There's no S(ecurity) in IoT: This is why we can't sleep

•Download as PPTX, PDF•

0 likes•102 views

IoT devices are embedded systems. Essentially "[a] computer small enough to fit in a pocket". One wouldn’t put a computer on the Internet without at least considering securing it, yet security for IoT devices is quite often an afterthought.

Technology

There’s no S(ecurity) in IoT
There’s No S(ecurity)
In IoT:
This is why we can’t sleep
Jimmy Shah

Disclaimers
● The views, opinions, and positions expressed in this
presentation are solely those of the author
● They do not necessarily represent the views and
opinions of my employer and do not constitute or imply
any endorsement or recommendation from my employer

IoT Devices are embedded systems
● “A computer small enough to fit in a pocket”
● One wouldn’t put a computer on the Internet
without at least considering securing it

A story about a friend
●Embedded QA engineer
●Over a decade of experience
●Knows bugs can kill

A story about a friend, cont.
●6 month contract
●Project was a Sensor/Meter for an oil
pipeline
●Possible red flags
oOlder developer set in his ways
oDidn’t believe in source control
 Monolithic application, recompiled daily after bug
fixes

A story about a friend, cont.
●Fired couple months before contract end
oYou can be too good at your job
●Replaced by another worker w/ no QA exp.
oRubber stamped everything
● Must ship!

Case study: CloudPets DB Ransom
●CloudPets
●MongoDB instance compromised
●Must ship?
[1] https://www.theregister.co.uk/2017/02/28/cloudpets_database_leak/

Case study: Vizio TV monitoring
●VIZIO TVs were spying on users
●Must Sell Users/Buyers?
[1] https://www.consumer.ftc.gov/blog/vizio-settlement-smart-tvs-should-not-track-your-shows-without-your-ok
[2] Photo by Flickr user kennejima https://www.flickr.com/photos/kennejima/

Tips
●Research is your friend
oOSINT
 Search engines
 Periodical Databases
 Libraries
●Don’t be afraid to ask

Similar to There's no S(ecurity) in IoT: This is why we can't sleep

Evolving to Cloud-Native - Anand Rao

VMware Tanzu

Did you like it? Check out our blog to stay up to date: https://getindata.com/blog Currently there are more and more created videos distributed via multiple social media channels. It becomes more and more important to monitor all of them by companies to verify their customers' feedback, reviews, opinions. During the talk, we talk about extracting text from videos, analyzing language and prepare robust, scalable infrastructure for it. The idea behind platform is about having the mix between managed and self-managed service for Big Data processing. The keynote shows the case study of the MVP of the platform for marketing companies. Author: Albert Lewandowski Linkedin: https://www.linkedin.com/in/albert-lewandowski/ ___ Getindata is a company founded in 2014 by ex-Spotify data engineers. From day one our focus has been on Big Data projects. We bring together a group of best and most experienced experts in Poland, working with cloud and open-source Big Data technologies to help companies build scalable data architectures and implement advanced analytics over large data sets. Our experts have vast production experience in implementing Big Data projects for Polish as well as foreign companies including i.a. Spotify, Play, Truecaller, Kcell, Acast, Allegro, ING, Agora, Synerise, StepStone, iZettle and many others from the pharmaceutical, media, finance and FMCG industries. https://getindata.com

NLP for videos: Understanding customers' feelings in videos - Albert Lewandow...

GetInData

As a hacker and engineer I've been interested in identity and privacy since the dawn of the Internet and the online services it's enabled. For the past year I've been helping to build and open source The @ Platform, which inverts the usual model by giving everybody (and every thing) their own place to store data and control who (and what) has access to it. This talk will give an overview of the platform and its underlying protocol, and illustrate how it can be used to build privacy preserving apps and Internet connected things. It will also cover how the platform can be self hosted on devices like the Raspberry Pi, and how people can get involved in the open source community growing around it.

EMFcamp2022 - What if apps logged into you, instead of you logging into apps?

Chris Swan

Killing the golden calf of coding - We are Developers keynote

Christian Heilmann

How to choose a mobile development contractor

SimbirSoft

As professional service providers we often walk a fine line in delivering bespoke software to a diverse set of clients. Each with their own traits and desires. Clients want partnerships. So do agencies and service providers. Like in every human relationship, this calls for compromises and the need to give and take. From small to large, contracts and requirements are always contending with core Agile values. No methods, contracts or processes can replace nor dismiss the essential ingredients of understanding, openness, passion and creativity which are key in making software development a success and ensuring happy relationships. Which is often quite hard to achieve. This session is for business owners, sales professionals and client facing experts. It will share some lessons learned (sometimes the hard way) about: - how to sell digital projects to inexperienced Agile teams - how to deliver digital services within time and budget - protecting the team from overpromising delivering bad news to clients - negotiating contracts and adhering to them This presentation is called For good or for worse, building happy client relationships. It was part of Drupaljam 2023:connected, one of the largest Drupal events in Europe about Digital, Drupal and Open Source. This presentation can be used under Attribution-NonCommercial-ShareAlike (CC BY-NC-SA). Some content in it may be copyrighted and is used without explicit permission, with attribution and/or as illustration ("to quote"). https://drupaljam.nl/sessions/good-or-worse-making-happy-client-relationships

20 years of Agile Scrum: For good or for worse, making happy client relations...

Imre Gmelig Meijling

Introduction to TDD and BDD

Luis García Castro

DevSecCon Boston 2018: Technical debt - why I love it by Mike Bursell

DevSecCon

PNSQC 2021 January 28 Culture Jam

Pacific Northwest Software Quality Conference

Alkacon Software is offering a new partnership program for solution providers that make regular use of OpenCms in their projects. In this round table discussion Alexander will present the benefits of this partnership program. This session is targeted at representatives of OpenCms service resellers interested in the Alkacon OpenCms partnership program. Therefore it is primarily of interest for web agencies, IT solution providers and consulting companies offering OpenCms related services to the end customer.

OpenCms Days 2013 - OpenCms Partner Program

Alkacon Software GmbH & Co. KG

UX Prototyping (UXiD) - Slide by Anton Chandra and Bahni Mahariasha

Anton Chandra

UX class presentation

Theo V

How to Freelance for Mobile Developers Lesson 4 - Creating Contracts or Serv...

Richard Hart

Demystifying Smart Contracts

Bernard Peh

Javantura v7 - Behaviour Driven Development with Cucumber - Ivan Lozić Behaviour-Driven Development (or TDD for that matter) is one of the pillars of Software Quality. While it is very important, not many of us do it or do not have the support from the management to invest time in it. Commonly, it has been described as a waste of time or an intangible effort conflicting with the deadlines. In this presentation, I would like to share my experiences with the Behaviour-Driven Development, the effects of not having it at all, as well as the outcomes of working on projects where a significant amount of behavior is automated with Cucumber tool. By attending this session you will be able to learn what BDD and Cucumber are, how to build Cucumber tests and hear about first-hand experiences around automating specifications.

Javantura v7 - Behaviour Driven Development with Cucumber - Ivan Lozić

HUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association

2016 - IGNITE - Blameless System Design

devopsdaysaustin

AppDynamics User Group

Mike Ruangutai

Tactical Application Security: Getting Stuff Done - Black Hat Briefings 2015

Cory Scott

Pull requests do's and don'ts

Arie Bregman

A Tester's Life

Bertold Kolics

Similar to There's no S(ecurity) in IoT: This is why we can't sleep (20)

Evolving to Cloud-Native - Anand Rao

NLP for videos: Understanding customers' feelings in videos - Albert Lewandow...

EMFcamp2022 - What if apps logged into you, instead of you logging into apps?

Killing the golden calf of coding - We are Developers keynote

How to choose a mobile development contractor

20 years of Agile Scrum: For good or for worse, making happy client relations...

Introduction to TDD and BDD

DevSecCon Boston 2018: Technical debt - why I love it by Mike Bursell

PNSQC 2021 January 28 Culture Jam

OpenCms Days 2013 - OpenCms Partner Program

UX Prototyping (UXiD) - Slide by Anton Chandra and Bahni Mahariasha

UX class presentation

How to Freelance for Mobile Developers Lesson 4 - Creating Contracts or Serv...

Demystifying Smart Contracts

Javantura v7 - Behaviour Driven Development with Cucumber - Ivan Lozić

2016 - IGNITE - Blameless System Design

AppDynamics User Group

Tactical Application Security: Getting Stuff Done - Black Hat Briefings 2015

Pull requests do's and don'ts

A Tester's Life

More from Jimmy Shah

Recently someone released a worm on the Internet that targeted IoT devices. In the past similar worms turned your Internet connected cameras and DVRs into nodes in a massive botnet. This time it used the same entry points into your devices to brick them. The better to prevent them from possibly being turned into weapons of mass denial of service. We'll cover why that's a Bad Idea. And what are more constructive ways to get IoT/Internet-enabled embedded device manufacturers and vulnerability researchers to sit down at the same table.

Brick all the internet of things!(with notes)

Jimmy Shah

Mobile devices are not simply PCs. While one knows to look for an Advanced Persistent Threat(APT) on their desktop endpoints, mobile tends to be ignored. Setting up an MDM solution is not enough. Installing AV on as many devices as possible is not enough. The holes in the net are still too wide; attackers have more options than just malicious apps for getting on your network. Topics covered will be: How attackers are moving to mobile in order to bypass traditional protection. Apps are only one part of the problem. Documents, email, messaging are still left wide open Bypassing Mobile Antivirus Bypassing MDM, MAM and Containers Attackers are turning from apps to exploits. Finally we’ll cover what to do next – how to effectively deal with Mobile APT.

BYOD is now BYOT (Bring Your Own Threat) – Current Trends in Mobile APT

Jimmy Shah

The Internet of Things is not as complex as one would think. Objects(e.g. Power meters, Fridge computers, etc.) or "Things" don;t have their own Internet, instead they "speak" to each other over the same Internet we all use. There lies their vulnerability. Assuming that since the machines will only talk to each other, that no one will eavesdrop or intrude on their conversation. Security researchers have a saying, "Security through Obscurity is no Security". The presentation shows how the Internet of Things' veil of obscurity can be pierced by an attacker(or more likely a Security Researcher) would assess a particular Smart Parking Meter ecosystem. Only open source intelligence(OSINT)[e.g. patents, newspaper articles] was used to compile the information on: * parking meters * mesh networking * machine2machine(m2m) SIMs * management consoles * RF usage

Solar Powered Parking Meters - An IoT thought experiment

Jimmy Shah

Mobile malware analysis with the a.r.e. vm

Jimmy Shah

Viruses on mobile platforms why we don't/don't we have viruses on android_

Jimmy Shah

The 'Platypus' talk Malware on mobile phones is rapidly increasing. There are many reasons for this, but the primary one is the ease of monetizing malware on mobile phones, Attackers are incentivized to create more malware faster and cheaper. They are overwhelming the limited resources of malware researchers with this glut of cheap and "good enough" malware. Malware can be identified by humans, but there is insufficient time to handle all that is released daily by malware writers. There is a need to develop both better heuristics and the tools that let an analyst separate the wheat from the chaff. The presentation will cover not just the development of heuristics for mobile malware, but also its path from simple detection to more advanced and more successful(i.e fewer false positives) detection. Along the way we will cover the missteps and pitfalls that slow the development of automation.

Mobile malware heuristics the path from 'eh' to pretty good'

Jimmy Shah

Isn't it all just SMS-sending trojans?: Real Advances in Android Malware

Jimmy Shah

Symbian Botnet? Mobile Linux Rootkits? iPhone Botnets? Millions of phones at risk? The press coverage on smart phone threats is at times somewhat accurate, distant, and occasionally (if unintentionally) misleading. They tend to raise questions such as: How close to PC levels (100,000+ to millions of nodes) have mobile botnets reached? Have mobile rootkits reached the complexity of those on the PC? This talk covered the state of rootkits and botnets on smart phones from the perspective of anti-malware researchers, including demystification of the threat from mobile rootkits and mobile botnets, the differences (if any) between mobile rootkits and mobile botnets vs. their PC counterparts, and a look at how samples seen in the wild and researcher PoCs function.

Smartphone Ownage: The state of mobile botnets and rootkits

Jimmy Shah

More from Jimmy Shah (8)

Brick all the internet of things!(with notes)

BYOD is now BYOT (Bring Your Own Threat) – Current Trends in Mobile APT

Solar Powered Parking Meters - An IoT thought experiment

Mobile malware analysis with the a.r.e. vm

Viruses on mobile platforms why we don't/don't we have viruses on android_

Mobile malware heuristics the path from 'eh' to pretty good'

Isn't it all just SMS-sending trojans?: Real Advances in Android Malware

Smartphone Ownage: The state of mobile botnets and rootkits

Recently uploaded

Data Cloud, More than a CDP by Matt Robison

Anna Loughnan Colquhoun

Finology Group – Insurtech Innovation Award 2024

The Digital Insurer

Microsoft's Threat Matrix for Kubernetes helps organizations understand the attack surface a Kubernetes deployment introduces to their environments. This ensures that adequate detections and mitigations are in place. By covering over 40 different attacker techniques, defenders can learn about Kubernetes-specific mitigations and controls to deploy to their environments. In this session, we will explore the MS-TA9013 Host Path Mount technique, which is commonly used by attackers to perform privilege escalation in a Kubernetes cluster. Attendees will learn how attackers and defenders can: * Escape the container's host volume mount to gain persistence on an underlying node * Move laterally from the underlying node into the customer's cloud environment * Analyze Kubernetes audit logs to detect pods deployed with a hostPath mount * Deploy an admission controller that prevents new pods from using a hostPath mount

Breaking the Kubernetes Kill Chain: Host Path Mount

Puma Security, LLC

Histor y of HAM Radio presentation slide

vu2urc

Real Time Object Detection Using Open CV

Khem

BooK Now Call us at +918448380779 to hire a gorgeous and seductive call girl for sex. Take a Delhi Escort Service. The help of our escort agency is mostly meant for men who want sexual Indian Escorts In Delhi NCR. It should be noted that any impersonator will get 100 attention from our Young Girls Escorts in Delhi. They will assume the position of reliable allies. VIP Call Girl With Original Photos Book Tonight +918448380779 Our Cheap Price 1 Hour not available 2 Hours 5000 Full Night 8000 TAG: Call Girls in Delhi, Noida, Gurgaon, Ghaziabad, Connaught Place, Greater Kailash Delhi, Lajpat Nagar Delhi, Mayur Vihar Delhi, Chanakyapuri Delhi, New Friends Colony Delhi, Majnu Ka Tilla, Karol Bagh, Malviya Nagar, Saket, Khan Market, Noida Sector 18, Noida Sector 76, Noida Sector 51, Gurgaon Mg Road, Iffco Chowk Gurgaon, Rajiv Chowk Gurgaon All Delhi Ncr Free Home Deliver

08448380779 Call Girls In Civil Lines Women Seeking Men

Delhi Call girls

GenCyber Cyber Security Day Presentation

Michael W. Hawkins

Created by Mozilla Research in 2012 and now part of Linux Foundation Europe, the Servo project is an experimental rendering engine written in Rust. It combines memory safety and concurrency to create an independent, modular, and embeddable rendering engine that adheres to web standards. Stewardship of Servo moved from Mozilla Research to the Linux Foundation in 2020, where its mission remains unchanged. After some slow years, in 2023 there has been renewed activity on the project, with a roadmap now focused on improving the engine’s CSS 2 conformance, exploring Android support, and making Servo a practical embeddable rendering engine. In this presentation, Rakhi Sharma reviews the status of the project, our recent developments in 2023, our collaboration with Tauri to make Servo an easy-to-use embeddable rendering engine, and our plans for the future to make Servo an alternative web rendering engine for the embedded devices industry. (c) Embedded Open Source Summit 2024 April 16-18, 2024 Seattle, Washington (US) https://events.linuxfoundation.org/embedded-open-source-summit/ https://ossna2024.sched.com/event/1aBNF/a-year-of-servo-reboot-where-are-we-now-rakhi-sharma-igalia

A Year of the Servo Reboot: Where Are We Now?

Igalia

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

In this session, we will delve into strategic approaches for optimizing knowledge management within Microsoft 365, amidst the evolving landscape of Copilot. From leveraging automatic metadata classification and permission governance with SharePoint Premium, to unlocking Viva Engage for the cultivation of knowledge and communities, you will gain actionable insights to bolster your organization's knowledge-sharing initiatives. In this session, we will also explore how to facilitate solutions to enable your employees to find answers and expertise within Microsoft 365. You will leave equipped with practical techniques and a deeper understanding of how there is more to effective knowledge management than just enabling Copilot, but building actual solutions to prepare the knowledge that Copilot and your employees can use.

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Drew Madelung

Advantages of Hiring UIUX Design Service Providers for Your Business

Pixlogix Infotech

CNv6 Instructor Chapter 6 Quality of Service

giselly40

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

Delhi Call girls

[2024]Digital Global Overview Report 2024 Meltwater.pdf

hans926745

Enterprise Knowledge’s Urmi Majumder, Principal Data Architecture Consultant, and Fernando Aguilar Islas, Senior Data Science Consultant, presented "Driving Behavioral Change for Information Management through Data-Driven Green Strategy" on March 27, 2024 at Enterprise Data World (EDW) in Orlando, Florida. In this presentation, Urmi and Fernando discussed a case study describing how the information management division in a large supply chain organization drove user behavior change through awareness of the carbon footprint of their duplicated and near-duplicated content, identified via advanced data analytics. Check out their presentation to gain valuable perspectives on utilizing data-driven strategies to influence positive behavioral shifts and support sustainability initiatives within your organization. In this session, participants gained answers to the following questions: - What is a Green Information Management (IM) Strategy, and why should you have one? - How can Artificial Intelligence (AI) and Machine Learning (ML) support your Green IM Strategy through content deduplication? - How can an organization use insights into their data to influence employee behavior for IM? - How can you reap additional benefits from content reduction that go beyond Green IM?

Driving Behavioral Change for Information Management through Data-Driven Gree...

Enterprise Knowledge

The presentation explores the development and application of artificial intelligence (AI) from its inception to its current status in the modern world. The term "artificial intelligence" was first coined by John McCarthy in 1956 to describe efforts to develop computer programs capable of performing tasks that typically require human intelligence. This concept was first introduced at a conference held at Dartmouth College, where programs demonstrated capabilities such as playing chess, proving theorems, and interpreting texts. In the early stages, Alan Turing contributed to the field by defining intelligence as the ability of a being to respond to certain questions intelligently, proposing what is now known as the Turing Test to evaluate the presence of intelligent behavior in machines. As the decades progressed, AI evolved significantly. The 1980s focused on machine learning, teaching computers to learn from data, leading to the development of models that could improve their performance based on their experiences. The 1990s and 2000s saw further advances in algorithms and computational power, which allowed for more sophisticated data analysis techniques, including data mining. By the 2010s, the proliferation of big data and the refinement of deep learning techniques enabled AI to become mainstream. Notable milestones included the success of Google's AlphaGo and advancements in autonomous vehicles by companies like Tesla and Waymo. A major theme of the presentation is the application of generative AI, which has been used for tasks such as natural language text generation, translation, and question answering. Generative AI uses large datasets to train models that can then produce new, coherent pieces of text or other media. The presentation also discusses the ethical implications and the need for regulation in AI, highlighting issues such as privacy, bias, and the potential for misuse. These concerns have prompted calls for comprehensive regulations to ensure the safe and equitable use of AI technologies. Artificial intelligence has also played a significant role in healthcare, particularly highlighted during the COVID-19 pandemic, where it was used in drug discovery, vaccine development, and analyzing the spread of the virus. The capabilities of AI in healthcare are vast, ranging from medical diagnostics to personalized medicine, demonstrating the technology's potential to revolutionize fields beyond just technical or consumer applications. In conclusion, AI continues to be a rapidly evolving field with significant implications for various aspects of society. The development from theoretical concepts to real-world applications illustrates both the potential benefits and the challenges that come with integrating advanced technologies into everyday life. The ongoing discussion about AI ethics and regulation underscores the importance of managing these technologies responsibly to maximize their their benefits while minimizing potential harms.

Artificial Intelligence: Facts and Myths

Joaquim Jorge

In an era where artificial intelligence (AI) stands at the forefront of business innovation, Information Architecture (IA) is at the core of functionality. See “There’s No AI Without IA” – (from 2016 but even more relevant today) Understanding and leveraging how Information Architecture (IA) supports AI synergies between knowledge engineering and prompt engineering is critical for senior leaders looking to successfully deploy AI for internal and externally facing knowledge processes. This webinar be a high-level overview of the methodologies that can elevate AI-driven knowledge processes supporting both employees and customers. Core Insights Include: Strategic Knowledge Engineering: Delve into how structuring AI's knowledge base is required to prevent hallucinations, enable contextual retrieval of accurate information. This will include discussion of gold standard libraries of use cases support testing various LLMs and structures and configurations of knowledge base. Precision in Prompt Engineering: Learn the art of crafting prompts that direct AI to deliver targeted, relevant responses, thereby optimizing customer experiences and business outcomes. Unified Approach for Enhanced AI Performance: Explore the intersection of knowledge and prompt engineering to develop AI systems that are not only more responsive but also aligned with overarching business strategies. Guiding Principles for Implementation: Equip yourself with best practices, ethical guidelines, and strategic considerations for embedding these technologies into your business ecosystem effectively. This webinar is designed to empower business and technology leaders with the knowledge to harness the full potential of AI, ensuring their organizations not only keep pace with digital transformation but lead the charge. Join us to map a roadmap to fully leverage Information Architecture (IA) and AI chart a course towards a future where AI is a key pillar of strategic innovation and business success.

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx

Earley Information Science

Explore 'The Codex of Business: Writing Software for Real-World Solutions,' a compelling SlideShare presentation that delves into digital transformation in healthcare. Discover through a detailed case study how Agile methodologies empower healthcare providers to develop, iterate, and refine digital solutions that address real-world challenges. Learn how strategic planning, user feedback, and continuous improvement drive success in deploying technologies that enhance patient care and operational efficiency. Ideal for healthcare professionals, IT specialists, and digital transformation advocates seeking actionable insights and practical examples of technology making a real difference.

The Codex of Business Writing Software for Real-World Solutions 2.pptx

Malak Abu Hammad

Handwritten Text Recognition for manuscripts and early printed texts

Maria Levchenko

Slack Application Development 101 Slides

praypatel2

Recently uploaded (20)

Data Cloud, More than a CDP by Matt Robison

Finology Group – Insurtech Innovation Award 2024

Breaking the Kubernetes Kill Chain: Host Path Mount

Histor y of HAM Radio presentation slide

Real Time Object Detection Using Open CV

08448380779 Call Girls In Civil Lines Women Seeking Men

GenCyber Cyber Security Day Presentation

A Year of the Servo Reboot: Where Are We Now?

How to Troubleshoot Apps for the Modern Connected Worker

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Advantages of Hiring UIUX Design Service Providers for Your Business

CNv6 Instructor Chapter 6 Quality of Service

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

[2024]Digital Global Overview Report 2024 Meltwater.pdf

Driving Behavioral Change for Information Management through Data-Driven Gree...

Artificial Intelligence: Facts and Myths

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx

The Codex of Business Writing Software for Real-World Solutions 2.pptx

Handwritten Text Recognition for manuscripts and early printed texts

Slack Application Development 101 Slides

There's no S(ecurity) in IoT: This is why we can't sleep

1. There’s no S(ecurity) in IoT There’s No S(ecurity) In IoT: This is why we can’t sleep Jimmy Shah

2. Disclaimers ● The views, opinions, and positions expressed in this presentation are solely those of the author ● They do not necessarily represent the views and opinions of my employer and do not constitute or imply any endorsement or recommendation from my employer

3. IoT Devices are embedded systems ● “A computer small enough to fit in a pocket” ● One wouldn’t put a computer on the Internet without at least considering securing it

4. A story about a friend ●Embedded QA engineer ●Over a decade of experience ●Knows bugs can kill

5. A story about a friend, cont. ●6 month contract ●Project was a Sensor/Meter for an oil pipeline ●Possible red flags oOlder developer set in his ways oDidn’t believe in source control  Monolithic application, recompiled daily after bug fixes

6. A story about a friend, cont. ●Fired couple months before contract end oYou can be too good at your job ●Replaced by another worker w/ no QA exp. oRubber stamped everything ● Must ship!

7. Case study: CloudPets DB Ransom ●CloudPets ●MongoDB instance compromised ●Must ship? [1] https://www.theregister.co.uk/2017/02/28/cloudpets_database_leak/

8. Case study: Vizio TV monitoring ●VIZIO TVs were spying on users ●Must Sell Users/Buyers? [1] https://www.consumer.ftc.gov/blog/vizio-settlement-smart-tvs-should-not-track-your-shows-without-your-ok [2] Photo by Flickr user kennejima https://www.flickr.com/photos/kennejima/

9. Tips ●Research is your friend oOSINT  Search engines  Periodical Databases  Libraries ●Don’t be afraid to ask

10. Questions?

There's no S(ecurity) in IoT: This is why we can't sleep

Recommended

Recommended

More Related Content

Similar to There's no S(ecurity) in IoT: This is why we can't sleep

Similar to There's no S(ecurity) in IoT: This is why we can't sleep (20)

More from Jimmy Shah

More from Jimmy Shah (8)

Recently uploaded

Recently uploaded (20)

There's no S(ecurity) in IoT: This is why we can't sleep