12-09, 10:55–11:40 (Europe/London), Track 3
In today's interconnected world, where routers form the backbone of our digital lives, security vulnerabilities in these devices can have far-reaching consequences. By exploring the intersection of cloud technology and router security, I will demonstrate how malicious actors can exploit these APIs to compromise home and enterprise networks.
By exploiting vulnerabilities in routers via cloud API connections, malicious actors can potentially gain unauthorized access to a company's network infrastructure. This access could enable them to eavesdrop on sensitive communications, steal valuable data, or even disrupt critical business operations. Moreover, compromising routers from the cloud can serve as a launching point for more extensive attacks, such as lateral movement within the corporate network or the deployment of ransomware.
All attacks are remotely exploitable and a result of logic flaws introduced by the web portals’ developers. Those logic flaws vary from simple Insecure Direct Object References (IDORs) to self-promoting your user to platform admin.
Vangelis began as a developer from Greece. Six years ago he realized that only his dog didn’t have an API, so he decided to steer his focus towards security.
That led him to pursue a PhD in Web Application Security with an extra focus on machine learning. He’s still actively pursuing it.
He currently applies his skills as a Chief Technology Officer at Tremau, and during his free time, Vangelis is helping start-ups secure themselves on the internet and get a leg up in security terms.
His love of a simplistic approach to hacking by exploiting vulnerable APIs led him to publish research regarding API controlling ships, smart locks, IP cameras, car alarms, EV chargers, and many other IoT devices.
Since our lives are nowadays extremely cyber-dependent, his goal is to convince all companies to never neglect their API security as rush-to-market mentality is almost certain to lead to catastrophic security failure.