Root Access for Data Control: A DEF CON IoT Village Story

Every year, Rapid7 is a presenter at DEF CON’s IoT Village, sharing in-depth insight and expertise into the hacking of all things Internet of Things. This year, our perennial IoT hacking presenter, Principal Security Researcher, IoT, Deral Heiland, along with Rapid7 pentest team members, showed attendees many methods of extracting firmware from IoT devices and manipulating the systems in the name of control and operations.

Extracting firmware without the use of destructive means can be difficult and in some cases impossible. However, Deral went deep with IoT Village attendees, presenting a live hands-on exercise each attendee in the room could interact with. It was an enlightening and productive presentation. But we are aware not everyone could make it to DEF CON 32 this year.

Which is why we’ve transformed the presentation into a handy whitepaper. Deral has gone step-by-step through the exercise, and even improved upon it in some cases (so even if you were in the room, there’s likely even more for you to get from it). While DEF CON 32 may be firmly in the rear-view mirror, the hacking carries on. And if you missed DEF CON, or Deral’s presentation, you have another chance to learn and take part in the exercise.

To check out the whitepaper, please click here. And if you’d like to learn more about Deral’s previous IoT Village presentations (he’s done a lot of them), many live right here on the blog.