13th and 14th February, 2026
Kaapelitehdas, Helsinki Finland
No web interface, no problem! Pwning mesh routers through cloud management
Erik de Jong
With more and more devices moving away from web interfaces for management to app and cloud based configuration this opens up a different attack surface. In this session I'll go through the process of reverse engineering the binary protocol used to manage TP-Link Deco devices remotely in order to craft an exploit for a vulnerability identified through the management app.
Erik de Jong
Erik de Jong is an elite hardware hacker and senior cybersecurity consultant, running his own company error32.io, with extensive experience in identifying vulnerabilities and securing complex systems. Known for a hands-on "brains first, tools second" approach and deep technical expertise, Erik specializes in reverse engineering, embedded systems, and hardware security. With a passion for crowdsourced security, Erik actively contributes to bug bounty programs and has participated in multiple bugbashes (live hacking events), where he's collaborated with other top hackers to uncover critical vulnerabilities in real-time.
