Weaponization of Cellular Based IoT Technology
Black Hat USA 2025 · Day 1 · Briefings
Researchers Darrell Hyland and Carlotta Biendner spent two and a half years developing methods to hijack the cellular modules embedded in IoT devices — without touching the cellular network itself. By intercepting inter-chip communications over UART and USB, issuing AT commands, or establishing full PPP network connections, an attacker who gains physical access to a device can leverage its existing cellular trust relationship to pivot into cloud services, private corporate networks, or the internet — while the attack appears to originate from a legitimate IoT device. ---
AI review
Hyland and Biendner documented methodologies for hijacking the inter-chip cellular interface on IoT devices — UART tapping with acupuncture needles, PPP tunneling, USB multiplexer switch attacks — and built a working Metasploit pivot through a camera's cellular connection. Solid hardware pentesting tradecraft, but two and a half years of work yielded demonstration techniques more than novel vulnerability classes.