Tune into our first episode of Tool Talk: a how-to series for hackers. REGISTER ›

You’re doing IoT RNG: Behind the scenes with the research team

Date & Time:
On-Demand Webcast
Location:
ON24
Bishop Fox IoT Security You're Doing IoT RNG webcast

There’s a crack in the foundation of Internet of Things (IoT) security, one that affects 35 billion devices worldwide.

Basically, every IoT device with a hardware random number generator (RNG) contains a serious vulnerability whereby it fails to properly generate random numbers, which undermines security for any upstream use.

At DEF CON 29, Bishop Fox’s Dan Petro and Allan Cecil shared eye-opening research revealing this potentially catastrophic problem. They wrote code for many popular IoT SoC platforms to extract gigabytes of data from their hardware RNGs and analyzed them. What they found was a systemic minefield of vulnerabilities in almost every platform that could undermine IoT security.

Something needs to change in how the Internet of Things does RNG. The vulnerabilities are widespread, and the attacks are practical.

Watch this on-demand webcast to:

  • Journey behind the scenes with the Bishop Fox research team as they delve into murky design specs, opaque software libraries, and lots of empirical results.
  • Explore the research findings and discover the truth behind how IoT does RNG.
  • Learn strategies to reduce the risks.

Dan petro

About the speaker, Dan Petro

Lead Researcher at Bishop Fox

Dan Petro is a Lead Researcher at Bishop Fox and focuses on application penetration testing (static and dynamic), product security reviews, network penetration testing (external and internal), and cryptographic analysis. Dan has presented at several Black Hats and DEF CONs on topics such as hacking smart safes, hijacking Google Chromecasts, and weaponizing AI. He has developed several open-source tools including Untwister, which breaks pseudorandom number generators. Additionally, Dan has been quoted in Wired, The Guardian, Business Insider, and Mashable. Dan holds both a Bachelor of Science and a Master of Science in Computer Science from Arizona State University.
More by Dan

Joe sechman

About the speaker, Joe Sechman

AVP of R&D at Bishop Fox

Joe brings over 20 years of experience to his role as Associate Vice President of R&D where he is responsible for nurturing a culture of innovation across Bishop Fox. Over his career, Joe has amassed many security certifications, delivered several presentations, and has co-authored multiple industry publications with groups such as ISC2, ISACA, ASIS, HP, and IEEE.

Additionally, Joe is a prolific inventor with nine granted patents in the fields of dynamic and runtime application security testing, attack surface enumeration, and coverage (U.S. Patents 10,699,017, 10,515,219, 10,516,692, 10,515,220, 10,423,793, 9,846,781, 10,650,148, 10,587,641, and 11,057,395). Prior to joining Bishop Fox, Joe held leadership positions with companies such as Cobalt Labs, HP Fortify, Royal Philips, and Sunera LLC (now Focal Point Data Risk). Earlier in his career, Joe served as the lead penetration tester within SPI Labs at SPI Dynamics where he cut his teeth alongside some of the best and brightest application security industry professionals. Joe received his Bachelor of Business Administration degree in Management Information Systems from the Terry College of Business - University of Georgia.
More by Joe

Allan cecil

About the speaker, Allan Cecil

Security Consultant III at Bishop Fox

Allan Cecil (dwangoAC) is a Security Consultant with Bishop Fox and President of the North Bay Linux Users' Group. He acts as the senior ambassador on staff at TASVideos.org, a website devoted to using emulators to complete video games as quickly as the hardware allows. He participates in Games Done Quick charity speed running marathons using TASBot to entertain viewers with never-before-seen glitches in games.
More by Allan

Related Events

Extend your knowledge with these related events and webcasts.

Ready to get started? We can help.

Contact Us

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.