DEF CON 23 [Audio] Speeches from the Hacker Convention
DEF CON
133 episodes
9 months ago
The DEF CON series of hacking conferences were started in 1993 to focus on both the technical and social trends in hacking, and has grown to be world known event. Video, audio and supporting materials from past conferences are available on our new media server at: https://media.defcon.org
All content for DEF CON 23 [Audio] Speeches from the Hacker Convention is the property of DEF CON and is served directly from their servers
with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.
The DEF CON series of hacking conferences were started in 1993 to focus on both the technical and social trends in hacking, and has grown to be world known event. Video, audio and supporting materials from past conferences are available on our new media server at: https://media.defcon.org
Peter Shipley - Insteon - False Security and Deceptive Documentation
DEF CON 23 [Audio] Speeches from the Hacker Convention
10 years ago
Peter Shipley - Insteon - False Security and Deceptive Documentation
Insteon' False Security And Deceptive Documentation
Peter Shipley Security Researcher
Ryan Gooler
Insteon is a leading home automation solution for controlling lights, locks, alarms, and much more. More than forty percent of homes with automation installed use Insteon.
For the last fifteen years, Insteon has published detailed documentation of their protocols—documentation that is purposely misleading, filled with errors, and at times deliberately obfuscated. As my research over the last year has revealed, this sad state of affairs is the direct result of Insteon papering over the fact that it is trivial to wirelessly take control, reprogram, and monitoring any Insteon installation.
Worse still, the embedded nature of the Insteon protocol coupled with devices that do not support flash updates means that there are no current fixes or workarounds short of ripping out the Insteon products.
I will be presenting my research, and releasing tools demonstrating the vulnerabilities throughout the Insteon home automation system.
Peter Shipley has been working with security for over 30 years. In the late 80's he wrote one of the first network security scanners and maintained one of the first bug databases ( later used to seed similar lists at CERT and llnl.gov ). Around the same time Peter co-founded UC Berkeley's OCF (Open Computing Facility).
In the mid 90's Peter Shipley became a founding member of cypherpunks & setup up one of the first official PGP distribution sites.
In '98 (DEF CON 6) Peter Shipley did a independent security research on war-dialing, exposing a significant security problem that was being ignored in most corporate environments making phone security.
At DEF CON 9 Peter Shipley introduced wardriving to the world. Recently Peter has written and released several APIs using python to link various networked automation appliances via REST and other interfaces.
Peter Shipley currently manages for a dot-com by day, and helps raise two kids by night.
Ryan Gooler (@jippen) is a cloud security guy, known for luck, sarcasm, and getting into things. Avid lockpicker, lover of cats, and disrespector of authority.
DEF CON 23 [Audio] Speeches from the Hacker Convention
The DEF CON series of hacking conferences were started in 1993 to focus on both the technical and social trends in hacking, and has grown to be world known event. Video, audio and supporting materials from past conferences are available on our new media server at: https://media.defcon.org
