hacking internet of things (iot) - dipto chakravarty

Download Hacking Internet of Things (IoT) - Dipto Chakravarty

Post on 24-Jun-2015




1 download

Embed Size (px)


  • 1. Hacking Internet of Things Dipto Chakravarty January 28, 2014

2. Power Shift: User Machines 2,000,000,000 internet users 5,600,000,000 mobile subscribers 15,000,000,000 things connected Connectivity Security 2 Humans Sensors Internet 1 3. Internet of Things (IoT) Evolving 1. From interconnected computers to a network of objects 2. From communicating people to communicating appliances 3. From human triggered to event triggered communication IoT is pervasive, ubiquitous and even more global than the Worldwide Web and the Internet as we know it. 3 4. IoT Insecurity Ubiquitous Connect computers to things and objects (2015-2020) Transcend beyond corporate, personal, social, local hubs Embedded within household appliances and surroundings Wearable in your pocket, glass, key fob, contact lens 4 2011 2020 50 B intermittent connections 200 B intermittent connections 30 B things15 B things 2X 4X 5. IoT Hacked Re-imagine Hacking user computers to user wearables and appliances Keylogging web sessions to keylogging tablet touchscreens Eavesdropping on phone sessions via Bluetooth / NFC Hijacking computers as botnets to your cars IP address Latest Hack Malware came from inside a house (its router, smart TV and smart refrigerator) sent 750,000 malicious emails to targets between December 26, 2013 and January 6, 2014. http://investors.proofpoint.com/releasedetail.cfm?ReleaseID=819799 5 6. Securing IoT 1. USER is in charge. Adopt OAuth like practices ASAP Lose options like user-issued passwords + 2. DATA trumps. Design around coding API-s as itd be reverse engineered Dont store personal information on the IoT things 3. PATCH wisely. Continuous updates and patches play havoc in IoT Plan schemes to apply virtual patches 4. GREEN design. Plan low-power schemes instead of encryption/authentication Layer security into the wearables from upstream components 5. POWER usage. Verify electromagnetic induction on IoTs to harden its pervasive security Conduct brownout tests to attest any vulnerability that can be exploited 6 7. Big Deal with IoT Big Data isnt a big deal 90% it is user-generated data Personal information is the weakest link Big Index (metadata) holds keys to the kingdom Doxing or chaining of data has to be safeguarded 7 8. Planning 2014 with IoT Security context awareness Self-identifying, self-describing negotiating devices Event-based architectures Autonomy beyond the network edge and endpoints Secure bidirectional communication Protect channels with anti-threat, cybersecurity and APT tools. 8 9. Thank You! 9 Dipto Chakravarty dchakravarty@gmp4.hbs On LIn, Tw: dipto On G+, Y!: diptoc