Introduction
An Open Source Community for Internet of Things and Embedded Device Security. Learn, Lend, and Lease iOT devices in support of independent security research."
Humble Begginings
Over the course of the last year I, like so many other’s in the information security space, have spent more time online then I’ve ever done before. With such an increase in time spent using web applications or fidgeting with new iOT devices for the home office, it’s no wonder that the increase in screentime has lead to an increased curiosity over the security of these technologies.
As a pepetually curious penetration tester, I’ve decided to take advantage of the extra time at home to begin serious efforts on testing the security of my iOT and embedded device. In 2020 alone, I’ve found at least 4 CVE credited vulnerabilities (including a yet to be published XSS on my 10 year old printer).
Planting a Seed
Inspired by the possibilities of iOT vulnerability research, I began to look elsewhere for devices to test. Very soon, I began to find a plethora of interesting devices from IP camera encoders to enviormental monitoring devices, the world of embedded security seemed like a forest of vulnerable technologies with cve’s a plenty.
While the variety of devices peaked my interest, the reality is that the cost of purchasing my own units for local testing is steep. I started purchasing second-hand devices from eBay and Craiglist, but wished there was another option…. enter iOTRL.
Laying the Foundation
My idea for iOTRL is that security researchers interested in iOT and embedded security have, somewhere in their lives, a closet of old devices and projects they no longer work on. iOTRL is a place for these researchers to share their devices, their research, and offer their mentorship to others in the community looking to start or continue their careers in vulnerability research.
Whether you’re a seasoned researcher who just published your latest Defcon talk on AirTag’s, or a college student taking cryptography 101 and wishing to someday find a CVE, iOTRL can provide a central place to discover, explore, and share with the community.
Roadmap
This site, just like this project, is a work in progress. Expect rapid changes over the course of the year. If you’re interested in learning more about the roadmap, or want to contribute to the project, reach out to Tyler on twitter.