Hack all the things at IoT Village!
IoT Village advocates for advancing security in the Internet of Things (IoT) industry through bringing researchers and industry together. IoT Village hosts talks by expert security researchers, interactive hacking labs, live bug hunting in the latest IoT tech, and competitive IoT hacking contests. Over the years IoT Village has served as a platform to showcase and uncover hundreds of new vulnerabilities, giving attendees the opportunity to learn about the most innovative techniques to both hack and secure IoT. IoT Village is organized by security consulting and research firm, Independent Security Evaluators (ISE), and the non-profit organization, Village Idiot Labs (VIL).
IoT Village's contests are brought to you by SOHOpelessly Broken™, the first-ever router hacking contest at DEF CON. The ISE research that inspired the SOHOpelessly Broken™ contests delivered 56 CVEs to the infosec community. Over the years at DEF CON, IoT Village has served as the platform to showcase and uncover hundreds of new vulnerabilities in connected devices.
Follow both ISE (@ISEsecurity) and IoT Village (@IoTvillage) on Twitter for updates on talks, contests, and giveaways.
Want to help, get updates, or just show your interest?
Get InvolvedIoT Village attended DEF CON Safe Mode, the first ever virtual DEF CON. From August 7-9, we hosted hands-on labs, contests, and presentations that you would find at the physical IoT Village, and with similar access to discussions and networking opportunities. Check out our schedule for links to our DEF CON presentations.
Follow both IoT Village (@IoTvillage) and Village ID/IOT Labs (@VillageIDIOTLab) on Twitter for future updates on talks, contests, and giveaways.
Event | Activities | Date | |
---|---|---|---|
HITB+ CyberWeek (Virtual) | Labs, CTF and Presentations | November 18-19, 2020 (9am-1pm EDT) | |
CIA CON (Virtual) India | Labs and Pre-Recorded Presentation (Time TBD) | December 6, 2020 | |
Cyphercon 4.0 Milwaukee, WI | Village CTF | POSTPONED | |
BSidesCharm Maryland | Village CTF + Labs | POSTPONED | |
BSidesDC DC | Village CTF + Labs | POSTPONED |
Event | Partner | Date | |
---|---|---|---|
Hackfest | Village Idiot Labs | November 20-21, 2020 | |
BSides Vancouver | Village Idiot Labs | POSTPONED | |
AtlSecCon | Village Idiot Labs | POSTPONED | |
BSides Edmonton | Village Idiot Labs | POSTPONED | |
BSides Ottawa | Village Idiot Labs | POSTPONED |
Event | Partner | Date | |
---|---|---|---|
Grayhat Virtual | Presentations + Village CTF + Labs | October 29-31, 2020 10-8PM EDT | |
ArcticCon ArcticCon Virtual Conference Platform | Village CTF + Labs | October 29, 2020 | |
BSidesSF San Francisco, CA | Labs | February 23-24, 2020 | |
RSAC San Francisco, CA | IoT Sandbox | February 26-27, 2020 | |
DEF CON 28 Las Vegas, NV | Village Talks + Labs + Contests | August 7-9, 2020 | |
ExploitCon Spokane Virtual | Village Labs + Discord | September 9, 2020 | |
ExploitCon Portland Portland (Virtual) | Village Labs + Discord | September 23, 2020 |
= Presentation | = workshop | = Talk
Topic | Presenter | Time | |
---|---|---|---|
The Hand that Rocks the Cradle: Hacking IoT Baby Monitors | Mark Stanislav | 10:00 am | |
"These are a few of our favorite (hardware) things" | Hugo Fiennes,Tom Byrne, Gino Miglio, and Zandr Milewski | 02:00 pm | |
Security of Wireless Home Automation Systems - A World Beside TCP/IP | Tobias Zillner & Sebastian Strobl slides | 04:00 pm |
Topic | Presenter | Time | |
---|---|---|---|
Hacking You Fat: The FitBit Aria | Ken Munro & David Lodge | 10:00 am | |
Hacking Satellite TV Receivers | Sofiane Talmat | 02:00 pm | |
Practical IoT Exploitation Workshop (MIPS/ARM) | Lyon Yang slides | 04:00 pm |
Topic | Presenter | Time | |
---|---|---|---|
Pwning IoT with Hardware Attacks | Chase Schultz slides | 10:00 am | |
SWEET SECURITY - Creating a Defensive Raspberry Pi | Travis Smith slides | 11:30 am |
At Village Talks Room
Topic | Presenter | Time | |
---|---|---|---|
Cameras, Thermostats, and Home Automation Controllers - Hacking 14 IoT Devices | Wesley Wineberg slides | Friday @ 12:00 pm | |
Yes, You Can Walk on Water: Application & Product Security on a Startup Budget | Brian Knopf | Friday @ 05:00 pm | |
A Surface Area Approach to Pen-testing the IoT | Daniel Miessler slides | Saturday @ 12:00 pm | |
Securing the IoT World | Aaron Guzman slides | Saturday @ 05:00 pm | |
Smart Home Invasion | Craig Young slides | Sunday @ 10:00 am |
Bronze room 4 & 3
= Presentation | = workshop | = Talk
Topic | Presenter | Time | |
---|---|---|---|
Exploiting a Smart Fridge: a Case Study in Kinetic Cyber | Kevin Cooper | 10:10 am | |
KEYNOTE | Paul Dant | 11:30 am | |
FCC 5G/IoT Security Policy Objectives | Rear Admiral (ret.) David Simpson, FCC, Bureau Chief | 12:10 pm | |
Picking Bluetooth Low Energy Locks from a Quarter Mile Away | Anthony Rose | 2:00 pm | |
Live Drone RF Reverse Engineering | Marc Newlin, Matt Knight, Bastille Networks | 5:00 pm |
Topic | Presenter | Time | |
---|---|---|---|
Hot Wheels: Hacking Electronic Wheelchairs | Stephen Chavez and Specter | 10:10 am | |
How the Smart-City becomes Stupid | Denis Makrushin, Vladimir Daschenko, Kaspersky Lab | 12:10 pm | |
Internet of Thieves (or DIY Persistence) | Joseph Needleman | 3:30 pm | |
Thermostat Ransomware and Workshop | Ken Munro, Pen Test Partners | 5:00 pm |
Topic | Presenter | Time | |
---|---|---|---|
0-day Hunting | Elvis Collado | 10:00 am |
Village Talks in Bronze Room 1
Topic | Presenter | Time | |
---|---|---|---|
Sense & Avoid: Some laws to know before you break IoT | Elizabeth Wharton | Friday @ 1:00 pm | |
BtleJuice: the Bluetooth Smart Man In The Middle Framework | Damien Cauquil, Digital Security (CERT-UBIK), Senior Security Researcher | Friday @ 3:00 pm | |
Is Your Internet Light On? Protecting Consumers in the Age of Connected Everything | Terrell McSweeny, Federal Trade Commission, Commissioner | Friday @ 4:00 pm | |
SNMP and IoT Devices: Let me Manage that for you Bro! | Bertin Bervis | Saturday @ 1:00 pm | |
Reversing and Exploiting Embedded Devices | Elvis Collado, Praetorian, Senior Security Researcher | Saturday @ 3:00 pm | |
Tranewreck | Jeff Kitson, Trustwave SpiderLabs, Security Researcher | Saturday @ 4:00 pm | |
IoT Defenses - Software, Hardware, Wireless and Cloud | Aaron Guzman, Principal Penetration Tester | Sunday @ 11:00 am |
= Presentation | = workshop
Topic | Presenter | Time | |
---|---|---|---|
Inside the IV Pump, not too much medication por favor! | Dan Regalado @Danuxx slides | 10:00 am - 10:50 am | |
IoT Village Keynote - Friends, Not Foes: Rethinking the Researcher-Vendor Relationship | Rick Ramgattie @RRamgattie slides | 11:30 am - 12:00 pm | |
Hide Yo Keys, Hide Yo Car - Remotely Exploiting Connected Vehicle APIs and Apps | Aaron Guzman slides | 1:00 pm - 1:50 pm | |
Pwning the Industrial IoT: RCEs and backdoors are around! | Vladimir Dashchenko @raka_baraka & Sergey Temnikov slides | 2:40 pm - 3:30 pm | |
IoT - the gift that keeps on giving | Alex "Jay" Balan @Jaymzu slides | 4:10 pm - 5:00 pm | |
101 hardware hacking workshop | Ken Munro @TheKenMunroShow | 5:40 pm - 7:00 pm |
Topic | Presenter | Time | |
---|---|---|---|
From DVR worms, to fridges, via dildos, the sins of the IoT in 50 minutes | Andrew Tierney @cybergibbons & Ken Munro @TheKenMunroShow | 10:00 am - 10:50 am | |
IoT updates to help protect consumers | Aaron Alva @aalvatar & Mark Eichorn of the FTC | 11:30 am - 12:00 pm | |
The Internet of Vulnerabilities | Deral Heiland @percent_x slides | 1:00 pm - 1:50 pm | |
IIDS: An Intrusion Detection System for IoT | Vivek Ramachandran @securitytube, Nishant Sharma, and Ashish Bhangale | 2:40 pm - 3:30 pm | |
Redesigning PKI for IoT because Crypto is Hard | Brian Knopf @DoYouQA slides | 4:10 pm - 5:00 pm | |
Manufactures Panel | TBA | 5:40 pm - 6:30 pm |
Topic | Presenter | Time | |
---|---|---|---|
Intelligent Misusers: A Case for Adversarial Modelling on IoT Devices | Pishu Mahtani @pishumahtani | 10:00 am - 10:30 am | |
*bonus* | From FAR and NEAR: Exploiting Overflows on Windows 3.x | Jacob Thompson @isesecurity | 11:00 am - 11:30 am |
= Presentation | = workshop
Topic | Presenter | Time | |
---|---|---|---|
Internet of Medicine : The ultimate key to Rooting the human being | Veronica Schmitt @Po1Zon_P1x13 | 10:15 am - 11:00 am | |
IoT Village Keynote - Tales of a SOHOpeful Journey: Where our Research Started and Where it's Going | Rick Ramgattie @RRamgattie and Jacob Holcomb @rootHak42 | 11:30 am - 12:00 pm | |
NEST: Securing the Home | Matt Mahler and Kat Mansourimoaied | 12:30 pm - 1:00 pm | |
Exploiting the IoT hub : What happened to my home? | Hwiwon Lee and Changhyun Park | 1:15 pm - 2:00 pm | |
Internet of Laws: Navigating to IoT Hacking Legal Landscape | Amit Elazari @amitelazari & Jamie Williams @jamieleewi | 2:30 pm - 3:15 pm | |
The Sound of a Targeted Attack: Attacking IoT Speakers | Stephen Hilt @sjhilt | 3:45 pm - 4:30 pm | |
I'm the One Who Doesn't Knock: Unlocking Doors from the Network | David Tomaschik @Matir | 4:45 pm - 5:30 pm |
Topic | Presenter | Time | |
---|---|---|---|
FPGA’s: a new attack surface for embedded adversaries. | John Dunlap @JohnDunlap2 | 10:15 am - 11:00 am | |
Your Smart Scale is Leaking More than Your Weight | Erez Yalon @ErezYalon | 11:15 am - 12:00 pm | |
Panel Q&A – IoT Manufacturers: Answers on Security Straight from the Source | Panel | 12:30 pm - 1:00 pm | |
Worms that fight back: Nematodes as an antidote for IoT malware | Matt Wixey @darkartlab | 1:15 pm - 2:00 pm | |
Attacking Commercial Smart Irrigation Systems | Ben Nassi @ben_nassi | 2:30 pm - 3:15 pm | |
How-to modify ARM Cortex-M based firmware: A step-by-step approach for Xiaomi devices | Dennis Giese | 3:45 pm - 4:30 pm | |
Hacking U-Boot | Srinivas Rao @srini0x00 and Abhijeth D @abhijeth | 4:45 pm - 5:30 pm |
Eldorado Ballroom in the Flamingo!
9th-11th Open from 9:30 AM!
= Presentation | = Lab | = Contest
Topic | Presenter | Time | |
---|---|---|---|
Hacking the Zyxel NAS 326 from the Perspective of a n00b | Maxwell Dulin | 10:15 am - 11:00 am | |
Mixing industrial protocols with web application security flaws in order to exploit OT devices in the internet | Bertin Bervis @bertinjoseb | 11:30 am - 12:00 pm | |
IoT Security and Manufacturers Panel with Q&A | Jun Du - Zingbox, Hagai Shapira - Securing Sam, Ankur Chakraborty - Google Nest, Ben Seri - Armis |
12:15 pm - 1:00 pm | |
H(ACK)DMI: PWNING HDMI FOR FUN AND PROFIT | Hyejin Jeong @moraeh23 & Jeonghoon Shin @singi21a |
1:15 pm - 2:00 pm | |
Greenwaves and Ham | Elvis Collado @b1ack0wl | 2:15 pm - 3:00 pm | |
Get your next roadtrip for free! Long live the vulnerable EV charging points! | M. Can Kurnaz @0x43414e | 3:15 pm - 4:00 pm | |
Spy vs. Spy - who's watching who? | Michael Raggo @mikeraggo & Chet Hosmer @chethosmer |
4:15 pm - 5:00 pm |
Hacktivity | Presented by | Time | |
---|---|---|---|
SOHOpelesslybroken IoT Village CTF | ISE @ISEsecurity | All CON | |
IoT Hacking 101 | Village IDIOT Labs @VillageIDIOTLab | All CON | |
ATM CTF | Redballoon Security @redballoonsec & @SoSogun3 & @TreyKeown & @im_eningeer |
All CON | |
Red Balloon Security & AFRL CTF | Redballoon Security @redballoonsec & @GriffissInst & @AFResearchLab |
All CON | |
Black Hills IoT Hacking Labs | Rick Wisser @RJWisser & Joe Lillo @joe_lillo of Black Hills Information Security @BHinfoSecurity |
All CON | |
Rapid7 IoT Hacking Labs | Deral Heiland @Percent_X & Carlota (Franz) Bindner of Rapid7 @rapid7 |
10am - 4pm Friday & Saturday | |
Live Bug Hunting | Devices from manufactures in smart home tech, personal mobility, medical, and home appliances. | All CON |
= Presentation | = Lab | = Contest
Time (EDT/GMT-4) | Topic | Presenter | |
---|---|---|---|
Watch Presentation | 6:00 pm - 6:25 pm | Flipper Zero — multi-tool device for hackers in a Tamagotchi body | Pavel Zhovner @zhovner |
Watch Presentation | 6:30 pm - 6:55 pm | Hacking Reimaged Retro Computers | David Lodge @tautology0 |
Watch Presentation | 7:00 pm - 7:45 pm | A Look at IoT Device Inter-chip Communication Analysis | Deral Heiland @percent_x |
Watch Presentation | 7:50 pm - 8:15 pm | Identification of the CABLEHAUNT eCos Bug Using GHIDRA | Peter Eacmen @eacmen |
Watch Presentation | 8:20 pm - 9:05 pm | The Evolving Security Policy Landscape and How it Impacts You | Amit Elazari @amitelazari |
Watch Presentation | 9:10 pm - 9:35 pm | Do You Even Segment Your IoT Network Bro? - The Sad State of Network Segmentation in Enterprise Networks | Arun Raghuramu @finalfr0ntier |
6:00 pm - 10:00 pm | IoT Hands-on labs |
Time (EDT/GMT-4) | Topic | Presenter | |
---|---|---|---|
Watch Presentation | 6:00 pm - 6:45 pm | Effects of IoT on corporate security during work from home | Panel |
Watch Presentation | 6:50 pm - 7:35 pm | Emulating IoT Malware and Firmware with Docker+QEMU | Ilya @drablyechos |
Watch Presentation | 7:40 pm - 8:05 pm | SCADA/ICS Inherited Insecurity: From Nuclear Power Plants to Oil Rigs | Aleksander Gorkowienko |
Watch Presentation | 8:10 pm - 8:35 pm | The Great Hotel Hack: Adventures in Attacking Hospitality Industry | Etizaz Mohsin @aitezazmohsin |
Watch Presentation | 8:40 pm - 9:05 pm | Power Line Communication Security on Smart Meters | Fatih Kayran @kayranfatih |
Watch Presentation | 9:10 pm - 9:50 pm | SYNwall - A Zero-configuration (IoT) Firewall | Cesare Pizzi @red5heep |
6:00 pm - 10:00 pm | IoT Hands-on labs |
Time (EDT/GMT-4) | Topic | Presenter | |
---|---|---|---|
10:00 am - 5:00 pm | IoT (soho) CTF | IoT Village <3 join the discord | |
10:00 am - 5:00 pm | IoT Hands-on labs | Village Idiot Labs | |
1:00 pm - 5:00 pm | THREAT SIMS CTF | Threat Simulations |
= Presentation | = Lab | = Contest
Time (PDT/GMT-7) | Topic | Presenter | |
---|---|---|---|
Friday & Saturday 10am - 5pm, Sunday 10am - 2pm |
IoT (soho) CTF | IoT Village | |
Friday & Saturday 10am - 5pm, Sunday 10am - 2pm |
IoT Hands-on labs | Village Idiot Labs |
We at IoT Village want you to join us at Grayhat October 29-31
Submissions are now closed and we are finalizing the talk schedule - talks will include:
We encourage coordinated disclosure.
The so-called Internet of Things (IoT) is undergoing massive adoption. From locks and thermostats to televisions and refrigerators, many devices that have traditionally delivered analog functionality are rapidly gaining Wi-Fi connectivity and connecting to cloud-based, command-and-control centers for remote control and monitoring functionality. Some of these devices are built with security in mind, while others are simply analog devices with communication capabilities slapped on. The security and privacy implications introduced by any security vulnerabilities in these connected devices are tremendous.
To be at the forefront of addressing and minimizing these issues, we organized the first-ever IoT hacking village at DEF CON 23. That was a follow-up to the massively popular SOHOpelessly Broken™ router hacking contest, which debuted at DEF CON 22 and contributed 15 new 0-day discoveries to the research community, we hope to educate participants and the community about security vulnerabilities in these widely deployed devices and, in turn, shift toward better security in the IoT category.
In this 3 time DEF CON Black Badge CTF, players compete against one another by exploiting off-the-shelf IoT devices. These 20+ devices all have known vulnerabilities, but to successfully exploit these devices requires lateral thinking, knowledge of networking, and competency in exploit development. Exploit as many as you can during the con and the top three teams will be rewarded.
Prizes generously provided by eLearnSecurity
1st – 1 Full Pentesting Training Path includes 1 Pen Testing Student (PTS) Elite Edition, 1 Pen Testing Professional (PTP) Elite Edition and 1 Pen Testing eXtreme (PTX) Elite Edition (Value = $4100)
2nd Place – 1 Pentesting Training Package to include 1 Pen Testing Student (PTS) Elite Edition and 1 Pen Testing Professional (PTP) Elite Edition (Value = $2100)
3rd Place – 1 Pen Testing Student (PTS) Elite Edition (Value = $500)
We put on multiple events throughout the year, and you can be part of them! We have thousands of attendees and always make a big splash. Focusing on brand exposure, community engagement, press, parties, and thought-leadership, we seek to provide a VIP-sponsorship experience for our partners. Email us at [email protected] to request a sponsorship pack and see how you can get involved.