Fortinet, Senior Antivirus Researcher
Axelle Apvrille is a senior antivirus researcher at Fortinet. She hunts down malware on mobile and/or embedded devices.
In the past, she has enjoyed speaking at several conferences such as BlackHat Europe, Hack.Lu, Hack in Paris, Insomnihack, Area41, Hacktivity, ShmooCon etc.
Infecting Internet of Things
Every (security) researcher knows Internet of Things (IoT) are flawed: among other vulnerability, they often use unencrypted network, weak credentials etc. According to a survey of November 2015, the fear has even stretched out to consumers who perceive data or physical security as the highest downside of IoT.
Malware, however, are a different story. Strangely, people do not believe connected objects can get infected. Even some security researchers do not get the point. “Who’d be interested in hacking my toothbrush?!” is a frequent answer. But malware authors need not be interested in the connected object itself as long as they can use it (e.g. to spread spam) or get/sell sensitive data (ransom, Trojan spyware…). This talk illustrates the point with demos and Proof of Concepts (PoC) malware for smart glasses and a smart watch (harmless of course).
The first PoC is a basic ransomware for smart glasses. The second one is far more advanced and installs a hidden (and potentially malicious) application on smart glasses. The third one is a Trojan dialer for smart watch: a smart watch widget sends SMS messages. It is likely to go unnoticed for the victim because the widget works in low power mode, i.e without lighting up the screen.