“Howdy Neighbor” is GRIMM’s Internet of Things (IoT) Capture the Flag (CTF)-like challenge. As smart devices become ubiquitous within the common household, so are threats to these devices. For example, last year, it was reported that researchers could use a smart lightbulb network vulnerability to attack an entire city. Howdy Neighbor is a model smart house that simulates how multiple interactive “smart” home products, including webcams, smoke detectors, power meters, HVAC systems, smart ovens and refrigerators, video game consoles, smart TVs, toasters, coffee makers, locks, and light bulbs (etc.!), can be hijacked by attackers of various skill level to expose real-world vulnerabilities, and is a great way to learn about common oversights made in development, configuration, and setup of IoT devices.
More than just showing folks how your Nest can smart thermostat can take over your home, we created Howdy Neighbor to actually demonstrate the problem and raise awareness to help train conference-goers. To do that, it had to be realistic. So Howdy Neighbor is a miniature home – made to be “smart” from basement to garage. It’s a test-bed for reverse engineering and hacking distinct consumer-focused smart devices, and to understand how the (in)security of individual devices can implicate the safety of your home, and ultimately your family.
At conferences, we provide the tools and step-by-step instructions for even non-technical folks to easily walk through personal IoT device exploitation! For those of you in Vegas for DEFCON 25 next week, stop by the Industrial Control System (ICS) Village – so sit down and try it out! Follow us on @grimmcyber for updates!