Course paper and presentation for Einführung in die Cybersicherheit at the University of Salzburg, January 2024, originally titled “Die wunderbar unsichere Welt der IoT”.
The paper walks through the IoT security landscape - firmware patterns (web, REST, MQTT, vendor protocols, Matter), the usual challenges (constrained hardware, embedded toolchain pain, vendor cloud lock-in), and wireless layers (Sub-GHz, WiFi, ZigBee, Thread). Two practical mini-projects round it out: Google Dorking for exposed CCTV systems running Webcam 7 (we found everything from chicken coops to a 12-camera company setup, all over plain HTTP), and Sub-GHz reconnaissance with a Flipper Zero against a remote socket, a fog machine, and a courtyard gate (where we fell back to a jamming attack against KeeLoq rolling codes).
The talk itself was heavily built around live demos and audience interaction. I packed a full suitcase of demo hardware for the talk and even gave away a reflashed lightbulb on stage, just to drive home the point that with cheap IoT devices you genuinely don’t know what’s running inside.
