While we all like to make, modify and re-appropriate technology, some of us like to break it for, um, fun and profit. As a professional penetration tester (my job is to break my employer's devices before they release them) I will explain how I go about finding vulnerabilities in IoT devices. I will look at hardware, software and cryptographic attacks that can give us root on our toys.

Rather than focus on specific bugs in particular devices, this talk will describe a number of generic attacks that can be attempted against a wide variety of networked 'things'. The attacks range from the trivial that anyone with a soldering iron and a few bits and bobs could attempt, through those that require moderate linux knowledge, to those that require a disassembler and a knowledge of reverse engineering.

It should be of interest to anyone who would like to root their own shiny, IoT devices.

• View this video on media.ccc.de.
• View this video on YouTube.