25th USENIX Security Symposium has ended
Back To Schedule
Tuesday, August 9 • 9:00am - 9:25am
Learning From Others’ Mistakes: Penetration Testing IoT Devices in the Classroom

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

This paper shows how it is possible to use commercial off-the-shelf IoT devices in a taught cyber security course. We argue that the current level of IoT device security makes testing them an excellent exercise for students. We have developed a course based around this idea that teaches students basic penetration testing techniques and then sets two rounds of group assignments in which they get hands-on experience with performing a security analysis of an IoT device. In the first round, the students get devices which we know are vulnerable. In the second round, the groups are mixed and they get devices with no previously known vulnerabilities. This approach enables us to provide them enough guidance in the first round to get the experience needed to perform the analysis independently in the second round. This seems to have been successful because our student teams found previously unknown vulnerabilities in five devices in the second round of tests.

avatar for Dr Tom Chothia

Dr Tom Chothia

Senior Lecturer in Cyber Security, Birmingham University
Dr Tom Chothia is a Senior Lecturer in cyber security at the University of Birmingham. He leads research projects on industrial control systems security (including rail), analysis of COTS devices, automated firmware analysis, protocol analysis and supply chain security. His work on... Read More →

Tuesday August 9, 2016 9:00am - 9:25am PDT
Texas Ballroom 5-7

Attendees (2)