This talk delves into the alarming reality of globally exposed critical devices across the IoT and OT landscape, from consumer-grade systems to high-stakes industrial infrastructure. With 35 recently discovered CVEs to illustrate, this presentation will demonstrate how seemingly obscure, yet critical, devices are readily discoverable online, often exposing them to easy exploitation.

We will explore a diverse range of vulnerable systems, including aviation industry devices, warehouse automation robots, industrial control systems (SCADA/ICS), routers, broadcasting equipment, medical devices, and advanced surveillance systems. Through a blend of OSINT techniques and deeper analysis , we will reveal how critical vulnerabilities—ranging from authentication bypasses and RCEs to direct unauthorized control—can be identified and exploited, sometimes even leading to zero-day discoveries for these devices.

Attendees will gain a critical understanding of the pervasive exposure of these systems, the specific signatures required to locate them, and the diverse attack vectors used for exploitation. This presentation aims to empower defenders with a hacker's perspective, highlighting the urgent need for better security practices, the importance of secure-by-design principles, and why lifecycle responsibility in IoT/OT security cannot be ignored. Participants will leave with actionable insights into identifying and mitigating these widespread, high-impact threats.