Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Hacking IoT: the new threat for content assets

111 views

Published on

Connected devices play an important role in creating and consuming both theatrical and broadcast content, ranging from smart TVs, to connected cameras, to wireless routers, and more. However, these same devices also introduce new security risk, and new attack surfaces against which malicious adversaries can launch their campaigns. Presented by the elite security research group behind esteemed hacking concepts such as IoT Village, this session examines data-based industry trends, the ways in which connected devices are compromised, and what to do about it.
Speaker : Ted Harrington, ISE

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Hacking IoT: the new threat for content assets

  1. 1. H ACK ING I oT Ted Harrington, Executive Partner | ted.harrington@securityevaluators.com
  2. 2. ISE Proprietary 2
  3. 3. Agenda 3 A) Context B) Problems C) Solutions
  4. 4. Agenda 4 A) Context B) Problems C) Solutions
  5. 5. 5
  6. 6. 6
  7. 7. IoT Village: Results 7 • 113zero-days • 51device types • 39manufacturers
  8. 8. Common IoT Security Flaws 8 2015 • Denial of Service • Lack of Encryption • Key Exposure • Privilege Escalation • Remote Code Execution • Backdoors • Runs as Root 2016 • All of the previous!! PLUS: • Buffer Overflow • Command Injection • Session Management • Etc etc etc
  9. 9. Agenda 9 A) Context B) Problems C) Solutions
  10. 10. Weaponize wep-uh-nahyz - To convert to use as a weapon - To supply or equip with weapons
  11. 11. M&E Adversaries Could Use IoT to: • Pivot • Steal content • Circumvent/undermine monetization schema • Degrade the user experience • Deny access • Ensnare studio/vendor in DDoS botnet 11
  12. 12. DDoS Attacks 12
  13. 13. Mirai Botnet 13
  14. 14. Mirai Botnet 14 What is Mirai? Malware targeting Linux, that turns systems into ”bots”
  15. 15. A group of computing devices that can be centrally controlled Mirai Botnet 15 What is a botnet?
  16. 16. Mirai Botnet What is DDoS?
  17. 17. Mirai Botnet What is DDoS?
  18. 18. Mirai Botnet 18
  19. 19. Mirai Botnet 19
  20. 20. Mirai Botnet 20
  21. 21. Mirai Botnet
  22. 22. Mirai Botnet 22
  23. 23. Victim Chain 23
  24. 24. Agenda 24 A) Context B) Problems C) Solutions
  25. 25. Recommendations 25 Those Who Build • Threat Modeling • Secure Design Principles • Adversarial Perspective • Security Assessment Those Who Use • Reduce Attack Surface • Audit / Inventory • Change Default Credentials • Check for Updates
  26. 26. How Can ISE Help? ISE Proprietary 26 SECURITY ASSESSMENT vCISO
  27. 27. ted.harrington@securityevaluators.com THANK YOU!!

×