10-28, 11:00–11:50 (US/Central), Alumni Theater
The majority of smart home solutions begin with downloading a mobile app to manage the smart home products. The mobile apps controlling the smart homes may provide convenience to quickly manage the security camera, garage door, house alarm, etc. However, do they hold up against modern malicious actors?
The majority of smart home solutions begin with downloading a mobile app to manage the smart home products. The mobile apps controlling the smart homes may provide convenience to quickly manage the security camera, garage door, house alarm, etc. However, do they hold up against modern malicious actors?
We can confirm the security of these mobile apps with open source tools to guide our security testing. Just as metasploit brought us convenience in security testing, we now have mobile security testing tools like MobSF, Genymotion, Burp Suite, Postman, JADX, APKLeaks, etc.
In this presentation, I will outline a process to utilize the various tools to evaluate smart home products. I will review the process and details discovered during my testing of the smart home products in my house.
This presentation will focus on mobile apps as well as the APIs involved. API security testing requires more custom testing. We have some automated testing features but there is plenty of hunting needed for API testing.
Red, Technical
Started IT career in 1990s teaching grandparents to use email and Word. Graduated from FHSU with a networking degree in 2003. Went through Sprint’s internship program. Because of my networking background, I was provided the opportunity to deploy firewalls while working at Payless Shoe Source, which provided the path to InfoSec. For the last 16 years, I have worked at Blue Cross and Blue Shield of Kansas. Today, I balance multiple roles: Security Architect, Enterprise Architect, and AppSec team member, and I volunteer with IETF and ARIN.