Exploration of Cellular Based IoT Technology
60min Talk - Technical
Location: Track 1 - 10/26/24, 1:00 PM - 10/26/24, 2:00 PM (America/Kentucky/Louisville) (1 hour)
Exploration of Cellular Based IoT Technology
Deral Heiland
Principal Security Researcher (IoT)
Deral Heiland
Principal Security Researcher (IoT)

Deral Heiland CISSP, serves as a Principal Security Researcher (IoT) for Rapid7. Deral has over 25 years of experience in the Information Technology field and has held multiple positions including: Senior Network Analyst, Network Administrator, Database Manager, Financial Systems Manager and Senior Information Security Analyst. Over the last 15+ years Deral’s career has focused on security research, security assessments, penetration testing, and consulting for corporations and government agencies. Deral also has conducted security research on numerous technical subjects, releasing white papers, Blogs, security advisories, and has presented the information at numerous national and international security conferences including Blackhat, Defcon, Shmoocon, DerbyCon, RSAC, Hack In Paris, LeHack. Deral has been interviewed by and quoted by multiple media outlets and publications including ABC World News Tonight, Cheddar TV, BBC, Consumer Reports, MIT Technical Review, SC Magazine, Dark Reading, Threat Post and Infosecurity Magazine


As cellular technologies continue to become more integrated into IoT devices, there has been a noticeable lag in comprehending the security implications associated with cellular technology. Furthermore, the development of effective testing methodologies has also fallen behind. Given the highly regulated nature of cellular communication and the prevalent use of encryption, it is imperative for security researchers to deepen their understanding of circuit design and the integration of cellular modems into IoT devices. In this presentation, I will introduce a wide-ranging testing and analysis methodology aimed at enhancing our understanding and evaluation of the security of IoT devices that currently rely on cellular communications. This methodology will encompass an examination of various cellular modem modules in use, their integration into circuit design, and techniques for interacting with communication circuits to control cellular modules, all for the purpose of security testing and analysis.