Your SlideShare is downloading. ×
0
Threats to machine clouds
Threats to machine clouds
Threats to machine clouds
Threats to machine clouds
Threats to machine clouds
Threats to machine clouds
Threats to machine clouds
Threats to machine clouds
Threats to machine clouds
Threats to machine clouds
Threats to machine clouds
Threats to machine clouds
Threats to machine clouds
Threats to machine clouds
Threats to machine clouds
Threats to machine clouds
Threats to machine clouds
Threats to machine clouds
Threats to machine clouds
Threats to machine clouds
Threats to machine clouds
Threats to machine clouds
Threats to machine clouds
Threats to machine clouds
Threats to machine clouds
Threats to machine clouds
Threats to machine clouds
Threats to machine clouds
Threats to machine clouds
Threats to machine clouds
Threats to machine clouds
Threats to machine clouds
Threats to machine clouds
Threats to machine clouds
Threats to machine clouds
Threats to machine clouds
Threats to machine clouds
Threats to machine clouds
Threats to machine clouds
Threats to machine clouds
Threats to machine clouds
Threats to machine clouds
Threats to machine clouds
Threats to machine clouds
Threats to machine clouds
Threats to machine clouds
Threats to machine clouds
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Threats to machine clouds

766

Published on

Preliminary research into machine 2 machine clouds presented at B-Sides Cape Town by George Pranchke of SensePost.

Preliminary research into machine 2 machine clouds presented at B-Sides Cape Town by George Pranchke of SensePost.

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
766
On Slideshare
0
From Embeds
0
Number of Embeds
6
Actions
Shares
0
Downloads
20
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Security Threats toMachine Cloudsgeorge@sensepost.com
  • 2. about: usGeorg-Christian Pranschkehttp://www.sensepost.com/blog/7733.html
  • 3. what we’re going to talk about• the cloud• why this talk ?• machine clouds ?• results: cursory “testing”• what does all this mean ?
  • 4. The Cloud
  • 5. clobbering the cloud!
  • 6. cloud security
  • 7. Why This Talk ?
  • 8. security threats to machine clouds• fast growing mobile connectivity• greater number of connected devices• management complexity and high costs• web-based device management for connecteddevices• inherits some of the web app threats plus newones
  • 9. Machine Clouds ?
  • 10. machine clouds?
  • 11. machine clouds?• home automation• vehicle tracking• tele-medicine• location-based services• “M2M and connected products are changing our world”• “safer, simpler and more productive”• “less cost per year than full-time employee”• i.e. ATMs monitoring -> access to finances• i.e. medical equipment -> ensuring very best patient care• i.e. smart signs -> law enforcement• i.e. cars -> driving behaviour to insurance carriers
  • 12. machine cloud ui: the web application
  • 13. machine - cloud integration
  • 14. protocol dissection (i)DHCP response
  • 15. protocol dissection (ii)restart request response
  • 16. machine – cloud interaction (i)
  • 17. machine – cloud interaction (ii)
  • 18. connecting a machine
  • 19. Results: Cursory “Testing”
  • 20. #include <disclaimer.h>
  • 21. approachBusiness LogicApplicationInfrastructureweb application/web services <<>> “rogue machine”
  • 22. the environment (i)
  • 23. the environment (ii)
  • 24. threat: exposed administrativeinterfaces
  • 25. threats: cms layer (i)
  • 26. threats: cms layer (ii)
  • 27. threats: cms layer(iii)
  • 28. threats: web app layer
  • 29. clickjacking/ui redressing
  • 30. SDKs (i)
  • 31. SDKs (ii)
  • 32. SDKs (iii)
  • 33. SDKs (iv)
  • 34. a side note…
  • 35. transport layer encryption (i)
  • 36. transport layer encryption (ii)
  • 37. lame ? (i)
  • 38. lame ? (ii)
  • 39. lame ? (iii)
  • 40. threat: malicious applets
  • 41. a side note …
  • 42. threat: rogue machines
  • 43. putting it all together• malicious applets• obtain vendor id or …• unauthorised connection• upload of XSS payload or …• XSS -> session hijacking and …
  • 44. What Does All This Mean ?
  • 45. what does all this mean
  • 46. Security Threats toMachine CloudsThank You!

×