Friday 7 October 09:30 - 10:00, Red roomGeorge Cabau (Bitdefender)
Radu Basaraba (Bitdefender)
Dragos Gavrilut (Bitdefender)
Ciprian Oprisa (Bitdefender)The world of IoTs has grown enough in the last year to be considered a possible a field where security will represent a concern in the near feature. While many IoT producers decided to focus on a very specific aspect (such as creating a smart watch, a smart LED, a smart car, etc.), some of them chose to be involved in producing IoT devices that could, in theory, be used with many other already existing (non-smart) devices.The most well known from the latter category are power outlets. Even if their functionality is quite simple (basically allowing one to start or stop the power remotely), the security concerns around them are significant. For one, the basic idea in these cases is to be able to control the power for your devices remotely. Remotely in this context often means being able to control the device from an Internet server and not from within your own intranet. Secondly, most of these devices market themselves as being able to conserve energy by shutting themselves down when the device that they are powering no longer needs to run. Because of this, it's likely that in the near future such devices will have a broader use (not only in the consumer market but in industry as well).This paper presents research done on 10 different smart outlets emphasizing their vulnerabilities, different attack vectors that can be used to control them and also different aspects related to their Internet connection that a hacker might exploit. Last but not least, we will discuss possible situations where using an insecure outlet can have serious consequences in different industries (medical, administration, etc.) and the need for responsible disclosure to mitigate these cases.Click here for more details about the conference.