I Just Wanted to Charge the Car
Richo Butts
ShmooCon XX (Final) · Day 1 · One Track Mind
In "I Just Wanted to Charge the Car," Richo Butts, a seasoned security professional and motorsport enthusiast, takes the ShmooCon audience on a compelling journey through the world of IoT security vulnerabilities discovered during a personal quest for energy independence. The talk details his experience attempting to optimize his home's solar power system to automatically charge his electric vehicle (EV), only to uncover a series of "aggressively clown shoes" security flaws in the underlying smart home infrastructure provided by Franklin, a company specializing in whole-house battery systems.
AI review
This talk rips through a classic case of "Internet of Shit" security, detailing how basic reverse engineering uncovered a fundamentally broken authentication and authorization model in a home energy system. The speaker's methodical approach to peeling back the layers, from Android APK to HTTP proxy to a wide-open MQTT broker, provides a stark lesson in why security engineering isn't just a checkbox, especially when dealing with critical home infrastructure. It's a prime example of vendor negligence laid bare.