As SureCloud returns to Infosecurity Europe 2019, our very own Senior Security Consultant; Elliot Thompson, has been invited to speak at the Geek Street Theatre at 1 pm on the 4th June.
What will the presentation cover?
Elliott will be discussing a critical disclosure discovered on the children’s VTech Storio Max tablet, which allowed attackers full access to the device. Elliott found a vulnerable service enabled on the tablet that could be exploited by a script placed on the website, triggered when Storio Max users visited the page. The code granted attackers full root control over the targeted device, including access to the webcam, speakers and microphone. The disclosure was reported to VTech, and a patch fixing the vulnerability was released within 30 days. The vulnerability was granted a CVE, and the story was featured on the BBC.
What you are expected to have learnt from the talk:
- Gain a better understanding on how to approach unusual devices from a methodology standpoint
- Identify how manufacturers can break a secure base (Android phone with Vtech software)
- Triaging of the custom parts of devices
- Learn how accessible ARM assembly can be
- See a live demonstration showing the impact of proof on concept and how writing an exploit code made the manufacturer resolve the issue quickly. Elliot comments: “It’s always better to show than merely tell.”
Elliott Thompson, one of SureCloud’s senior security consultants, delivers on a variety of large and unusual pen-testing engagements. Elliott engages targets throughout Europe, Asia, and the Middle East through infrastructure testing and reverse engineering to physical, social engineering and red teaming. Elliott has also appeared on the BBC as a cybersecurity expert, is a CVE identifier, CHECK Team Leader and CREST Registered Tester.
Elliot will be available for a chat at our SureCloud stand L40.
Come along and say hello!
Not attending infosec? Don’t worry, Elliott will be delivering the presentation on our webinar channel. Register here to save your spot.