I got myself a new toy: A solar array… With it, a little device by a top tier manufacturer that manages its performance and reports SLAs to the cloud. After spending a little time describing why it tickled me pink, I’ll walk you through my research and yes, root is involved! Armed with the results of this pen test, we will cover the vendor’s reaction to the bee sting: ostrich strategy, denial, panic, shooting the messenger and more. Finally, not because I know you get it, but because the rest of the world doesn’t, we’ll cover the actual threats associated with something bound to become part of our critical infrastructure. Yes, in this Shodan world, one could turn off a 1.3MW solar array but is that as valuable as using that device to infiltrate a celebrity’s home network?
Fred Bret-Mounet’s descent into the underworld of security began as a pen tester at @stake. Now, he leads a dual life—info sec leader by day, rogue hacker by night. His life in the shadows and endless curiosity has led to surprising home automation hacks, playing with Particle Photons and trying to emulate Charlie & Chris’ car hacking on his I3.