Secure or Get Compromised: Unveiling the Web Security in IoT Devices

Threats in IOT space are increasing on an exponential scale. One of the most stringent issues encountered in IoT devices is the management and deployment of embedded web servers and security controls associated with them. A number of security flaws exist due to the inability of imposing strong authentication and authorization controls at the granular level. In addition, bad design practices result in giving birth to inherent vulnerabilities. This talk highlights the state of security in embedded web servers by presenting undisclosed vulnerabilities in IOT devices. Additionally, the talk unveils how the embedded web servers used in IOT devices are exploited by adversaries to trigger advanced cyber attacks. There will be demonstrations and very detailed case studies will be discussed.