A Hackers Journey, For your pleasure!
Penetration testing isn’t always web applications, APIs, and cloud dashboards. It also concerns devices in people’s (private) daily life, known as IoT devices; Smart fridges, dishwashers, watches, etc ... but there are some which are even more private, and we don’t like to talk about them. Yes, Smart Adult Toys and I’m going to talk about them.
Smart adult toys combine mobile apps, bluetooth, firmware, and cloud services into a single system, yet they are often built with minimal security taken into considerations. In this talk I will show you how you can approach and exploit these devices for educational purpose.
I’ll guide you through my research & pen-testing experience of smart adult toys and I bet you’ll be shocked by the horrors that I’ve found. I’ll show you my process of how I approached it, the vulnerabilities found (such as: Information disclosures, IDORs, Account takeovers, Hijacking, Privacy Breaches and much more) and some fun stories!
It's my hacker journey, for your pleasure, I hope you are as thrilled as I am!
Trigger Warning: No worries, this session will be Code of Conduct proof. No explicit content or pictures will be shown.