THINGBOTIOT SECURITY

BY : BELLAJ BADR

IOT : Internet des objets

The Internet of Things is a new term in the tech industry that refers to a concept where every device in your house gets its own computer chip, software, and connection to the Internet: your fridge, thermostat, smart water meter, door locks, etc.

The Internet of Things (IoT) is a vision. It is being built today

TER

AM

AG

AZ

INE 9

IOT Classes

The day when virtually every electronic device -- from phones and cars to refrigerators and light switches -- will be connected to the Internet is not far away.

Materiel & ProtocolesArduino/arduino/ognion io/Raspberry pi/CHIP/SAM L21 (processeur ARM ) consome 35 microamps/Hz

SUN/Microsoft/Google…Wireless/Xbee/Zigbee(2.4 GHz /250 kbps/200m/128 bit AES encryption)/bluethoot 4.0/NFC

6LoWPAN (IPv6 over Low power Wireless Personal Area Networks)

uIP : The uIP is an open source TCP/IP stack capable of being used with tiny 8- and 16-bit microcontrollers

MQTT (Message Queuing Telemetry Transport)

CoAP (Constrained Application Protocol)"CoAP is an application layer protocol that is intended for use in resource-constrained internet devices, such as WSN nodes. CoAP is designed to easily translate to HTTP for simplified integration with the web

XMPP (Extensible Messaging and Presence Protocol)"An open technology for real-time communication, which powers a wide range of applications including instant messaging, presence, multi-party chat, voice and video

DDS is a powerful device-to-device service that offers high performance data distribution calls, collaboration, lightweight middleware, content syndication, and generalized routing of XML data."

C,H,I,P

9$C.H.I.P. has built in WiFi + Bluetooth. Connect to the internet and attach a keyboard and mouseWIRELESSLY! 

Connected TvsWearablesConnected cars

“Connected” ne veux pas dire forcement “Smart”

Smart object : objects connected to the Net; objects that can sense their users and display smart behaviour

The number of Internet-connected devices is growing rapidly and is expected to reach 50 billion by 2020.(Cisco report)

As the number of Internet-connected devices grows, the potential security challenges of the so-called "Internet of Things," or IoT, can no longer be ignored. The web of interconnected devices promises both enormous benefits to users and serious security threats, due to the sensitive data those devices will share.

Futur

euh ….

Now the really scary part

Internet-of-things "devices are typically not protected by the anti-spam and anti-virus infrastructures available to organizations and individual consumers, nor are they routinely monitored by dedicated IT teams or alerting software to receive patches to address new security issues as they arise.

Why menaced

the paradigm is menaced by a multitude of threat actors, from cybercriminals to government entities, even hacktivists. The reason is simple: IoT devices manage a huge quantity of information, they are capillary distributed in every industry, and, unfortunately, their current level of security is still low.

IOT THREATS

As explained by experts at Symantec, the principal cyber threats for the Internet of Things are:

◦ Denial of service – DDoS attacks could target all the end points of a working scenario, causing a serious problem with the network of smart devices and paralyzing the service it provides.

◦ Botnets and malware based attacks.

◦ Data breaches : Attackers could spy on the communications between peers in a IoT network and collect information on the services they implement

◦ Weakening perimeters: If the attacker is able to compromise a device, he could have access to our domestic network, spy on us, or cause physical damage to our domestic environment. The problem is equally serious if we consider the use of IoT devices in any industry.

The OWASP Internet of Things (IoT) Top 10

The Open Web Application Security Project (OWASP) has the primary intent to divulge best practices to improve the security of software. It is natural that the project also analyzed the top 10 security issues related to the popular paradigm.◦ Insecure Web Interface◦ Insufficient Authentication/Authorization◦ Insecure Network Services◦ Lack of Transport Encryption◦ Privacy Concerns◦ Insecure Cloud Interface◦ Insecure Mobile Interface◦ Insufficient Security Configurability◦ Insecure Software/Firmware◦ Poor Physical Security

Internet of Things devices are generally not designed with security in mind. 

“Many users may not be aware that they are using vulnerable devices in their homes or offices,”

“Another issue we could face is that even if users notice vulnerable devices, no updates have been provided to some products by the vendor, because of outdated technology or hardware limitations, such as not having enough memory or a CPU that is too slow to support new versions of the software.”

In May 2013, two security experts from Cylance hacked into Google's building

management system in Australia, accessing floor plans, piping layouts, alarm

systems and equipment schedules. They used the hack to point out serious

holes in software developed by Tridium, a Honeywell-owned firm. http://

goo.gl/AAbekx

"If Google can fall

victim...anyone can,"

wrote the hackers.

www.youtube.com/watch?v=h5PRvBpLuJs

Botnets //& Thingbots

A ‘bot' is a type of malware that an attacker can use to control an infected computer or mobile device. A group or network of machines that have been co-opted this way and are under the control of the same attacker is known a ‘botnet‘ Your computer could be a part of a botnet

BOT = Robot(zombbie) Net=Network

BOTNET ARCHITECTURE

We are looking at a new age of botnets. The first age was servers, PCs, and laptops. The second age was mobile devices such as smartphones, phablets, and tablets. What’s the newest wave? … Thingbots.

BOTNETS & ThingBots

A malware author specifically designs their codes to compromise architectures used by IoT devices. A malicious code could be used to infect computers used to control a network of smart devices or to compromise the software running on them. In this second scenario, the attackers can exploit the presence of a flaw in the firmware running on the devices and run their arbitrary code, turning IoT components to unplanned use.

BOTNETS & ThingBots

In November 2013, Symantec discovered a new Linux worm, Linux.Darlloz, infecting Intel x86-powered Linux devices. The attackers compromised IoT devices in order to build a botnet (a thingbot)

Bot-nets are already a major security concern and the emergence of thingbots may make the situation much worse,

BOTNETS & ThingBots

Meanwhile, the attacks continue. Recently, experts at Akamai’s Prolexic Security Engineering & Response Team (PLXsert) spotted a new malware kit named Spike, which is used to run DDoS attacks through desktops and Internet of Things devices. The Spike thingbot was able to run different types of DDoS attacks, including SYN, UDP, Domain Name System query, and GET floods against Linux based machines, Windows, and ARM-based Linux hosts.

BOTNETS & ThingBots

The thingbot was composed of home routers, smart dryers, smart thermostats and other intelligent devices. Akamai noticed a number of devices for the Spike botnet ranging from 12,000 to 15,000. The researchers highlighted the ability of attackers to customize the malware also for ARM architectures widely adopted by IoT devices.

BOTNETS & ThingBots

Akamai published an interesting report on the Spike botnet that includes details related to DDoS attacks run by the threat actor. The experts observed that one of the attacks clocked 215 gigabits per second (Gbps) and 150 million packets per second (Mpps). The document confirms that, even if the majority of the DDoS attacks launched from low-powered devices could be insignificant, IoT devices could anyway represent a powerful weapon in the hand of the attackers.

BOTNETS & ThingBots

In March 2014, researchers at Team Cymru published a detailed report on a large scale SOHO pharming attack that hit more that 300,000 devices worldwide

Hackers are Trying to Turn Your Connected Fridge Into a ‘Thingbot

Security researchers at Proofpoint have uncovered the very first wide-scale hack that involved television sets and at least one refrigerator. Yes, a fridge. This is being hailed as the first home appliance "botnet" and the first cyberattack from the Internet of Things.

The hack happened between December 23, 2013 and January 6, 2014, and featured waves of malicious email, typically sent in bursts of 100,000, three times per day, targeting enterprises and individuals worldwide. one-quarter, were sent by hacked home appliances. Hackers didn't have to be amazingly smart when breaking into home appliances. Many times they gained access because the home owners didn't set them up correctly, or used the default password that came with the device.

More Than 750,000 Phishing and SPAM Emails Launched From "Thingbots" Including Televisions, Fridge

Think about when we’ll have 22 Billion -_-

DDOS (Distributed Denial of Service ) attacks

Ddos one of the prefered hackivists as a methode of protest.

Internal or external DDOS

Cloudflare/prolexic/..= cost

Layer7 ddos = large amount get/pop or download large files => 3G/4G bandwith !!

Performance

Attackers could use thingbots to mine bitcoins !!

Malicious attackers can crash your devices, block them from connecting and drain their Battery

Attack could use them as a private proxy to mask their identity.

Decrease in performance

Privacy

Each of these devices has some level of capability to allow hackers to influence and gain knowledge about our lives. Compromised devices can share what our cameras see, change our environmental controls, and affect our very lives by changing settings on our medical devices. Samsung's latest voice-controlled TVs can listen to private conversations.

Our physical security is in danger

What To do

Create your thingbot

1. Compile bot’s code for a desired architecture or use a bot builder.

2. Spread it 3. Setup your C&C

Which architecture

Watch a documentary aboutDionaea (a honeypot)ON

Setup a honeypot

Deploying Dionaea on a Raspberry Pi using MHN

https://github.com/threatstream/mhn/wiki/Deploying-Dionaea-on-a-Raspberry-Pi

In computer terminology, a honeypot is a trap set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information systems

A honeypot is a trap

Trust Zone

Invest in secure chips to add a security layer to existent systems.

Secure chips

Bot-nets are already a major security concern and the emergence of thingbots may make the situation much worse,