SlideShare a Scribd company logo

What I learned about IoT Security ... and why it's so hard!

Christoph Engelbert
Christoph Engelbert

The document discusses some of the challenges of IoT security and provides recommendations. It notes that IoT security is difficult because devices often lack secure boot processes, have undocumented backdoors, and debugging can be done over unencrypted network connections. It recommends hiring engineers trained in security, prioritizing security over features, performing regular penetration testing, and providing indicators if a device becomes hacked. However, it acknowledges that no security is impossible to break, so the focus should be on choosing important battles.

Software
1 of 67
Download to read offline
What I learned about IoT Security… and why it’s so hard! @timescaledb
Chris Engelbert Developer Advocacy @TimescaleDB Previous fun companies: - Ubisoft / Blue Byte - Hazelcast - Instana - clevabit Interests: - Developer Relations - Anything Performance Engineering - Backend Technologies - Fairy Tales (AMD / Intel, AMD / Nvidia, AMD / Nvidia) @noctarius2k
The 🐘 in the Room
No Internet Connection https://www.redbubble.com/i/poster/You-are-o ffl ine-by-dbengati/50499607.LVTDI#&gid=1&pid=2
Remove Gunk https://taz.de/Sperrmuell-auf-Gehwegen/!5713115/
https://keasigmadelta.com/blog/why-you-shouldnt-write-your-own-encryption-algorithm/
https://www.authgear.com/post/password-hashing-salting
Forget Factory Passwords https://www.online-tech-tips.com/cool-websites/reset-bios-password/
Undocumented “Backdoors” Are Not Secure https://bdtechtalks.com/2020/04/27/deep-learning-mode-connectivity-adversarial-attacks/
Secure Your Build System: Isolate Environments https://yokell.artstation.com/projects/8rOYx
https://reciprocity.com/blog/most-common-types-of-cybersecurity-vulnerabilities/ Check For Vulnerabilities
https://www.ohio.edu/orgs/glass/looking_glass1.html https://stock.adobe.com/search/images?k= fi rmware+icon&asset_id=378400523 https://altitudetvm.com/es/software/2366-pengertian- fi rmware-beserta-fungsi-dan-contoh-penggunaan- fi rmware-pada-perangkat-elektronik.html
🔐 https://www.ohio.edu/orgs/glass/looking_glass1.html https://stock.adobe.com/search/images?k= fi rmware+icon&asset_id=378400523 https://altitudetvm.com/es/software/2366-pengertian- fi rmware-beserta-fungsi-dan-contoh-penggunaan- fi rmware-pada-perangkat-elektronik.html • Cryptographically Sign Your Firmware Files
🔐 https://www.ohio.edu/orgs/glass/looking_glass1.html https://stock.adobe.com/search/images?k= fi rmware+icon&asset_id=378400523 https://altitudetvm.com/es/software/2366-pengertian- fi rmware-beserta-fungsi-dan-contoh-penggunaan- fi rmware-pada-perangkat-elektronik.html 🔐 • Cryptographically Sign Your Firmware Files • Cryptographically Sign Firmware Updates
🔐 • Cryptographically Sign Your Firmware Files • Cryptographically Sign Firmware Updates • Check The Signature of Firmware Updates! 🔐 https://www.ohio.edu/orgs/glass/looking_glass1.html https://stock.adobe.com/search/images?k= fi rmware+icon&asset_id=378400523 https://altitudetvm.com/es/software/2366-pengertian- fi rmware-beserta-fungsi-dan-contoh-penggunaan- fi rmware-pada-perangkat-elektronik.html 🔐
🔐 • Cryptographically Sign Your Firmware Files • Cryptographically Sign Firmware Updates • Check The Signature of Firmware Updates! 🔐 https://www.ohio.edu/orgs/glass/looking_glass1.html https://stock.adobe.com/search/images?k= fi rmware+icon&asset_id=378400523 https://altitudetvm.com/es/software/2366-pengertian- fi rmware-beserta-fungsi-dan-contoh-penggunaan- fi rmware-pada-perangkat-elektronik.html 🔐 🙏
https://docs.cashlink.de/more-information/set-up-ledger-nano-s Require Pairing To Be Con fi rmed
Let The Fun Begin
Boot Process
Secure Boot
Secure Boot BOOT ROM Code pubkey 1
Secure Boot BOOT ROM Code Bootloader (UBoot / Barebox) pubkey 1 pubkey 2 Signature Veri fi cation
Secure Boot BOOT ROM Code Bootloader (UBoot / Barebox) Linux Kernel / RootFS (FIT) pubkey 1 pubkey 2 pubkey 3 Signature Veri fi cation Signature Veri fi cation
Secure Boot BOOT ROM Code Bootloader (UBoot / Barebox) Linux Kernel / RootFS (FIT) Additional Filesystems pubkey 1 pubkey 2 pubkey 3 pubkey 4 Signature Veri fi cation Signature Veri fi cation Signature Veri fi cation
BOOT ROM Code Bootloader (UBoot / Barebox) Linux Kernel / RootFS (FIT) Additional Filesystems pubkey 1 pubkey 2 pubkey 3 pubkey 4 Signature Veri fi cation Signature Veri fi cation Signature Veri fi cation Trusted Boot
BOOT ROM Code Bootloader (UBoot / Barebox) Linux Kernel / RootFS (FIT) Additional Filesystems pubkey 1 pubkey 2 pubkey 3 pubkey 4 Signature Veri fi cation Signature Veri fi cation Signature Veri fi cation PCR Register Trusted Boot
BOOT ROM Code Bootloader (UBoot / Barebox) Linux Kernel / RootFS (FIT) Additional Filesystems pubkey 1 pubkey 2 pubkey 3 pubkey 4 Signature Veri fi cation Signature Veri fi cation Signature Veri fi cation PCR Register Checksum BL Checksum OTP Checksum FIT Checksum Kernel Checksum Policy Trusted Boot
Trusted Boot https://security.stackexchange.com/questions/258649/usage-of-tpm-pcrs-in-linux
⋊> ~/D/Trusted-Platform-Module-Library-Family-2.0-Level-00-Revision-1.59_pub du -ah 14:16:05 3.6M ./TCG_TPM2_r1p59_Part1_Architecture_pub.pdf 3.7M ./TCG_TPM2_r1p59_Part3_Commands_pub.pdf 2.1M ./TCG_TPM2_r1p59_Part2_Structures_pub.pdf 1.1M ./TCG_TPM2_r1p59_Part4_SuppRoutines_pub.pdf 10M . Document: Trusted Platform Module Library, Part 1: Architecture Trusted Platform Module Library, Part 2: Structures Trusted Platform Module Library, Part 3: Commands Trusted Platform Module Library, Part 4: Supporting Routines Pages: 306 177 498 146 1127 Trusted Boot TPM Speci fi cation
Trusted Execution Environment https://embeddedbits.org/introduction-to-trusted-execution-environment-tee-arm-trustzone/
https://www.silabs.com/security/secure-attestation Device Attestation
https://www.silabs.com/security/secure-attestation Device Attestation
https://www.silabs.com/security/secure-attestation Device Attestation
Device Updates - Redundancy and Atomicity https://rauc.readthedocs.io/en/latest/updating.html
Device Updates - Redundancy and Atomicity https://rauc.readthedocs.io/en/latest/updating.html
Device Updates - Redundancy and Atomicity https://rauc.readthedocs.io/en/latest/updating.html
Device Updates - Redundancy and Atomicity https://rauc.readthedocs.io/en/latest/updating.html
Device Updates - Redundancy and Atomicity https://rauc.readthedocs.io/en/latest/updating.html
Ports / Firewalls
https://blog.cloud fl are.com/inside-mirai-the-infamous-iot-botnet-a-retrospective-analysis/ Firewall Ports
https://blog.cloud fl are.com/inside-mirai-the-infamous-iot-botnet-a-retrospective-analysis/ Firewall Ports
Common Sense https://en-americas-support.nintendo.com/app/answers/detail/a_id/22272/~/how-to-set-up-a-routers-port-forwarding-for-a-nintendo-switch-console
Common Sense https://en-americas-support.nintendo.com/app/answers/detail/a_id/22272/~/how-to-set-up-a-routers-port-forwarding-for-a-nintendo-switch-console
Common Sense https://en-americas-support.nintendo.com/app/answers/detail/a_id/22272/~/how-to-set-up-a-routers-port-forwarding-for-a-nintendo-switch-console
Debugging via Network
Debugging via Network Scan for Devices (mDNS / Avahi)
Debugging via Network Scan for Devices (mDNS / Avahi) Get Signed Debugging Request
Debugging via Network Scan for Devices (mDNS / Avahi) Get Signed Debugging Request Debugging Request Flags: uint8 Address: byte[4|16] Port: uint8 Seed: uint16
Debugging via Network Scan for Devices (mDNS / Avahi) Get Signed Debugging Request Send the Signed Debugging Request Debugging Request Flags: uint8 Address: byte[4|16] Port: uint8 Seed: uint16
Debugging via Network Scan for Devices (mDNS / Avahi) Get Signed Debugging Request Send the Signed Debugging Request Connect to the Debugger Debugging Request Flags: uint8 Address: byte[4|16] Port: uint8 Seed: uint16
😱 🥶 😓
So What Does That Mean?
Hire Engineers Trained For Device Security https://www.incibe-cert.es/en/blog/hardware-hacking-industrial-control-systems
> Prioritize Security Over Features
Regular Penetration Testing https://www.fracturelabs.com/posts/2020/hardware-hacking-lab-physical-tools/
Regular Penetration Testing https://www.fracturelabs.com/posts/2020/hardware-hacking-lab-physical-tools/
Provide an Indicator that the Device may be Hacked https://patrickspokemonpalace.wordpress.com/2010/06/30/internet-explorer-8-toolbars/
Whatever You Do Somebody Will Break The Security
Whatever You Do Somebody Will Break The Security 😱😱😱
Whatever You Do Somebody Will Break The Security Choose Your Battles!
https://en.wikipedia.org/wiki/Co ff ee#/media/File:Latte_and_dark_co ff ee.jpg
Thank You! www.timescaledb.com @timescaledb @noctarius2k Questions?

Recommended

Blue team reboot - HackFest
Blue team reboot - HackFest Blue team reboot - HackFest
Blue team reboot - HackFest Haydn Johnson
 
FIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT DevicesFIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT DevicesFIWARE
 
Hacking IoT with EXPLIoT Framework
Hacking IoT with EXPLIoT FrameworkHacking IoT with EXPLIoT Framework
Hacking IoT with EXPLIoT FrameworkPriyanka Aash
 
IoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangaloreIoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangaloreveerababu penugonda(Mr-IoT)
 
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...Felipe Prado
 
10 Tips for AIX Security
10 Tips for AIX Security10 Tips for AIX Security
10 Tips for AIX SecurityHelpSystems
 
BSides London 2015 - Proprietary network protocols - risky business on the wire.
BSides London 2015 - Proprietary network protocols - risky business on the wire.BSides London 2015 - Proprietary network protocols - risky business on the wire.
BSides London 2015 - Proprietary network protocols - risky business on the wire.Jakub Kałużny
 
Security Theatre (PHP Leuven)
Security Theatre (PHP Leuven)Security Theatre (PHP Leuven)
Security Theatre (PHP Leuven)xsist10
 

Recommended

Blue team reboot - HackFest
Blue team reboot - HackFest Blue team reboot - HackFest
Blue team reboot - HackFest Haydn Johnson
 
FIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT DevicesFIWARE Wednesday Webinars - How to Secure IoT Devices
FIWARE Wednesday Webinars - How to Secure IoT DevicesFIWARE
 
Hacking IoT with EXPLIoT Framework
Hacking IoT with EXPLIoT FrameworkHacking IoT with EXPLIoT Framework
Hacking IoT with EXPLIoT FrameworkPriyanka Aash
 
IoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangaloreIoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangaloreveerababu penugonda(Mr-IoT)
 
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...Felipe Prado
 
10 Tips for AIX Security
10 Tips for AIX Security10 Tips for AIX Security
10 Tips for AIX SecurityHelpSystems
 
BSides London 2015 - Proprietary network protocols - risky business on the wire.
BSides London 2015 - Proprietary network protocols - risky business on the wire.BSides London 2015 - Proprietary network protocols - risky business on the wire.
BSides London 2015 - Proprietary network protocols - risky business on the wire.Jakub Kałużny
 
Security Theatre (PHP Leuven)
Security Theatre (PHP Leuven)Security Theatre (PHP Leuven)
Security Theatre (PHP Leuven)xsist10
 
Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operationsSunny Neo
 
Security challenges for IoT
Security challenges for IoTSecurity challenges for IoT
Security challenges for IoTWSO2
 
Linux Security and Hardening, 40 Tips 2019
Linux Security and Hardening, 40 Tips 2019Linux Security and Hardening, 40 Tips 2019
Linux Security and Hardening, 40 Tips 2019Saeid Bostandoust
 
How to use shodan more powerful
How to use shodan more powerful How to use shodan more powerful
How to use shodan more powerful National Cheng Kung University
 
CONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocols
CONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocolsCONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocols
CONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocolsPROIDEA
 
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdfdino715195
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemCyber Security Alliance
 
A reading of the IBM Research 5-in-5 2018 Edition
A reading of the IBM Research 5-in-5 2018 EditionA reading of the IBM Research 5-in-5 2018 Edition
A reading of the IBM Research 5-in-5 2018 EditionPietro Leo
 
Fire & Ice: Making and Breaking macOS Firewalls
Fire & Ice: Making and Breaking macOS FirewallsFire & Ice: Making and Breaking macOS Firewalls
Fire & Ice: Making and Breaking macOS FirewallsPriyanka Aash
 
Cracking Into Embedded Devices - HACK.LU 2K8
Cracking Into Embedded Devices - HACK.LU 2K8Cracking Into Embedded Devices - HACK.LU 2K8
Cracking Into Embedded Devices - HACK.LU 2K8guest441c58b71
 
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2Chris Gates
 
Drupal Camp Bristol 2017 - Website insecurity
Drupal Camp Bristol 2017 - Website insecurityDrupal Camp Bristol 2017 - Website insecurity
Drupal Camp Bristol 2017 - Website insecurityGeorge Boobyer
 
SCADA Strangelove: взлом во имя
SCADA Strangelove: взлом во имяSCADA Strangelove: взлом во имя
SCADA Strangelove: взлом во имяEkaterina Melnik
 
SCADA Strangelove: Hacking in the Name
SCADA Strangelove: Hacking in the NameSCADA Strangelove: Hacking in the Name
SCADA Strangelove: Hacking in the NamePositive Hack Days
 
Bsidesnova- Pentesting Methodology - Making bits less complicated
Bsidesnova- Pentesting Methodology - Making bits less complicatedBsidesnova- Pentesting Methodology - Making bits less complicated
Bsidesnova- Pentesting Methodology - Making bits less complicatedOctavio Paguaga
 
Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...
Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...
Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...Sergey Gordeychik
 
NUS-ISS Learning Day 2019-Complying with new IoT cyber security guide
NUS-ISS Learning Day 2019-Complying with new IoT cyber security guideNUS-ISS Learning Day 2019-Complying with new IoT cyber security guide
NUS-ISS Learning Day 2019-Complying with new IoT cyber security guideNUS-ISS
 
How to prevent cyber terrorism taragana
How to prevent cyber terrorism taraganaHow to prevent cyber terrorism taragana
How to prevent cyber terrorism taraganaGilles Sgro
 
Securing the Internet of Things
Securing the Internet of ThingsSecuring the Internet of Things
Securing the Internet of ThingsPaul Fremantle
 
CONFidence 2017: Hackers vs SOC - 12 hours to break in, 250 days to detect (G...
CONFidence 2017: Hackers vs SOC - 12 hours to break in, 250 days to detect (G...CONFidence 2017: Hackers vs SOC - 12 hours to break in, 250 days to detect (G...
CONFidence 2017: Hackers vs SOC - 12 hours to break in, 250 days to detect (G...PROIDEA
 
Data Pipeline Plumbing
Data Pipeline PlumbingData Pipeline Plumbing
Data Pipeline PlumbingChristoph Engelbert
 
Gute Nachrichten, Schlechte Nachrichten
Gute Nachrichten, Schlechte NachrichtenGute Nachrichten, Schlechte Nachrichten
Gute Nachrichten, Schlechte NachrichtenChristoph Engelbert
 

More Related Content

Similar to What I learned about IoT Security ... and why it's so hard!

Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operationsSunny Neo
 
Security challenges for IoT
Security challenges for IoTSecurity challenges for IoT
Security challenges for IoTWSO2
 
Linux Security and Hardening, 40 Tips 2019
Linux Security and Hardening, 40 Tips 2019Linux Security and Hardening, 40 Tips 2019
Linux Security and Hardening, 40 Tips 2019Saeid Bostandoust
 
CONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocols
CONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocolsCONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocols
CONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocolsPROIDEA
 
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdfdino715195
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemCyber Security Alliance
 
A reading of the IBM Research 5-in-5 2018 Edition
A reading of the IBM Research 5-in-5 2018 EditionA reading of the IBM Research 5-in-5 2018 Edition
A reading of the IBM Research 5-in-5 2018 EditionPietro Leo
 
Fire & Ice: Making and Breaking macOS Firewalls
Fire & Ice: Making and Breaking macOS FirewallsFire & Ice: Making and Breaking macOS Firewalls
Fire & Ice: Making and Breaking macOS FirewallsPriyanka Aash
 
Cracking Into Embedded Devices - HACK.LU 2K8
Cracking Into Embedded Devices - HACK.LU 2K8Cracking Into Embedded Devices - HACK.LU 2K8
Cracking Into Embedded Devices - HACK.LU 2K8guest441c58b71
 
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2Chris Gates
 
Drupal Camp Bristol 2017 - Website insecurity
Drupal Camp Bristol 2017 - Website insecurityDrupal Camp Bristol 2017 - Website insecurity
Drupal Camp Bristol 2017 - Website insecurityGeorge Boobyer
 
SCADA Strangelove: взлом во имя
SCADA Strangelove: взлом во имяSCADA Strangelove: взлом во имя
SCADA Strangelove: взлом во имяEkaterina Melnik
 
SCADA Strangelove: Hacking in the Name
SCADA Strangelove: Hacking in the NameSCADA Strangelove: Hacking in the Name
SCADA Strangelove: Hacking in the NamePositive Hack Days
 
Bsidesnova- Pentesting Methodology - Making bits less complicated
Bsidesnova- Pentesting Methodology - Making bits less complicatedBsidesnova- Pentesting Methodology - Making bits less complicated
Bsidesnova- Pentesting Methodology - Making bits less complicatedOctavio Paguaga
 
Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...
Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...
Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...Sergey Gordeychik
 
NUS-ISS Learning Day 2019-Complying with new IoT cyber security guide
NUS-ISS Learning Day 2019-Complying with new IoT cyber security guideNUS-ISS Learning Day 2019-Complying with new IoT cyber security guide
NUS-ISS Learning Day 2019-Complying with new IoT cyber security guideNUS-ISS
 
How to prevent cyber terrorism taragana
How to prevent cyber terrorism taraganaHow to prevent cyber terrorism taragana
How to prevent cyber terrorism taraganaGilles Sgro
 
Securing the Internet of Things
Securing the Internet of ThingsSecuring the Internet of Things
Securing the Internet of ThingsPaul Fremantle
 
CONFidence 2017: Hackers vs SOC - 12 hours to break in, 250 days to detect (G...
CONFidence 2017: Hackers vs SOC - 12 hours to break in, 250 days to detect (G...CONFidence 2017: Hackers vs SOC - 12 hours to break in, 250 days to detect (G...
CONFidence 2017: Hackers vs SOC - 12 hours to break in, 250 days to detect (G...PROIDEA
 

Similar to What I learned about IoT Security ... and why it's so hard! (20)

Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operations
 
Security challenges for IoT
Security challenges for IoTSecurity challenges for IoT
Security challenges for IoT
 
Linux Security and Hardening, 40 Tips 2019
Linux Security and Hardening, 40 Tips 2019Linux Security and Hardening, 40 Tips 2019
Linux Security and Hardening, 40 Tips 2019
 
How to use shodan more powerful
How to use shodan more powerful How to use shodan more powerful
How to use shodan more powerful
 
CONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocols
CONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocolsCONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocols
CONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocols
 
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande Modem
 
A reading of the IBM Research 5-in-5 2018 Edition
A reading of the IBM Research 5-in-5 2018 EditionA reading of the IBM Research 5-in-5 2018 Edition
A reading of the IBM Research 5-in-5 2018 Edition
 
Fire & Ice: Making and Breaking macOS Firewalls
Fire & Ice: Making and Breaking macOS FirewallsFire & Ice: Making and Breaking macOS Firewalls
Fire & Ice: Making and Breaking macOS Firewalls
 
Cracking Into Embedded Devices - HACK.LU 2K8
Cracking Into Embedded Devices - HACK.LU 2K8Cracking Into Embedded Devices - HACK.LU 2K8
Cracking Into Embedded Devices - HACK.LU 2K8
 
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
 
Drupal Camp Bristol 2017 - Website insecurity
Drupal Camp Bristol 2017 - Website insecurityDrupal Camp Bristol 2017 - Website insecurity
Drupal Camp Bristol 2017 - Website insecurity
 
SCADA Strangelove: взлом во имя
SCADA Strangelove: взлом во имяSCADA Strangelove: взлом во имя
SCADA Strangelove: взлом во имя
 
SCADA Strangelove: Hacking in the Name
SCADA Strangelove: Hacking in the NameSCADA Strangelove: Hacking in the Name
SCADA Strangelove: Hacking in the Name
 
Bsidesnova- Pentesting Methodology - Making bits less complicated
Bsidesnova- Pentesting Methodology - Making bits less complicatedBsidesnova- Pentesting Methodology - Making bits less complicated
Bsidesnova- Pentesting Methodology - Making bits less complicated
 
Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...
Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...
Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...
 
NUS-ISS Learning Day 2019-Complying with new IoT cyber security guide
NUS-ISS Learning Day 2019-Complying with new IoT cyber security guideNUS-ISS Learning Day 2019-Complying with new IoT cyber security guide
NUS-ISS Learning Day 2019-Complying with new IoT cyber security guide
 
How to prevent cyber terrorism taragana
How to prevent cyber terrorism taraganaHow to prevent cyber terrorism taragana
How to prevent cyber terrorism taragana
 
Securing the Internet of Things
Securing the Internet of ThingsSecuring the Internet of Things
Securing the Internet of Things
 
CONFidence 2017: Hackers vs SOC - 12 hours to break in, 250 days to detect (G...
CONFidence 2017: Hackers vs SOC - 12 hours to break in, 250 days to detect (G...CONFidence 2017: Hackers vs SOC - 12 hours to break in, 250 days to detect (G...
CONFidence 2017: Hackers vs SOC - 12 hours to break in, 250 days to detect (G...
 

More from Christoph Engelbert

Gute Nachrichten, Schlechte Nachrichten
Gute Nachrichten, Schlechte NachrichtenGute Nachrichten, Schlechte Nachrichten
Gute Nachrichten, Schlechte NachrichtenChristoph Engelbert
 
Of Farm Topologies and Time-Series Data
Of Farm Topologies and Time-Series DataOf Farm Topologies and Time-Series Data
Of Farm Topologies and Time-Series DataChristoph Engelbert
 
PostgreSQL: The Time-Series Database You (Actually) Want
PostgreSQL: The Time-Series Database You (Actually) WantPostgreSQL: The Time-Series Database You (Actually) Want
PostgreSQL: The Time-Series Database You (Actually) WantChristoph Engelbert
 
Road to (Enterprise) Observability
Road to (Enterprise) ObservabilityRoad to (Enterprise) Observability
Road to (Enterprise) ObservabilityChristoph Engelbert
 
Hazelcast Jet - Riding the Jet Streams
Hazelcast Jet - Riding the Jet StreamsHazelcast Jet - Riding the Jet Streams
Hazelcast Jet - Riding the Jet StreamsChristoph Engelbert
 
Project Panama - Beyond the (JVM) Wall
Project Panama - Beyond the (JVM) WallProject Panama - Beyond the (JVM) Wall
Project Panama - Beyond the (JVM) WallChristoph Engelbert
 
The Delivery Hero - A Simpsons As A Service Storyboard
The Delivery Hero - A Simpsons As A Service StoryboardThe Delivery Hero - A Simpsons As A Service Storyboard
The Delivery Hero - A Simpsons As A Service StoryboardChristoph Engelbert
 
A Post-Apocalyptic sun.misc.Unsafe World
A Post-Apocalyptic sun.misc.Unsafe WorldA Post-Apocalyptic sun.misc.Unsafe World
A Post-Apocalyptic sun.misc.Unsafe WorldChristoph Engelbert
 
Distributed Computing with Hazelcast - Brazil Tour
Distributed Computing with Hazelcast - Brazil TourDistributed Computing with Hazelcast - Brazil Tour
Distributed Computing with Hazelcast - Brazil TourChristoph Engelbert
 
In-Memory Computing - Distributed Systems - Devoxx UK 2015
In-Memory Computing - Distributed Systems - Devoxx UK 2015In-Memory Computing - Distributed Systems - Devoxx UK 2015
In-Memory Computing - Distributed Systems - Devoxx UK 2015Christoph Engelbert
 
In-Memory Distributed Computing - Porto Tech Hub
In-Memory Distributed Computing - Porto Tech HubIn-Memory Distributed Computing - Porto Tech Hub
In-Memory Distributed Computing - Porto Tech HubChristoph Engelbert
 
JCache - Gimme Caching - JavaLand
JCache - Gimme Caching - JavaLandJCache - Gimme Caching - JavaLand
JCache - Gimme Caching - JavaLandChristoph Engelbert
 
Distributed Computing - An Interactive Introduction
Distributed Computing - An Interactive IntroductionDistributed Computing - An Interactive Introduction
Distributed Computing - An Interactive IntroductionChristoph Engelbert
 

More from Christoph Engelbert (20)

Data Pipeline Plumbing
Data Pipeline PlumbingData Pipeline Plumbing
Data Pipeline Plumbing
 
Gute Nachrichten, Schlechte Nachrichten
Gute Nachrichten, Schlechte NachrichtenGute Nachrichten, Schlechte Nachrichten
Gute Nachrichten, Schlechte Nachrichten
 
Of Farm Topologies and Time-Series Data
Of Farm Topologies and Time-Series DataOf Farm Topologies and Time-Series Data
Of Farm Topologies and Time-Series Data
 
PostgreSQL: The Time-Series Database You (Actually) Want
PostgreSQL: The Time-Series Database You (Actually) WantPostgreSQL: The Time-Series Database You (Actually) Want
PostgreSQL: The Time-Series Database You (Actually) Want
 
Road to (Enterprise) Observability
Road to (Enterprise) ObservabilityRoad to (Enterprise) Observability
Road to (Enterprise) Observability
 
Oops-Less Operation
Oops-Less OperationOops-Less Operation
Oops-Less Operation
 
Instan(t)a-neous Monitoring
Instan(t)a-neous MonitoringInstan(t)a-neous Monitoring
Instan(t)a-neous Monitoring
 
Don't Go, Java!
Don't Go, Java!Don't Go, Java!
Don't Go, Java!
 
TypeScript Go(es) Embedded
TypeScript Go(es) EmbeddedTypeScript Go(es) Embedded
TypeScript Go(es) Embedded
 
Hazelcast Jet - Riding the Jet Streams
Hazelcast Jet - Riding the Jet StreamsHazelcast Jet - Riding the Jet Streams
Hazelcast Jet - Riding the Jet Streams
 
CBOR - The Better JSON
CBOR - The Better JSONCBOR - The Better JSON
CBOR - The Better JSON
 
Project Panama - Beyond the (JVM) Wall
Project Panama - Beyond the (JVM) WallProject Panama - Beyond the (JVM) Wall
Project Panama - Beyond the (JVM) Wall
 
The Delivery Hero - A Simpsons As A Service Storyboard
The Delivery Hero - A Simpsons As A Service StoryboardThe Delivery Hero - A Simpsons As A Service Storyboard
The Delivery Hero - A Simpsons As A Service Storyboard
 
A Post-Apocalyptic sun.misc.Unsafe World
A Post-Apocalyptic sun.misc.Unsafe WorldA Post-Apocalyptic sun.misc.Unsafe World
A Post-Apocalyptic sun.misc.Unsafe World
 
Gimme Caching - The JCache Way
Gimme Caching - The JCache WayGimme Caching - The JCache Way
Gimme Caching - The JCache Way
 
Distributed Computing with Hazelcast - Brazil Tour
Distributed Computing with Hazelcast - Brazil TourDistributed Computing with Hazelcast - Brazil Tour
Distributed Computing with Hazelcast - Brazil Tour
 
In-Memory Computing - Distributed Systems - Devoxx UK 2015
In-Memory Computing - Distributed Systems - Devoxx UK 2015In-Memory Computing - Distributed Systems - Devoxx UK 2015
In-Memory Computing - Distributed Systems - Devoxx UK 2015
 
In-Memory Distributed Computing - Porto Tech Hub
In-Memory Distributed Computing - Porto Tech HubIn-Memory Distributed Computing - Porto Tech Hub
In-Memory Distributed Computing - Porto Tech Hub
 
JCache - Gimme Caching - JavaLand
JCache - Gimme Caching - JavaLandJCache - Gimme Caching - JavaLand
JCache - Gimme Caching - JavaLand
 
Distributed Computing - An Interactive Introduction
Distributed Computing - An Interactive IntroductionDistributed Computing - An Interactive Introduction
Distributed Computing - An Interactive Introduction
 

Recently uploaded

React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaHanief Utama
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesPhilip Schwarz
 
software engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptxsoftware engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptxnada99848
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Andreas Granig
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEEVICTOR MAESTRE RAMIREZ
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptkotipi9215
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 

Recently uploaded (20)

React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief Utama
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
 
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort ServiceHot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a series
 
software engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptxsoftware engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptx
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.ppt
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 

What I learned about IoT Security ... and why it's so hard!