3. It’s not about the “Things”, it’s about the RADIOS
3
Year: 2020
25B Devices
20B have Radios
Hundreds of Protocols
Billions of Devices
4. 4
It’s not about the “Things”,
it’s about the RADIOS
Year: 2020
25B Devices
20B have Radios
5. 5
It’s not about the “Things”, it’s about the RADIOS
Year: 2020
25B Devices 20B have Radios
6. The Internet of Things is Now!
6
Vulnerable
Wireless Devices
in
the Enterprise
Today
7. • 15 patents in process
–Small Device Radio
–Radio traffic analysis
–Radio Machine Learning
–RF persona
7
Bastille Intellectual Property
8. Case Study: Data Center Vulnerabilities
Unconfigured
Zigbee Network
Bluetooth Keyboard
Vulnerability
9. Examples of things that Bastille looks for:
Data exfiltration New members of Mesh Networks
Mobile phone “hotspots” Out of policy devices:hotspots, cams
BlueTooth Tethering to phones Unconfigure devices looking for pairs
Rogue Cell Towers Changes in behavior of a device in RF
Bugs Changes in behavior of RF Persona
RF Personas in the wrong areas
Known radio attack execution
New transmitters
9
10. Examples of things that Bastille looks for:
Data exfiltration New members of Mesh Networks
Mobile phone “hotspots” Out of policy devices:hotspots, cams
BlueTooth Tethering to phones Unconfigure devices looking for pairs
Rogue Cell Towers Changes in behavior of a device in RF
Bugs Changes in behavior of RF Persona
RF Personas in the wrong areas
Known radio attack execution
New transmitters
10
11. Examples of things that Bastille looks for:
Data exfiltration New members of Mesh Networks
Mobile phone “hotspots” Out of policy devices:hotspots, cams
BlueTooth Tethering to phones Unconfigure devices looking for pairs
Rogue Cell Towers Changes in behavior of a device in RF
Bugs Changes in behavior of RF Persona
RF Personas in the wrong areas
Known radio attack execution
New transmitters
11
12. Questions for your organization
In addition to WiFi, what other radio connected devices are operating in my facilities?
How many of these devices are set to default passwords?
Do I have any wireless mice in my facilty today?
Do I have MDM on every mobile device connected to my network?
What is my long term plan monitoring a Radio Enabled World.
12
Here’s an example from a finanical services company we are helping.
The VP of the Data Center told us “You won’t find anything we’ve got all of our wireless locked down.”
However, we found that he had two devices….one Zigee, one bluetooth, which were promiscuously asking to pair with control devices. One made the Data Center Chillers vulnerable, one could allow sending commands to the mainframe.