3. www.advstar.org
AdvSTAR Laboratory
3
Summary of IoT incidents in 2017
Date Event Type Damage
Feb 2017 CloudPets the toy bear Spy Surveillance 800,000 user account details leaked from database and
voice messages were exposed.
March 2017 Web services
vulnerability in Dahua’s
IOT products
Full remote control of devices Second largest IoT device manufacturer (USD$3B
revenue in 2017) reported to contain vulnerability in
most of its IoT products.
April 2017 Hajime malware Full remote control of devices 300,000 IoT devices formed new large scale botnet, but
no malicious activity detected?
May 2017 (discovered) Weeping Angel malware Spy Surveillance Unknown number of Samsung Smart TV being used as
spy surveillance station.
July 2017 GSOAP Vulnerability
(Devil’s Ivy)
Full control of IP cameras Over a million of Axis IP cameras were found to be
exploitable.
4. www.advstar.org
AdvSTAR Laboratory
4
Why IoT Security is difficult?
VERY DIFFICULT to maintain up-to-date vulnerabilities information for all devices.
● Too many IoT devices in the same company
● Insufficient information about the devices
Enterprises
● Too many components in IoT devices
● Not all developers are aware of latest security
issues
Vendors
5. www.advstar.org
AdvSTAR Laboratory
5
Technologies used in IoT Devices
Hardware
● Sensors (e.g. Camera, Thermometer)
● Actuators
● Network Interfaces
Software
● Operating Systems
● Interface (e.g. Web services)
● Data store
● Digital Certificate
● Supporting Software Libraries (Dependency)
13. www.advstar.org
AdvSTAR Laboratory
13
Vendor A Product
0001
Vendor C Product
A002
Vendor N Product
M
Security Officers / Risk Management Team
Browse Vendor A
Product 0001 Page
Browse Vendor C
Product A002 Page
Browse Vendor N
Product M Page
...
...
Notify infrastructure team for action
Vulnerabilities Found
Daily
Manual
Routine
Daily Operations
Enterprise B
14. www.advstar.org
AdvSTAR Laboratory
14
Enterprise B
Deliver to SIEM or alert SOC team
Patch and notify
related unit
Infrastructure List
● Vendor A Product 0001 (FW Ver. 1.01)
● Vendor C Product A002 (Rev 1a)
● Vendor N Product M (Build 2390cb14)
Threat Intelligence for Enterprises
New vulnerability found
Update Infrastructure Item
● Vendor C Product A002 (Rev 2a)
Threat
Intelligence
16. www.advstar.org
AdvSTAR Laboratory
16
Filtering
Vendor A
Vendor B
Vendor C
Enterprise D
Enterprise E
Enterprise F
Monitoring and Alerts
Collect Information From
External Sources
Dependency List
Intelligence Aggregation
Threat
Intelligence
⋮
Issue Tracker
CVE
Product Security
Advisory Pages
More
Mailing List
IRC
Classification
Malware
Analysis
Manual
Analysis
18. www.advstar.org
AdvSTAR Laboratory
18
Automation
More effective and accurate
process through automation
Consolidation
Consolidate information
from multiple sources
Threat Intelligence
Relevant and reliable information about technology risks of an organization
Identification
Identify facts that requires
attention
19. www.advstar.org
AdvSTAR Laboratory
19
Trust requires better understanding
Tracking of latest vulnerabilities of their products
Identify new targeted attacks
Vendors
Keep track of vulnerabilities in their devices
Review track record of vendors
Provide mitigation and actionable intelligence
Enterprise
Threat Intelligence
Reveal hidden risks
Improve transparency