Organized by security consulting and research firm Independent Security Evaluators (ISE), IoT Village delivers advocacy for and expertise on security advancements in Internet of Things devices. IoT Village hosts talks by expert security researchers who dissect real-world exploits and vulnerabilities and hacking contests consisting of off-the-shelf IoT devices.

IoT Village's contests are brought to you by SOHOpelessly Broken™, the first-ever router hacking contest at DEF CON. The ISE research that inspired the SOHOpelessly Broken™ contests delivered 56 CVEs to the infosec community. Over the years at DEF CON, IoT Village has served as the platform to showcase and uncover 278 new vulnerabilities in connected devices.

Follow both ISE (@ISEsecurity) and IoT Village (@IoTvillage) on Twitter for updates on talks, contests, and giveaways.

Want to help, get updates or just show your interest?

Get Involved

Upcoming Event Schedule

= Village and/or Contest Appearances =

Event Activities Date
CypherCon Milwaukee, WI Village CTF April 12-13, 2018
BSidesSF San Francisco, CA Village CTF April 15-16, 2018
RSAC San Francisco, CA IoT Sandbox April 18-20, 2018
BSidesCharm Maryland Village CTF April 28-29, 2018
HackerLab Engine-4 Bayamón, Puerto Rico CTF Training June 9, 2018
Shakacon Honolulu, HI Village Talks & Contests July 11-12, 2018
DEF CON Caesar's Las Vegas, NV Village Talks & Contests August 10-12, 2018
ToorCon at The Westin San Diego, CA Village CTF September 14-16, 2018
DerbyCon 7.0 Louisville Kentucky Village CTF October 5-7, 2018
BSidesDC at the Renaissance in DC Village CTF October 26-28, 2018
Hackfest at Hôtel Plaza Québec in Sainte-Foy Partner Village November 2-3, 2018
BSides Ottawa at the Brookstreet Hotel Partner Village November 8-9, 2018
HITB Dubai Village CTF November 25-28, 2018

DEF CON 26 2018

= Presentations & Workshops =

= Presentation | = workshop

Friday, August 10, 2018

Topic Presenter Time
Internet of Medicine : The ultimate key to Rooting the human being Veronica Schmitt @Po1Zon_P1x13 10:15 am - 11:00 am
IoT Village Keynote - Tales of a SOHOpeful Journey: Where our Research Started and Where it's Going Rick Ramgattie @RRamgattie and Jacob Holcomb @rootHak42 11:30 am - 12:00 pm
NEST: Securing the Home Matt Mahler and Kat Mansourimoaied 12:30 pm - 1:00 pm
Exploiting the IoT hub : What happened to my home? Hwiwon Lee and Changhyun Park 1:15 pm - 2:00 pm
Internet of Laws: Navigating to IoT Hacking Legal Landscape Amit Elazari @amitelazari & Jamie Williams @jamieleewi 2:30 pm - 3:15 pm
The Sound of a Targeted Attack: Attacking IoT Speakers Stephen Hilt @sjhilt 3:45 pm - 4:30 pm
I'm the One Who Doesn't Knock: Unlocking Doors from the Network David Tomaschik @Matir 4:45 pm - 5:30 pm

Saturday, August 11th, 2018

Topic Presenter Time
FPGA’s: a new attack surface for embedded adversaries. John Dunlap @JohnDunlap2 10:15 am - 11:00 am
Your Smart Scale is Leaking More than Your Weight Erez Yalon @ErezYalon 11:15 am - 12:00 pm
Panel Q&A – IoT Manufacturers: Answers on Security Straight from the Source Panel 12:30 pm - 1:00 pm
Worms that fight back: Nematodes as an antidote for IoT malware Matt Wixey @darkartlab 1:15 pm - 2:00 pm
Attacking Commercial Smart Irrigation Systems Ben Nassi @ben_nassi 2:30 pm - 3:15 pm
How-to modify ARM Cortex-M based firmware: A step-by-step approach for Xiaomi devices Dennis Giese 3:45 pm - 4:30 pm
Hacking U-Boot Srinivas Rao @srini0x00 and Abhijeth D @abhijeth 4:45 pm - 5:30 pm


Call for papers for IoT Village™ is now open! All talks related to IoT security issues are welcome, with special emphasis on any of the following topics:

  • Internet of Things - Show us how secure (or insecure) IP-enabled embedded systems are. Routers, network storage systems, cameras, HVAC systems, refrigerators, medical devices, smart cars, smart home technology, and TVs. If it is IP enabled, we're interested.

  • Vulnerabilities and Remediation - Show us the what 0-days, exploits, or vulnerabilities you’ve found in an IoT device and then how the security flaw can be fixed. It great to pull off a hack, but how do we fix it going forward.

  • Demonstrable Research - Present attacks that result in mechanical operation of the device's physical functionality. Can you make the device move, smoke, light up, emit sound, manipulate a screen readout, or any other visibly evident manifestation of the exploit?

  • Healthcare & IoT - Demonstrate or discuss how IoT devices are impacting the realm of healthcare, including but not limited to patient health and hospital security. Travel, Hospitality, and IoT - Analyze how IoT is impacting the travel & hospitality industry, guest safety, and the connected hotel room.

  • IoT Device Management – Discuss best practices for deploying and building security into IoT devices.

We encourage responsible disclosure.

Submit Here


Note: If chosen, the speaker will be responsible for all costs including travel and lodging. DEF CON badges will be given to CFP submission speakers (first come first serve).


The so-called Internet of Things (IoT) is undergoing massive adoption. From locks and thermostats to televisions and refrigerators, many devices that have traditionally delivered analog functionality are rapidly gaining Wi-Fi connectivity and connecting to cloud-based, command-and-control centers for remote control and monitoring functionality. Some of these devices are built with security in mind, while others are simply analog devices with communication capabilities slapped on. The security and privacy implications introduced by any security vulnerabilities in these connected devices are tremendous.

To be at the forefront of addressing and minimizing these issues, we organized the first-ever IoT hacking village at DEF CON 23. That was a follow-up to the massively popular SOHOpelessly Broken™ router hacking contest, which debuted at DEF CON 22 and contributed 15 new 0-day discoveries to the research community, we hope to educate participants and the community about security vulnerabilities in these widely deployed devices and, in turn, shift toward better security in the IoT category.

Responsive image


= Zero-Day Track =

The Zero-Day track is focused on the discovery and demonstration of new exploits (0-day vulnerabilities). This track relies on the judging of newly discovered attacks against embedded electronic devices. Devices that are eligible for the contest can be found here and you can start submitting entries now! The winners who score the highest on their judged entries will be rewarded with cash prizes.


Contestants will need to contact us and be directed on the best method for disclosure.

= CTF Track =

A DEFCON 24 Black Badge ctf, players compete against one another by exploiting off-the-shelf IoT devices. These 15+ devices all have known vulnerabilities, but to successfully exploit these devices requires lateral thinking, knowledge of networking, and competency in exploit development. CTFs are a great experience to learn more about security and test your skills, so join up in a team (or even by yourself) and compete for fun and prizes! Exploit as many as you can over the weekend and the top three teams will be rewarded.


Get Connected



Thank you to our sponsors

We put on multiple events throughout the year, and you can be part of them! We have thousands of attendees and always make a big splash. Focusing on brand exposure, community engagement, press, parties, and thought-leadership, we seek to provide a VIP-sponsorship experience for our partners. Email us at contact@securityevaluators.com to request a sponsorship pack and see how you can get involved.

= Organizer =