About

Organized by security consulting and research firm Independent Security Evaluators (ISE), IoT Village delivers advocacy for and expertise on security advancements in Internet of Things devices. IoT Village hosts talks by expert security researchers who dissect real-world exploits and vulnerabilities and hacking contests consisting of off-the-shelf IoT devices.

IoT Village's contests are brought to you by SOHOpelessly Broken™, the first-ever router hacking contest at DEF CON. The ISE research that inspired the SOHOpelessly Broken™ contests delivered 56 CVEs to the infosec community. Over the years at DEF CON, IoT Village has served as the platform to showcase and uncover 113 new vulnerabilities in connected devices.

Follow both ISE (@ISEsecurity) and IoT Village (@IoTvillage) on Twitter for updates on talks, contests, and giveaways.

Want to help, get updates or just show your interest?

Get Involved


Upcoming Event Schedule

= Village and/or Contest Appearances =

Event Activities Date
ToorCon at The Westin San Diego, CA CTF Oct. 15-16, 2016
BSidesDC at the Renaissance in DC Village CTF Oct. 22-23, 2016
RSA Moscone Center San Francisco, CA IoT Sandbox Feb. 13-17, 2017
CypherCon DiscoveryWorld, Milwaukee, WI Village CTF March 30-31, 2017
BSidesCharm Convention Center Baltimore, MD Village CTF April 29-30, 2017
HackerLab Engine-4 Bayamón, Puerto Rico CTF May 20, 2017
DEF CON Caesar's Las Vegas, NV Village Talks & Contests July 27-30, 2017
DerbyCon 7.0 Louisville Kentucky CTF Sept. 2017
  







DEF CON 25 2017

= Presentations & Workshops =


= Presentation | = workshop

Friday, July 28, 2017

Topic Presenter Time
Inside the Alaris Infusion Pump, not too much medication por favor! Dan Regalado @Danuxx 10:00 am - 10:50 am
IoT Village Keynote - Friends, Not Foes: Rethinking the Researcher-Vendor Relationship Rick Ramgattie @RRamgattie 11:30 am - 12:00 pm
Hide Yo Keys, Hide Yo Car - Remotely Exploiting Connected Vehicle APIs and Apps Aaron Guzman @scriptingxss 1:00 pm - 1:50 pm
Pwning the Industrial IoT: RCEs and backdoors are around! Vladimir Dashchenko @raka_baraka & Sergey Temnikov 2:40 pm - 3:30 pm
IoT - the gift that keeps on giving Alex "Jay" Balan @Jaymzu 4:10 pm - 5:00 pm
101 hardware hacking workshop Ken Munro @TheKenMunroShow 5:40 pm - 7:00 pm

Saturday, July 29, 2017

Topic Presenter Time
From DVR worms, to fridges, via dildos, the sins of the IoT in 50 minutes Andrew Tierney @cybergibbons & Ken Munro @TheKenMunroShow 10:00 am - 10:50 am
IoT updates to help protect consumers Aaron Alva @aalvatar & Mark Eichorn of the FTC 11:30 am - 12:00 pm
The Internet of Vulnerabilities Deral Heiland @percent_x 1:00 pm - 1:50 pm
IIDS: An Intrusion Detection System for IoT Vivek Ramachandran @securitytube, Nishant Sharma, and Ashish Bhangale 2:40 pm - 3:30 pm
Redesigning PKI for IoT because Crypto is Hard Brian Knopf @DoYouQA 4:10 pm - 5:00 pm
Manufactures Panel TBA 5:40 pm - 6:30 pm

Sunday, July 30, 2017

Topic Presenter Time
Intelligent Misusers: A Case for Adversarial Modelling on IoT Devices Pishu Mahtani @pishumahtani 10:00 am - 10:30 am
*bonus* From FAR and NEAR: Exploiting Overflows on Windows 3.x Jacob Thompson @isesecurity 11:00 am - 11:30 am

Motivation

The so-called Internet of Things (IoT) is undergoing massive adoption. From locks and thermostats to televisions and refrigerators, many devices that have traditionally delivered analog functionality are rapidly gaining Wi-Fi connectivity and connecting to cloud-based, command-and-control centers for remote control and monitoring functionality. Some of these devices are built with security in mind, while others are simply analog devices with communication capabilities slapped on. The security and privacy implications introduced by any security vulnerabilities in these connected devices are tremendous.

To be at the forefront of addressing and minimizing these issues, we organized the first-ever IoT hacking village at DEF CON 23. That was a follow-up to the massively popular SOHOpelessly Broken™ router hacking contest, which debuted at DEF CON 22 and contributed 15 new 0-day discoveries to the research community, we hope to educate participants and the community about security vulnerabilities in these widely deployed devices and, in turn, shift toward better security in the IoT category.

Responsive image

Contests

= Zero-Day Track =

The Zero-Day track is focused on the discovery and demonstration of new exploits (0-day vulnerabilities). This track relies on the judging of newly discovered attacks against embedded electronic devices. Devices that are eligible for the contest can be found here and you can start submitting entries now! The winners who score the highest on their judged entries will be rewarded with cash prizes.

RULES

Contestants will need to provide proof that they disclosed the vulnerability to the vendor.

= CTF Track =

A DEFCON 24 Black Badge ctf, players compete against one another by exploiting off-the-shelf IoT devices. These 15+ devices all have known vulnerabilities, but to successfully exploit these devices requires lateral thinking, knowledge of networking, and competency in exploit development. CTFs are a great experience to learn more about security and test your skills, so join up in a team (or even by yourself) and compete for fun and prizes! Exploit as many as you can over the weekend and the top three teams will be rewarded.

DETAILS






Get Connected





contact@securityevaluators.com

Sponsors






Thank you to our sponsors









We put on multiple events throughout the year, and you can be part of them! We have thousands of attendees and always make a big splash. Focusing on brand exposure, community engagement, press, parties, and thought-leadership, we seek to provide a VIP-sponsorship experience for our partners. Email us at contact@securityevaluators.com to request a sponsorship pack and see how you can get involved.

= Organizer =