logging in or signing up Dror Crazy toaster Donato Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINTLite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 199 Category: Education License: All Rights Reserved Like it (0) Dislike it (0) Added: April 09, 2008 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript “A Crazy Toaster : Can Home Devices turn against us?”: “A Crazy Toaster : Can Home Devices turn against us?” Dror Shalev SmartDefense Research Center drors@checkpoint.com ClubHack, 9/12/2007, Puna , India India's own International Hackers ConventionAgenda: Agenda Introduction Trust, technology and new privacy issues Overview of home networking and early threats Steps to create a Crazy Toaster Trojan Demonstration Side effect : Windows XP SSDP distributed Dos Side effect Demonstration TODO, Extended ideas iPhone , iToaster & others (ClubHack edition) Respect Q&AIntroduction: Introduction Introduction: IntroductionTrust, technology & privacy issues: Trust, technology & privacy issues Common privacy issues: Technology is about to replace the trust model we use today People get confused between people that know things and machines that know things Do we care if Google machines know that we would like to pay for porn? Does this information can be given to a human? Trust models: Usually we don’t trust a human in 100% to be able to deal with his knowledge about us Should we trust corporations like Google? Should we trust hardware and software vendors?Overview of home networking: Overview of home networking Home networking in Windows XP and in Windows Vista Peer-to-peer networking of PCs, networked appliances and wireless devices UPnP architecture UPnP ,Overview of a distributed, open architecture based on TCP/IP, UDP and HTTP IPv6 – Reintroduce old exploits (land attack MS06-064) Security exploits and early threats Overview of home networking: Overview of home networkingOverview of home networking: Overview of home networking Slide10: Overview of home networkingOverview of home networking: Overview of home networking Wireless Connectivity Wireless Access Point Low-end Appliance VoIP Webpage with virus Cell phone Crazy Toaster Media Center HackerUniversal Plug and Play (UPnP): Universal Plug and Play (UPnP)UPnP, IGDs, SSDP on XP: UPnP, IGDs, SSDP on XPSimple Service Discovery Protocol (SSDP): Simple Service Discovery Protocol (SSDP) On a default XP installation, no support is added for device control, as it would be the case in an installation of UPNP from "Network Services“ Although Microsoft added default support for an "InternetGatewayDevice", that was added to aid leading network hardware manufactures in making UPnP enabled "gateway devices" Desktop Wireless Access PointEarly threats : Early threats Steps to create a Crazy Toaster Trojan: Steps to create a Crazy Toaster Trojan While researching SSDP & UPnP we realized that protocols allow not only routers, media players, servers and other devices to connect seamlessly but also to attackers A scenario of “Crazy Toaster ” , Trojan device , or software with TCP/IP capabilities like Routers , Media Players , Access Points , that join Local area network and become security hazard is possible Steps to create a Crazy Toaster Trojan: Steps to create a Crazy Toaster TrojanSteps to create a Crazy Toaster Trojan: Steps to create a Crazy Toaster TrojanSteps to create a Crazy Toaster Trojan: Steps to create a Crazy Toaster TrojanDemonstration: DemonstrationWindows XP SSDP distributed Dos: Windows XP SSDP distributed DosWindows XP SSDP distributed Dos: Windows XP SSDP distributed Dos Xml Kill Crazy Toaster VictimSide effect Demonstration: Side effect DemonstrationConclusions: ConclusionsTODO, Extended ideas: TODO, Extended ideasiPhone , iToaster & Others : iPhone , iToaster & Others Respect: RespectQ&A: Q&A Q: Why hack a toaster? A: Why not? * Slides ,Toaster and iToaster sources code : http://www.drorshalev.com/dev/upnp/ You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
Dror Crazy toaster Donato Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINTLite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 199 Category: Education License: All Rights Reserved Like it (0) Dislike it (0) Added: April 09, 2008 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript “A Crazy Toaster : Can Home Devices turn against us?”: “A Crazy Toaster : Can Home Devices turn against us?” Dror Shalev SmartDefense Research Center drors@checkpoint.com ClubHack, 9/12/2007, Puna , India India's own International Hackers ConventionAgenda: Agenda Introduction Trust, technology and new privacy issues Overview of home networking and early threats Steps to create a Crazy Toaster Trojan Demonstration Side effect : Windows XP SSDP distributed Dos Side effect Demonstration TODO, Extended ideas iPhone , iToaster & others (ClubHack edition) Respect Q&AIntroduction: Introduction Introduction: IntroductionTrust, technology & privacy issues: Trust, technology & privacy issues Common privacy issues: Technology is about to replace the trust model we use today People get confused between people that know things and machines that know things Do we care if Google machines know that we would like to pay for porn? Does this information can be given to a human? Trust models: Usually we don’t trust a human in 100% to be able to deal with his knowledge about us Should we trust corporations like Google? Should we trust hardware and software vendors?Overview of home networking: Overview of home networking Home networking in Windows XP and in Windows Vista Peer-to-peer networking of PCs, networked appliances and wireless devices UPnP architecture UPnP ,Overview of a distributed, open architecture based on TCP/IP, UDP and HTTP IPv6 – Reintroduce old exploits (land attack MS06-064) Security exploits and early threats Overview of home networking: Overview of home networkingOverview of home networking: Overview of home networking Slide10: Overview of home networkingOverview of home networking: Overview of home networking Wireless Connectivity Wireless Access Point Low-end Appliance VoIP Webpage with virus Cell phone Crazy Toaster Media Center HackerUniversal Plug and Play (UPnP): Universal Plug and Play (UPnP)UPnP, IGDs, SSDP on XP: UPnP, IGDs, SSDP on XPSimple Service Discovery Protocol (SSDP): Simple Service Discovery Protocol (SSDP) On a default XP installation, no support is added for device control, as it would be the case in an installation of UPNP from "Network Services“ Although Microsoft added default support for an "InternetGatewayDevice", that was added to aid leading network hardware manufactures in making UPnP enabled "gateway devices" Desktop Wireless Access PointEarly threats : Early threats Steps to create a Crazy Toaster Trojan: Steps to create a Crazy Toaster Trojan While researching SSDP & UPnP we realized that protocols allow not only routers, media players, servers and other devices to connect seamlessly but also to attackers A scenario of “Crazy Toaster ” , Trojan device , or software with TCP/IP capabilities like Routers , Media Players , Access Points , that join Local area network and become security hazard is possible Steps to create a Crazy Toaster Trojan: Steps to create a Crazy Toaster TrojanSteps to create a Crazy Toaster Trojan: Steps to create a Crazy Toaster TrojanSteps to create a Crazy Toaster Trojan: Steps to create a Crazy Toaster TrojanDemonstration: DemonstrationWindows XP SSDP distributed Dos: Windows XP SSDP distributed DosWindows XP SSDP distributed Dos: Windows XP SSDP distributed Dos Xml Kill Crazy Toaster VictimSide effect Demonstration: Side effect DemonstrationConclusions: ConclusionsTODO, Extended ideas: TODO, Extended ideasiPhone , iToaster & Others : iPhone , iToaster & Others Respect: RespectQ&A: Q&A Q: Why hack a toaster? A: Why not? * Slides ,Toaster and iToaster sources code : http://www.drorshalev.com/dev/upnp/