Transcript
Page 1: Hacking Internet of Things (IoT) - Dipto Chakravarty

Hacking Internet of ThingsHacking Internet of Things

Dipto ChakravartyJanuary 28, 2014

Dipto ChakravartyJanuary 28, 2014

Page 2: Hacking Internet of Things (IoT) - Dipto Chakravarty

Power Shift: User MachinesPower Shift: User Machines

• 2,000,000,000 internet users

• 5,600,000,000 mobile subscribers

• 15,000,000,000 things connected

• Connectivity Security

• 2,000,000,000 internet users

• 5,600,000,000 mobile subscribers

• 15,000,000,000 things connected

• Connectivity Security

2

Humans Sensors

InternetSocial networks Internet o

f Things

1

Page 3: Hacking Internet of Things (IoT) - Dipto Chakravarty

Internet of Things (IoT)Internet of Things (IoT)

Evolving …1. From interconnected

computers to a network of objects

2. From communicating people to communicating appliances

3. From human triggered to event triggered communication

Evolving …1. From interconnected

computers to a network of objects

2. From communicating people to communicating appliances

3. From human triggered to event triggered communication

IoT is pervasive, ubiquitous and even more global than the Worldwide Web and the Internet as we know it. IoT is pervasive, ubiquitous and even more global than the Worldwide Web and the Internet as we know it.

3

Page 4: Hacking Internet of Things (IoT) - Dipto Chakravarty

IoT InsecurityIoT Insecurity

• Ubiquitous …– Connect computers to things and objects (2015-2020)– Transcend beyond corporate, personal, social, local hubs– Embedded within household appliances and surroundings– Wearable in your pocket, glass, key fob, contact lens

• Ubiquitous …– Connect computers to things and objects (2015-2020)– Transcend beyond corporate, personal, social, local hubs– Embedded within household appliances and surroundings– Wearable in your pocket, glass, key fob, contact lens

4

2011 2020

50 B intermittent connections

200 B intermittent connections

30 B “things”15 B “things” 2X2X

4X4X

Page 5: Hacking Internet of Things (IoT) - Dipto Chakravarty

IoT HackedIoT Hacked

• Re-imagine– Hacking user computers to user wearables and appliances– Keylogging web sessions to keylogging tablet touchscreens – Eavesdropping on phone sessions via Bluetooth / NFC– Hijacking computers as botnets to your car’s IP address

• Latest Hack– Malware came from inside a house (its router, smart TV and

smart refrigerator) — sent 750,000 malicious emails to targets between December 26, 2013 and January 6, 2014.

– http://investors.proofpoint.com/releasedetail.cfm?ReleaseID=819799

• Re-imagine– Hacking user computers to user wearables and appliances– Keylogging web sessions to keylogging tablet touchscreens – Eavesdropping on phone sessions via Bluetooth / NFC– Hijacking computers as botnets to your car’s IP address

• Latest Hack– Malware came from inside a house (its router, smart TV and

smart refrigerator) — sent 750,000 malicious emails to targets between December 26, 2013 and January 6, 2014.

– http://investors.proofpoint.com/releasedetail.cfm?ReleaseID=819799

5

Page 6: Hacking Internet of Things (IoT) - Dipto Chakravarty

Securing IoTSecuring IoT

1. USER is in charge. – Adopt OAuth like practices ASAP – Lose options like user-issued passwords + <Enter>

2. DATA trumps.– Design around coding API-s as it’d be reverse engineered – Don’t store personal information on the IoT “things”

3. PATCH wisely. – Continuous updates and patches play havoc in IoT– Plan schemes to apply virtual patches

4. GREEN design. – Plan low-power schemes instead of encryption/authentication– Layer security into the wearables from upstream components

5. POWER usage. – Verify electromagnetic induction on IoT’s to harden its pervasive security– Conduct brownout tests to attest any vulnerability that can be exploited

1. USER is in charge. – Adopt OAuth like practices ASAP – Lose options like user-issued passwords + <Enter>

2. DATA trumps.– Design around coding API-s as it’d be reverse engineered – Don’t store personal information on the IoT “things”

3. PATCH wisely. – Continuous updates and patches play havoc in IoT– Plan schemes to apply virtual patches

4. GREEN design. – Plan low-power schemes instead of encryption/authentication– Layer security into the wearables from upstream components

5. POWER usage. – Verify electromagnetic induction on IoT’s to harden its pervasive security– Conduct brownout tests to attest any vulnerability that can be exploited

6

Page 7: Hacking Internet of Things (IoT) - Dipto Chakravarty

Big Deal with IoT Big Deal with IoT

• Big Data isn’t a big deal– 90% it is user-generated data

• Personal information is the weakest link

• Big Data isn’t a big deal– 90% it is user-generated data

• Personal information is the weakest link

Big Index (metadata) holds keys to the kingdom

Doxing or chaining of data has to be safeguarded

Big Index (metadata) holds keys to the kingdom

Doxing or chaining of data has to be safeguarded

7

Page 8: Hacking Internet of Things (IoT) - Dipto Chakravarty

Planning 2014 with IoTPlanning 2014 with IoT

• Security context awareness– Self-identifying, self-describing

negotiating devices

• Event-based architectures– Autonomy beyond the network edge

and endpoints

• Secure bidirectional communication – Protect channels with anti-threat,

cybersecurity and APT tools.

• Security context awareness– Self-identifying, self-describing

negotiating devices

• Event-based architectures– Autonomy beyond the network edge

and endpoints

• Secure bidirectional communication – Protect channels with anti-threat,

cybersecurity and APT tools.

8

Page 9: Hacking Internet of Things (IoT) - Dipto Chakravarty

Thank You! Thank You!

9

Dipto [email protected] LIn, Tw: diptoOn G+, Y!: diptoc


Top Related