Thursday 25 September 11:30 - 12:00, Green room.David Jacoby Kaspersky Lab In the IT security industry, we are at the moment releasing articles about how hackers and researchers find vulnerabilities in, for example, cars, refrigerators, hotels and home alarm systems. All of these things go under the term 'IoT' ('Internet of Things'), and it is one of the most hyped topics in the industry. The only problem with this kind of research is that we cannot really relate to all of it. I decided to conduct some research of my own, trying to identify how easy it would be to hack my own home. What can the attacker actually do if these devices are compromised? Is my home 'hackable'? Before I started my research I was fairly sure that my home was pretty secure, I mean, I've been working in the security industry for over 15 years, and I'm quite paranoid when it comes to applying security patches. It turned out I was wrong, and that I had a lot of devices connected to my network. Just imagine a scenario where you notice that you have been compromised, you do everything that's written in the book to bring things back to normal again, you do a backup of your data, reinstall your devices and make sure that the new installation has protection against malicious code, all updates are installed, but then six months later, you get compromised again, and all your new data is stolen. An attacker might have compromised your network storage device and turned it into a backdoor - which is undetected and unfixable unless you replace the entire device. This is what I tried to achieve in my research. Several '0-day' vulnerabilities were discovered in my devices, which allowed me to obtain unauthorized access to all my files, obtain administrative access on most of the devices, and also install backdoors on the devices, transforming them into zombies in botnets. Even some 'hidden' features were identified in my DLS router, allowing someone to actually take control of my device. The only question left is, who is that 'someone' and how do they get access to my device? (All vulnerabilities have been reported to the vendors, and who are currently working on fixing these vulnerabilities. This research is 100% fresh, and was only finalized very recently!) Click here for more details about the conference.