Adversary Emulation w/ Carlos Perez - PSW #789
Security Weekly Podcast Network (Audio)
00:00
The Role of HTTP in IoT Devices
An attacker can provision it to connect to a malicious app, right? Over Wi-Fi. Once connected to the malicious app, the controller resolves a domain and connects to over MQTT without any TLS verification. So once you do that, you've got full device. You can tell it to cool, is far as it'll cool, or to turn off in the middle of summer, right? I wonder, you know what would be interesting is if you could plant like a malicious firmware? All of that.
Play episode from 02:43:13
Transcript
