The Insecurity of Industrial Things
Your SlideShare is downloading.
×
Check these out next
Recommended
More Related Content
Similar to IoT-Home fails (20)
More from OMM Solutions GmbH (20)
Recently uploaded (20)
IoT-Home fails
- 1. www.tech-talks.eu OMM Solutions TECHtalks #20 1< OMM Solutions GmbH >
- 2. www.tech-talks.eu Einmal im Monat ist TECHtalk Zeit! First come first served! < OMM Solutions GmbH > 2
- 3. www.tech-talks.eu Talk: Home IoT Fails - How to NOT secure a device. Or: Why you probably shouldn’t buy just any “smart device” Speaker: Olaf Horstmann 3< OMM Solutions GmbH >
- 4. www.tech-talks.eu What is IoT? 4 Quelle: https://www.youtube.com/watch?v=v2kV6pgJxuo
- 5. www.tech-talks.eu • 26 bn connected devices (75 bn until 2025) • estimations are, that at least 50-60% can be hacked with simple methods and ready-to-buy tools/hardware … and not very secure IoT is already massive … 5 Quelle: https://www.statista.com/statistics/471264/iot-number- of-connected-devices-worldwide/
- 6. www.tech-talks.eu • the doll contains a microphone and a speaker • once the original paired device is out of range or turned off, any other device and pair with Cayla • we’d barely call this “hacking”, more like “insecurely implemented” … is not so loyal once the owner is out of sight My friend Cayla 6 Quelle: https://www.cleankids.de/wp-content/uploads/2017/02/rofu1-17 4x300.jpg
- 7. www.tech-talks.eu • Database was hacked in 2017 • userdata of 800.000 customers leaked • including custom voice-messages between parents and their children CloudPets 7 Quelle: https://www.idgcdn.com.au/article/images/740x500/dimg/scree n-shot-2017-02-27-at-43408-pm-100710841-orig.jpg
- 8. www.tech-talks.eu Merlin@Home • device is used to wirelessly monitor the pacemaker and transmit data to the physician • attackers could connect to the pacemaker within a 3 meter radius • 465.000 devices affected • can be patched via software, but must be done in the doctors office • even with a chance of only 0.001% risk of complications (hypothetical number) there are 5 people that might suffer consequences Even pacemakers are connected today 8 Quelle: http://professional.sjm.com/~/media/galaxy/hcp/featured-produ cts/crm/merlin-at-home-transmitter/merlin-at-home-1.jpg
- 9. www.tech-talks.eu Smart Locks 9 Secure locks are rare • 12 of 16 tested locks insecure • can be “hacked” in 2 seconds with an Android-App • can be opened with a screwdriver • signal can be recorded and replayed at any time (basically a 1990s garage opener insecurity) • there are secure locks, but they are rare Quelle: https://your-smarthome.com/blog/wp-content/uploads/2016/11/ Goji-T%C3%BCrschloss-150x150.jpg
- 10. www.tech-talks.eu • the gun was developed to be only usable when wearing the smart wristband • the gun can also be “unlocked”(“hacked”) with a 10€ magnet … outsmarted with a cheap magnet Smart Gun … 10 Quelle: https://static.designboom.com/wp-content/uploads/2014/02/sm artwatch-controlled-pistol-designboom05.jpg https://scr3.golem.de/screenshots/1402/Armatix-iP1/thumb620 /80d17cd287.jpg
- 11. www.tech-talks.eu • between 600.000 and 2.5mil infected devices* (mostly CCTV Cameras and DVRs) • used to create DDoS** attacks in 2016 with traffic-spikes of up to 1.2Tbps (~150GB of data or ~25h of 4K video / second) • allegedly created by the owner of a DDoS Mitigation Company to “boost his business” probably the best known quantitative attack Mirai Botnet 11 *https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-antonakakis.pdf, https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mirai-botnet-creates-army-iot-orcs/ **DDoS (Distributed Denial of Service): Many single devices try to connect to a central service (e.g. omm-solutions.de -> that services will go offline due to the high load Quelle: https://www.incapsula.com/blog/wp-content/uploads/2016/10/ mirai-botnet-map.png
- 12. www.tech-talks.eu Sadly but true • there has been no device category yet, that has not yet been hacked • children’s toys • appliances • tools • locks • medical devices • cameras • guns • bedroom/adult toys • smart tvs • computers are still not top secured, but IoT devices are way easier to “hack” In essence 12
- 13. www.tech-talks.eu • There are tons of unsecured cameras openly accessible on the web • http://www.insecam.org/ Security Cameras 13
- 14. www.tech-talks.eu Vielen Dank für Eure Aufmerksamkeit! 14< OMM Solutions GmbH >
- 15. www.tech-school.eu OMM Solutions GmbH Vor dem Lauch 19 70567 Stuttgart Germany Fragen oder Interesse? 15< OMM Solutions GmbH > Ihr persönlicher Ansprechpartner Olaf Horstmann Geschäftsführer Technologie OMM Solutions GmbH Vor dem Lauch 19 70567 Stuttgart Germany oh@omm-solutions.de +49 (0)711 995 985-75
- 16. www.tech-talks.eu 16< OMM Solutions GmbH > OMM Solutions GmbH Vor dem Lauch 19 70567 Stuttgart Geschäftsführer Martin Allmendinger Malte Horstmann Olaf Horstmann Kontakt Telefon: +49 711 995 985 80 E-Mail: info@omm-solutions.de Umsatzsteuer-ID: DE295716572 Sitz der Gesellschaft: Stuttgart Amtsgericht Stuttgart, HRB 749562 Impressum
