Inspired by past DEF CON villages and the knowledge that this year there will be an Internet of Things village run by ISE, Tripwire VERT began to investigate the possibility of creating our own travelling village. Since we have a decent IoT lab and a history of successful vulnerability discovery in this area, a village was a logical next step.
As we sat and discussed how we would run a village and what it would include, we decided upon a 3-T approach: Teaching, Tutoring and Trying. While teaching and tutoring may seem similar, we think that this is an important distinction between running a village and speaking at a con.
Teaching is about sharing knowledge with a large group of individuals, hoping that the majority of people will absorb the concepts you’re sharing. This is your average conference talk; you throw your ideas out there and see where they stick. It’s a great way to disseminate industry specific knowledge, as the bulk of your audience will have the same core knowledge that you have.
This is where the varied backgrounds and knowledge within VERT becomes useful. A few of us have spent time lecturing students at the post-secondary level, and we realize that you’ll seldom have a topic that is understood by 100% of your audience. While the bulk of the audience may be auditory learners, they won’t all be.
This brings us to the second T: Tutoring. While we’ve already covered the auditory learners, we know that a number of people are visual learners. They understand concepts best when they can watch someone else apply them. This is where the one on one tutoring of a village can bring an experience that your average conference talk cannot. We can sit down with the equipment and walk people through the process, sharing knowledge in a way that a 60-minute presentation just won’t allow.
Finally, we have Trying. Now that we’ve covered our auditory and visual learners, it’s time to focus on the tactile learners, the people that learn by doing. This village will give those people a chance to sit down and use the equipment. We’ll be there to offer guidance when it’s needed but they get to sit in the driver’s seat.
This was important to all of us as we discussed and designed our village. We realize that the Internet of Things is still in its infancy and that it represents major security and privacy concerns moving forward. This means that we need people to understand these devices and we need to arm the masses with the knowledge and tools that they need to live in a connected world.
All of this is why we’re excited to announce that we’ve made arrangements for our first village appearance at SecTor. We’ve got a couple of amazing days planned for conference and expo attendees. We’ll be running slide decks on a regular basis covering concepts like exploring device firmware and black-box testing product UIs. We’ll sit down with some of the gear to provide demos on how to use various tools and target specific devices. Finally, we’ll have a stack of IoT devices on hand that attendees can play with and attempt to hack, which includes the following:
- Pineapple WiFi
- TI SoC Transeiver Kit
- Proxmark3 + Magic NFC Tags
- Laptops with Kali Linux
- Vera Lite Hub
- Wink Hub
- Loftek IP Camera
- Belkin IP Camera
- NETGEAR Centria Router
- Additional Routing Devices
- Samsung NFC Lock
- WD Cloud Drive
- Ankuoo NEO Pro Wifi Smart Switch
- Belkin WeMo Switch
- Pix-Star WiFi Cloud Photo Frame
- Vizio Smart TV
- Samsung Smart TV
We’re also planning on having some swag to hand out and at the end of the conference, we’ll be giving away one of the TVs.
Running this type of setup is a first for those of us involved but creating a situation where we could meet the learning styles of most people was important to us. We feel very strongly about sharing this information and helping people better understand IoT security. If you’re planning to be in Toronto on October 20th or 21st, grab a SecTor conference or expo pass and come visit us.
Title image courtesy of ShutterStock.com.