See my previous post on Sniffing TPM Buses: All the Kids Are Doing it Now.
Insufficient logging and monitoring have been on the OWASP Top 10 for some time now, but is this applicable to IoT deployments as well as web apps? Well, in this video, I discuss this and make the argument that it is just as valid for IoT as it is for web applications. After starting with a MGSV reference, we dive into how security logging and monitoring look for embedded deployments. Then I go into why it is still a concern. Lastly, I discuss a few methods to harden IoT systems with detection and reporting features.
One more thing, I end the video with an announcement that our embedded CTF, which we are running for ToorCon, is available to the public virtually! It’s bring-your-own-hardware, but we are using the great pocket Beagle so you should be able to play along. Register here.