From Plug to Pwn
by Kylie McDevitt | - 2:00pm
Embedded devices are everywhere, from smart speakers to surveillance cameras,and breaking them is as fun as it is messy. In this talk, I’ll walk through how we at InfoSect approach embedded security assessments in the real world, from tearing down unknown hardware to poking firmware until it spills secrets. I’ll also share our journey to Pwn2Own Ireland 2024, where we became the first fully Aussie team to enter any Pwn2Own. We went after three embedded targets and landed two successful exploits, including one on the Sonos Era 300 smart speaker that earned us some cash, a few Master of Pwn points, and a decent adrenaline spike. Expect stories from the prep trenches, firmware curveballs, and a peek into the exploit itself. Whether you’re into embedded testing or just curious how people hack random devices for a living, this talk has something for you.
About Kylie McDevitt
Kylie McDevitt hacks on Linux and embedded stuff at her company, InfoSect. Before that, she did time at the Australian Signals Directorate as a Technical Director. She started out as a radio engineer in MobileNet, then fell down the security rabbit hole and never looked back. She’s been in the game for over 16 years, picked up a few degrees and certs along the way, and sometimes wrangles uni students as a casual lecturer. Outside of work, Kylie helps run BSides Canberra and CSides, because building the community is just as fun as breaking things.