DEF CON 32

August 9-11, 2024

Caesars Forum
Las Vegas, Nevada

Activities | Talks | Sponsors

Activities

DEF CON 32

Hardware Hacking Contest

In this brand new challenge, participants put their hardware hacking experience to the test by going head to head with other hackers. Participants will be provided all the tooling necessary to get a root shell on an IoT device. Whoever roots the device in the shortest time wins!

Hacking Workshops by Kody K

Please note all workshop items will be delivered to you at DEF CON at the start of your workshop(s).
Class Cost Day Time Duration Purchase Materials
IoT Cat Lamp

Want to create a cute, squishy, Wi-Fi controllable LED cat lamp? In this workshop, we'll create a cute cat lamp featuring programmable IoT LED's, giving it custom light animations and Wi-Fi control! Your adorable cat lamp can be controlled over Wi-Fi with WLED, allowing you to control it with home automation software. You will create open source, Wi-Fi controlled LED art; learn basic soldering; and take home the remote-controlled Pusheen lamp of your dreams.

$40 Friday 10:15 AM 90 Minutes
Learn Beginner Soldering With the Meow Mixer Badge

In this class, we solder together a light-up, cat-themed badge that teaches a simple RGB tuning circuit. By turning the red, green, or blue knobs, you can adjust the color of the cat’s eyes. Perfect for beginners and soldering experts wanting to make a fun and cute badge.

$25 Friday 12:00 PM 90 Minutes
Solder your own cat shaped WiFi Haking tool

Test out your through-hole and surface mount soldering skills to create your own open-source, cat-themed hacking tool! The WiFi nugget is a microcontroller-powered WiFi hacking device you will then flash with a suite of WiFi tools to get started with offensive and defensive WiFi security techniques.

$70 Friday 2:00 PM 120 Minutes
Meshtastic Meetup

Come learn about Meshtastic, the long-range, low-power, encrypted off-grid messaging protocol. We'll be setting up our Meshtastic Nuggets, going over the setup options, and exploring the advanced options that make Meshtastic more useful. We'll cover setting encryption, choosing a device role, and connecting over serial, web, and bluetooth. We'll also look at some of the optional modules, like broadcasting sensor telemetry data or adding a GPS.

$90 Friday 4:30 PM 120 Minutes
Learn BadUSB Hacking With the USB Nugget

In this workshop, you’ll learn to write BadUSB scripts to hack computers using a cute, cat-shaped hacking tool called the USB Nugget. You’ll learn to write scripts to get computers of any operating system to do your bidding in seconds, and also how to automate nearly any desired action remotely. If you want to learn scripting like the USB Rubber Ducky, but with a Wi-Fi interface and more, this workshop is for you! A computer with Google Chrome is required for this workshop.

$70 Saturday 10:15 AM 120 Minutes
LoRa for Hackers : Long Range Hacking for Beginners With CircuitPython

LoRa is an exciting new technology renowned for its low cost and long range, making it popular for hackers and makers. In this workshop, you’ll learn to program a LoRa radio with CircuitPython to create long-range hacking tools and blinky prototypes which can communicate off-grid from over a mile away! The workshop will cover remotely triggered BadUSB devices, LED controllers, sensor monitors, and more! A computer with Google Chrome is required for this workshop.

$105 Saturday 12:00 PM 120 Minutes
Wi-Fi Hacking Self Defense: Four Advanced Techniques and How to Stop Them

This workshop offers hands-on instruction using a unique, cat-shaped Wi-Fi hacking microcontroller. Designed to engage participants in practical learning, the workshop will cover essential skills for defending against four common Wi-Fi attacks. Participants will explore topics like detecting Wi-Fi leaks, the risks of QR codes leading to hidden networks, spotting phishing networks, and defending against advanced Wi-Fi karma attacks. The cat-shaped Wi-Fi Nugget is a powerful tool for understanding and fighting back against Wi-Fi hacking. This workshop is suitable for Wi-Fi hacking experts and those just getting started. A computer with a Chrome-based browser is required for this workshop.

$70 Saturday 2:15 PM 120 Minutes
Meshtastic Meetup

Come learn about Meshtastic, the long-range, low-power, encrypted off-grid messaging protocol. We'll be setting up our Meshtastic Nuggets, going over the setup options, and exploring the advanced options that make Meshtastic more useful. We'll cover setting encryption, choosing a device role, and connecting over serial, web, and bluetooth. We'll also look at some of the optional modules, like broadcasting sensor telemetry data or adding a GPS.

$90 Saturday 4:30 PM 120 Minutes
Wi-Fi Hacker Hunting

Become a Wi-Fi investigator: Uncover Hidden Wi-Fi Cameras, network Intruders, and more with the Wi-Fi Nugget. In this workshop, we'll use a cute, cat-shaped microcontroller board to catch hackers using well-known hacking tools like a Wi-Fi Pineapple, hunt down suspicious Wi-Fi devices like hidden cameras, and detect jamming attacks. We’ll explore how low-cost microcontrollers can be used to unmask and track down Wi-Fi hacking tools, or locate unwanted devices on your local network.

$70 Sunday 10:15 AM 90 Minutes
IoT Cat Lamp

Want to create a cute, squishy, Wi-Fi controllable LED cat lamp? In this workshop, we'll create a cute cat lamp featuring programmable IoT LED's, giving it custom light animations and Wi-Fi control! Your adorable cat lamp can be controlled over Wi-Fi with WLED, allowing you to control it with home automation software. You will create open source, Wi-Fi controlled LED art; learn basic soldering; and take home the remote-controlled Pusheen lamp of your dreams.

$40 Sunday 12:00 PM 90 Minutes

Cover and Title Reveal

Join IoT Village at 3:30 pm for the reveal of our second book! the first 50 attendess will be receiving an exclusive t-shirt.

Book Signing of Hackable with Ted Harrington

Immediately following the book 2 cover reveal.

Living off the Land inside your WiFi : Exploring and Exploiting Access Points and Routers

Join Drew Green, John Rodriguez, and Ken Pyle for a deep dive into identifying vulnerabilities in network devices. Explore and exploit weaknesses in a wireless mesh network and learn how advanced threats view your infrastructure.

IoT Village Hacking Playground

The IoT Village Hacking Playground is a set of hands-on labs developed to teach the tools and techniques for discovering and exploiting some of the common weaknesses found in IoT devices in just a few minutes. Work at your own pace following our IoT Hacking guides and if you get stuck, our instructors are on hand to provide assistance and answer any questions.

Phisherman's Wharf - Phishing for Beginners

Intuit R3DC0N's Phisherman's Wharf will lead beginners looking to learn how phishing campaigns are managed. This short introductory lab will give you hands on experience creating a phish test campaign from a cached email and web site using GoPhish, leverage email lists, and observe the responses when the victims interact with the phish emails in MailHog.

Accompanied by our expert guide, witness live hacking demonstrations showcasing the alarming simplicity behind breaching and controlling banned xIoT devices. Embrace the excitement. Join us at the Lab and let the hacking games begin!

IoT Security at DEF CON 32

Join Finite State live on the Tech Done Different Podcast live at 2:30 on the 9th with host Ted Harrington. Finite State and ISE will be discussing all things DEF CON 32 and the state of IoT security. This will be a live recording!

Hardware Hacking GE Appliances

How to get started, two steps

  1. Download the GE Appliances SmartHQ App “SmartHQ” available on the Google Play and iOS Stores to your mobile phone
  2. Create your GE Appliances Account to commission the appliance, connecting the appliance to your account. The app will walk you through this step.

Router Name SSID: HackAway
Router Name Password: With GEA

In-Scope: Only communications between the appliance, GE Appliances SmartHQ App, and the cloud connection for the appliance

Please leave your contact information and we will be in touch! Or you may visit our security webpage by typing “GEAppliances.com/security” into your Internet browser. We have a call center and PSIRT team ready to hear your questions!

Hands-On Hardware Hacking – From Console to Root, Manipulating and Controlling a Protected System

Rapid7 is back with more hands-on hardware hacking exercises. This year we will be guiding attendees through several exercises gaining root access for control and extraction of firmware and file system data. From TFTP kernel images over the network to single user mode access via modification of U-Boot. These exercises will guide you through the process of importing a kernel image over the network and executing it in memory for root access, along with understanding embedded device flash memory layout and how to transfer firmware images over the network for offline testing.  Also, we will walk through placing the IoT device in single user mode for root access and then rebuild the structure and needed drivers to bring the IoT embedded system out of single user mode for full access.

Hack My TV

With Google Cast Miracast or AirPlay smart TVs now have plenty of ways to get your favorite content on screen. But while the latest show is playing there is a complex system running underneath that is ripe for hacking. Bitdefender invites you to solve a few challenges that will get you diving into the inner workings of a smart TV.

Firmware Extraction and Analysis

In this interactive exercise, you'll learn how to talk to chips on a board via SPI, extract a firmware image, and analyze it to find vulnerabilities. Take your hardware hacking skills to the next level

Keysight CTF Challenge

Defeat the Keysight CTF challenge for a chance to win a Riscuberry IoT hacking training kit with Riscure Academy online training. See one of the Keysight staff for details. LIGHT THE BEACONS and show us the flag!

Inside the Toolkit of Elite Embedded Security Experts - Hands-On Workshop: QEMU & GDB for Embedded Systems Analysis

Learn the trade secrets of elite embedded security researchers and exploit developers. This hands-on workshop equips you with the QEMU and GDB skills needed to emulate and debug embedded system processes.

Friday, August 9th / Saturday, August 10th

  1. 10:00 am - QEMU Primer
  2. 11:00 am - QEMU Emulation
  3. 2:00 pm - Debugging with QEMU and GDB
  4. 3:00 pm - Q&A for Workshops

Safe Hacking

Hack a (not-so) smart safe and win prizes from TCM Security! Attendees will be guided through a hands-on lab that demonstrates common tools and techniques to unpack and analyze firmware, hunt for files of interest, and reverse engineer binaries and libraries. In addition, you will learn how to trace functionality in IoT devices to their underlying binaries and libraries and further reverse engineer these to hunt for common vulnerabilities. By using these techniques, you will be able to find the vulnerable section of code in the smart safe and craft an exploit that will allow you to access the safe and win the loot inside.


Talks

Preparing for the Future: A Discussion of our Rapidly Evolving Threat Landscape

Jamie Hardy
Friday 12:30PM - Creator Stage 2

Seems like the world has completely changed in the last 12-24 months - * Multiple Global Conflicts * Launch of ChatGPT * CISO’s being held personally accountable for security breaches * Government Regulations on security * Economic Uncertainties (interest rates, layoffs)... All of these changes have played a major role in reshaping the security landscape. From adversaries with political motivations to another just trying to provide for his/her family. Security is no longer just your job, but you could actually be held personally liable. Oh and don’t forget that an adversary now has the ability to rewrite vulnerabilities with the click of a button, or can create deep fakes so real that a zoom call with multiple “people” was undetectable by a real person.

Exploration of Cellular Based IoT Technology

Deral Heiland
Carlota Bindner
Friday 2:00PM - Creator Stage 1

As cellular technologies continue to become more integrated into IoT devices, there has been a noticeable lag in comprehending potential security implications associated with cellular hardware technologies. Furthermore, the development of effective hardware testing methodologies has also fallen behind. Given the highly regulated nature of cellular communication and the prevalent use of encryption, it is imperative for security researchers to deepen their understanding of circuit design and the integration of cellular modems into IoT devices. In this presentation, I will introduce a wide-ranging testing and analysis methodology aimed at enhancing our understanding and evaluation of the security of IoT devices that currently rely on cellular communications. This methodology will encompass an examination of various cellular modem modules in use, their integration into circuit design, and hardware hacking techniques for interacting with communication circuits to control cellular modules, all for the purpose of security testing and analysis.

I Hacked my Mazda with an iPod

Ricky Lawshae
Friday 3:00PM - Creator Stage 1

Once upon a time, there was a thriving community that sprung up around modding and tweaking Mazda's infotainment system. Then one day, Mazda decided to ruin everyone's fun by patching all the holes, restricting unauthorized access methods, and adding all manner of best-practice security measures. When device makers decide to get all modern and up-to-date, sometimes the only solution is to go primitive. In long neglected code meant to handle old legacy iPod devices lies a treasure trove of vulnerabilities that can still be used to get a foothold into an otherwise pretty well-secured device. In this talk, we will discuss what Mazda is doing to try to keep us out, and the old Apple device communication protocol that can be used to get us back in.

Where’s the Money: Defeating ATM Disk Encryption

Matt Burch
Friday 3:30PM - Creator Stage 1

ATM security controls should protect critical functionality, financial data, and physical currency from unauthorized access. The financial institution ATM architecture is complex and often requires 3rd party license agreements to meet this security demand. Due to an expansive ecosystem of hardware and software components, compatibility requirements, and diverse approaches to ATM hardening, maintenance, and patching – significant security flaws can be continuously overlooked. These seemingly low-priority issues can lead to significant financial risk. Moreover, we have observed these ATM security controls to extend beyond the financial industry and are also present in the gaming/casino market. During this talk we will discuss our security research into 6 zero-day vulnerabilities, which bypass full disk encryption, security controls, and allow for full system compromise of a major ATM manufacturer.

Beyond Sunset: Exposing the Occultations Lurking in Large-Scale Off-Grid Solar Systems

Dan Berte
Friday 4:30PM - Creator Stage 2

This talk reveals stunning vulnerability findings in leading solar manufacturers that, when exploited, the stake is the grid. We'll explore three massive vulns in the management platform and discuss how they can be weaponized to become chilling nation security risks.

Inside Dash Cam: Custom Protocols and Discovered 0-days

HYOJIN LEE
Friday 5:00PM - Creator Stage 2

In recent years, the use of dash cams has surged, making them an essential component of modern vehicles. To enhance user convenience, many dash cams are now equipped with network connectivity. This growth in the dash cam market has heightened the importance of vehicle and personal data security. However, network-connected dash cams pose potential security risks to their availability and key functionalities. In this presentation, we will comprehensively analyze dash cams from various countries, including South Korea, the USA, Germany, and China, as well as built-in dash cams. During our analysis, we discovered numerous zero-day vulnerabilities (such as OS Command Injection, Logical Bugs, and insufficient authentication) that pose significant security threats. Vulnerabilities were primarily found during the dash cam boot process, configuration changes, and communications via custom protocols. We will detail the dash cam analysis process in the following sequence: [Analysis Process] - Acquiring firmware through official websites or apps - Extracting the file system to analyze the initial boot logic - Analyzing the boot logic to identify vulnerabilities or debugging ports to gain shell access - Utilizing the obtained shell for remote debugging of the main system Interestingly, our analysis of 10 different dash cams revealed that 4 devices used the same OEM board from a common manufacturer. These 4 devices shared similar vulnerabilities, and exploiting a vulnerability found in one device allowed us to successfully exploit all of them. Our research uncovered common security vulnerabilities across multiple dash cams, and we will discuss measures to prevent these vulnerabilities. We will particularly focus on analyzing the custom protocols used by dash cams and the security risks associated with them. This presentation aims to raise awareness of potential security threats in dash cams and encourage manufacturers to produce more secure products. We hope to drive industry standards and best practices to ensure the safety and security of these increasingly critical devices. By sharing our findings, we aim to highlight the importance of dash cam security and provide insights that can lead to more secure designs and implementations.

SBOMs the Hard Way: Hacking Bob the Minion

Larry Pesce
Saturday 9:30AM - Creator Stage 1

This presentation delves into the intricate process of generating a Software Bill of Materials (SBOM) for the Bob the Minions WiFi router by Davolink—a device whose firmware isn't publicly available. Traditional SBOM creation methods rely on readily accessible firmware, but Davolink's restricted release policies necessitated an unconventional approach. This talk covers the step-by-step journey of hardware disassembly, firmware extraction via SPI flash and JTAG/SWD interfaces, and the tools and techniques employed. Finally, we'll demonstrate how the recovered firmware is used to generate a comprehensive SBOM, highlighting any security vulnerabilities discovered and reported to the vendor. This session aims to provide attendees with practical insights into overcoming SBOM generation challenges in the IoT domain through hands-on hardware hacking, and leveraging the firmware and SBOMs for vulnerability discovery, as well as security improvement.

Psychic Paper: Making eink access badges accessible for anyone.

Joshua Herman
Saturday 10:00AM - Creator Stage 1

To make RFID access badges vendors in China have created eink badges where instead of printing a badge out you instead program the eink portion of the badge with an smartphone app and then program the RFID portion. At this time the ones that are sold are either black and white or black and white and red. There is no security implemented so all you need to do is download the app to reprogram the front of the badge. This makes anyone able to reprogram both the front and back of the badge.

What To Expect When You’re Exploiting: Attacking and Discovering Zero-Days in Baby Monitors and Wi-Fi Cameras

Mark Mager
Eric Forte
Saturday 11:00AM - Creator Stage 1

Home surveillance technology is a modern convenience that has been made accessible to the masses through the rise of IoT devices, namely cloud-connected Wi-Fi cameras. From parents monitoring their infants to homeowners watching their entryways, these cameras provide users with access to instant, high definition video from the convenience of a mobile phone, tablet, or PC. However, the affordability of these devices and relative ease of cloud access generally correlates to flawed security, putting users at risk. We set out to explore the attack surface of various Wi-Fi camera models to gain a deeper understanding of how these devices are being exploited. In the end, we devised methods to gain local root access, uncovered user privacy issues, discovered a zero-day vulnerability within a prominent IoT device management platform that allows attackers to gain remote control of millions of cameras worldwide and access sensitive user data, and revealed how these devices may be vulnerable to remote code execution attacks through completely unauthenticated means thanks to an inherently flawed implementation of their underlying peer to peer networking protocol. Along with demonstrating our exploits against live cameras, we will highlight the methods used to obtain our most significant findings and provide guidance on remediating the issues we encountered so these devices can be used safely in your household. We will also invite audience members to probe and attack a camera during our talk and earn a prize in the process!

Anyone can hack IoT - a beginner’s guide to hacking your first IoT device

Andrew Bellini
Sunday 11:30AM - Creator Stage 1

Yes, anyone can hack IoT devices and I’ll show you how! It doesn’t matter if you’re an experienced pen tester in other fields, completely new to cybersecurity or just IoT curious, by the end of this talk you’ll have the knowledge to hack your first device. You might be thinking - but I thought IoT was complicated, required knowledge of hardware, and expensive tools. In this talk, I’m here to dispel those myths by directly showing you the methodology, tools and tactics you can use to go and hack an IoT device today (or maybe when you get home). I’ll cover what IoT devices are best for beginners, what tools you need (and don’t need), how to build a small toolkit for <$100, common tactics to get a foothold into IoT devices and how to find your first vulnerability or bug.

Finding 0days in Vilo Home Routers

Justin Applegate
Justin Mott
Ava Petersen
Sunday 12:00pm - Creator Stage 2

From January to May 2024, a team of student researchers at Brigham Young University looked for 0days in a consumer-grade home router made by Vilo Living. By April 2024, they had found 9 zero days, 6 of which were critical. This presentation covers the process they went through from initial reconnaissance to hardware hacking to finding buffer overflows to reporting the bugs to the organization. Outline: Initial recon - OSINT on the company, previous vulnerabilities released (none), and black-box interactions with network services on the LAN Hardware hacking - identifying chips on the board, connecting to the UART interface, deciphering boot up info, dumping the flash memory (didn’t work), and observing reads/writes by the CPU to flash memory to obtain the firmware Cloud enumeration - discovering the AWS S3 buckets and IoT infrastructure, tracing cloud interactions (authenticating to the router remotely, retrieving MQTT certificates, etc.) Firmware enumeration - kernel + libc version, arch, how to emulate binaries on an x86 machine, compiling code to run on the router, what binary does what, etc. Vulnerability discovery - finishing reversing custom TCP protocol for mobile app->router interactions, searching for stack overflows, lack of authentication, command injection (and accidentally bricking 3 routers), info leaks, reviewing the 9 vulnerabilities we discovered, weaponizing and chaining some of the vulnerabilities, etc. Vendor disclosure - difficulty contacting the vendor in May 2024 with vulnerability details (they were almost dead), how the disclosure process went, filing for CVEs in June, publishing vuln details in August Conclusion - how stupid easy it is to hack IoT devices, how IoT vendors treat security issues, where future research can focus


Sponsors

Intuit

Lab Prize Sponsor

Powering prosperity around the world.

Intuit is the global financial technology platform that powers prosperity for the people and communities we serve. With approximately 100 million customers worldwide using products such as TurboTax, Credit Karma, QuickBooks, and Mailchimp, we believe that everyone should have the opportunity to prosper. We never stop working to find new, innovative ways to make that possible

Explore Career and Job Opportunities | Intuit Careers

Responsible disclosure program

Learn More

TCM Security

Lab Prize Sponsor

From large Fortune 500 companies to local small businesses, we have helped hundreds of companies secure their most valuable data. Our solutions are customized to meet your needs and requirements. When you’re ready to secure your organization, choose us as your partner.

Learn More

GE Appliances

GE Appliances Hardware Hacking Your Kitchen gives you the opportunity to live hack into some of the most popular home kitchen devices, right in the IoT Village!

Learn More

HTX

HTX is the Science and Technology agency in Singapore that integrates a diverse range of scientific and engineering capabilities to innovate and deliver transformative and operationally-ready solutions for homeland security. As a statutory board of the Ministry of Home Affairs, HTX works at the forefront of science and technology to empower Singapore’s frontline of security. The mission is to amplify, augment and accelerate the Home Team’s advantage and secure Singapore as the safest place on planet earth. Singapore’s Home Team Departments include Singapore Police Force, Singapore Civil Defence Force, Immigration and Checkpoints Authority, Singapore Prison Service, Central Narcotics Bureau, etc.

Learn More

Keysight Technologies

The IoT Kill Zone - Bluetooth Hacking by Keysight. Hands-on exercises by Keysight Technologies provide insights into powerful Bluetooth, WiFi, and IoT Security Assessment tools to unleash your hacking potential. Talk with security researchers on Bluetooth, WiFi, and 5G research; learn about firmware analysis and fuzzing. Walk away knowing the tools and lab equipment you need to perform IoT research.

Learn More

Rapid7

IoT Village Hardware Hacking Exercises 2023- From Memory Manipulation to Root Access

Rapid7 is back with more hands-on hardware hacking exercises at this year's Defcon IoT Village. In this year's exercises, we will be guiding the attendees through another multistep process to gain root access to a targeted IoT device via UART by first extracting the firmware to gain access to the root password and identifying memory offsets that allow attendees to alter U-Boot running memory to disable filters blocking needed changes to device boot environment variables. This series of exercises will cover steps including U-boot interaction, firmware extraction process, altering memory style attack, binwalk to extract cramfs filesystem, hexedit to identify memory offsets, and cracking of extracted password hashes.

Learn More

Finite State

VISIBILITY | SCALABILITY | SPEED

Finite State reduces software supply chain risk with end-to-end SBOM solutions for the connected world.

We enable product security teams, the guardians of the connected world, to protect the devices we rely on every day through market-leading software threat, vulnerability, and risk management.

Learn More

Gray Hat Academy

Perform Memory Extraction, Emulation and Shellcode with Gray Hat Academy

Want to put your MIPS shellcode skills to the test for a chance to win a prize? Come join us at the Gray Hat Academy table to get a free taste of our hands-on training labs! Learn to dump flash from our custom-built PCB that we use to teach our Hardware Hacking Workshop. Hone your dynamic analysis skills and exploit a WPS pin generation algorithm used in a popular Real Time Operating System.

Learn More

BitDefender

Bitdefender is a Global Leader in Cybersecurity

Bitdefender is a cybersecurity leader delivering best-in-class threat prevention, detection, and response solutions worldwide. Bitdefender provides cybersecurity solutions with leading security efficacy, performance and ease of use to small and medium businesses, mid-market enterprises and consumers. Guided by a vision to be the world’s most trusted cybersecurity solutions provider, Bitdefender is committed to defending organizations and individuals around the globe against cyberattacks to transform and improve their digital experience.

Learn More

Cujo AI

AI-driven Innovation

CUJO AI is the global leader in the development and application of Artificial Intelligence to improve the security and control of connected devices in homes and businesses.

Learn More

Microsoft

IoT Firmware Analysis from Microsoft now in Public Preview! Microsoft is the official device sponsor of the IoT Village labs.

Learn how Microsoft Defender for IoT's firmware analysis helps device builders to market and deploy highly secure IoT/OT devices.

Learn More