12:59,600 --> 00:13:03,920
seattle which is actually how i met jess

391
00:13:01,600 --> 00:13:05,519
who is part of the cactus con crew so

392
00:13:03,920 --> 00:13:06,000
and i learned about cactus con because

393
00:13:05,519 --> 00:13:08,320
of jess

394
00:13:06,000 --> 00:13:09,360
also jess is a very important staff

395
00:13:08,320 --> 00:13:11,120
member in terms of just general

396
00:13:09,360 --> 00:13:12,160
networking so very cool thank you very

397
00:13:11,120 --> 00:13:16,800
much again

398
00:13:12,160 --> 00:13:16,800
and hey appreciate it thanks for having