Our Time in a Product Review Cabal (camp2023)

What did you do during the pandemic? We started a Product Review Cabal. Follow our journey from getting a postcard in a product box to us exhausting all of our many online retailer sock accounts. We’ll teach you how we got free packages nearly every day… **but there’s a catch**. _Most of the products arrive with malware, backdoors, or glaring vulnerabilities_. In our talk, we plan to detail a subset of these vulnerable products, how to detect issues, and how to mitigate them. From cameras to light switches, from routers to vacuum cleaners, the product list is expansive. There’s nothing these vendors won’t copy, and nothing they won’t offer up for reviews. The story is a good conversation starter, but be sure to stay for the tear-down and technical analysis. A blend of social engineering, hardware hackery, and software vulnerabilities - this discussion has something for everyone! 1. Introduction 2. Speedy (free) delivery! 3. Other Vendors? 4. Escalation 5. Can I Bring a Friend? 6. But what about the products? Too good to be true? 7. Scanning and analysis showed vulnerabilities left and right. 8. So, how do we fix it and make this stuff usable? 9. Oh and there was some really weird stuff offered (if time allows)... 10. Things start to go sideways... 11. Conclusion 12. And yes, we deleted our reviews. about this event: https://pretalx.c3voc.de/camp2023/talk/RNE8FU/