COMMSEC: The Sound of a Targeted Attack: Attacking IoT Speakers


IoT connected devices are being released at a staggering rate. According to Gartner it’s speculated that by the end of 2018, there will be 11.2 billion IoT devices currently connected at any given time. A large part of that connected ecosystem includes wireless speaker systems created by some of the largest manufacturers around the globe

Looking closer at Sonos and Bose wireless speaker systems, this research looks to find flaws in these common household devices. This research analyzes the default configuration flaws of the devices, open diagnostic tool availability, API flaws, and more. Additionally, this research will cover the easiness of physically locating where these devices are used (and who is using them). Then move into deep dives in the firmware and hardware will help attendees understand the nuances between IoT speaker devices and the wider IoT environment as a whole.

While this talk will focus on two IoT speaker systems, the issues here persist into other IoT devices. Attendees should learn about IoT speakers and how they function, why even after reporting issues things will go un-resolved and remain un-secure, and what we can do about it to help reduce the risk of these devices.

Location: Track 4 / CommSec Date: April 12, 2018 Time: 6:00 pm - 6:30 pm Stephen Hilt