Axelle Apvrille

Fortinet, Senior Antivirus Researcher

Axelle Apvrille is a senior antivirus researcher at Fortinet. She hunts down malware on mobile and/or embedded devices.
In the past, she has enjoyed speaking at several conferences such as BlackHat Europe, Hack.Lu, Hack in Paris, Insomnihack, Area41, Hacktivity, ShmooCon etc.
Twitter: @cryptax

Infecting Internet of Things

Every (security) researcher knows Internet of Things (IoT) are flawed: among other vulnerability, they often use unencrypted network, weak credentials etc. According to a survey of November 2015, the fear has even stretched out to consumers who perceive data or physical security as the highest downside of IoT.

Malware, however, are a different story. Strangely, people do not believe connected objects can get infected. Even some security researchers do not get the point. “Who’d be interested in hacking my toothbrush?!” is a frequent answer. But malware authors need not be interested in the connected object itself as long as they can use it (e.g. to spread spam) or get/sell sensitive data (ransom, Trojan spyware…). This talk illustrates the point with demos and Proof of Concepts (PoC) malware for smart glasses and a smart watch (harmless of course).

The first PoC is a basic ransomware for smart glasses. The second one is far more advanced and installs a hidden (and potentially malicious) application on smart glasses. The third one is a Trojan dialer for smart watch: a smart watch widget sends SMS messages. It is likely to go unnoticed for the victim because the widget works in low power mode, i.e without lighting up the screen.

Presentation @DefCamp 2016