BSides Oslo 2022 on May 25th, 2022 at Vulkan Arena - I will IDOR myself in

I will IDOR myself in

  • Length: 45 minutes.
  • Scheduled: 10:05 (UTC+2)

How could attackers gain control of hundreds of million devices? In this talk Vangelis explains how attackers can exploit a series of simple, yet critical API flaws that are typical “rush to market” flaws which allow an attacker to control and even use them as an initial foothold in millions of networks.

Devices vary from routers to alarms and car chargers. It seems that the era of “central platform” handling that solves a variety of problems (like port forwarding) backfired by re-introducing a number of vulnerabilities that were thought to be long gone.

Vangelis Stykas

Vangelis Stykas

Vangelis is a developer as well as Senior Penetration Tester at Pen Test Partners. His research is mainly in API and web application security.

His academic research is focused on machine learning and the development of proactive web application security.

During his free time Vangelis helps start-ups secure themselves on the internet and get a leg-up on security.

During the past years he has published research regarding API control functions for ships, smart locks, IP cameras, EV chargers and many other IoT devices.