SlideShare a Scribd company logo

Debunking IoT Security Myths

C
cumulocity

This document debunks common myths about Internet of Things (IoT) security. It discusses that IoT devices pose unique security challenges due to their large numbers, limited control and heterogeneity. Common myths addressed include that devices must be servers, VPNs alone can ensure security, and that any one protocol is inherently more secure. The document recommends translating typical security practices to the IoT context, including physical security of devices, secure network configurations, and using devices as clients to authenticated cloud services rather than standalone servers.

Technology
1 of 15
Download to read offline
Debunking IoT Security Myths © Cumulocity GmbH 2014 André Eickler
Overview • What is Cumulocity? • What is the Internet of Things (IoT)? • What security challenges are there? • What common myths are there? • What you can do! © Cumulocity GmbH 2014
What is Cumulocity? Where do we come from? • Started 2010 as Nokia Networks product line. • Independent company since 2012. • Originally targeted to the very security-aware telco industry. What do we do? • Cloud service to fundamentally reduce the complexity of deploying Internet of Things solutions. • Pay-as-you-grow starting from €1/device/month. © Cumulocity GmbH 2014
What is Cumulocity? © Cumulocity GmbH 2014
What is the Internet of Things? Asset + Device + Application © Cumulocity GmbH 2014
What security challenges are there? IoT devices are where your assets are. • Limited physical control over device and network connection. • “Data center distributed all over the country.” IoT devices are extremely heterogeneous. • Little standardization, thousands of manufacturers and platforms. • “BYOD to the max.” IoT devices come in billions. • … at least if the analysts are right. • Great target for dDoS. © Cumulocity GmbH 2014
What security challenges are there? IoT devices may control the physical world. • Production plants, cars, wheel chairs, … • Extremely attractive target for attacks. IoT business cases often rely on cheap devices. • Low-end devices make communication security difficult. • Often no remote patching or upgrade facility. • Mobile M2M tariffs are counted by the KB, SSL/VPN overhead unwanted. © Cumulocity GmbH 2014
What common myths are there? Actual issues are no surprise to security experts, but … • They are not viewed from the context of IoT. • They are misunderstood even by renowned publishers. © Cumulocity GmbH 2014
© Cumulocity GmbH 2014 IPSO Power Control c’t 09/13, p.98 Myth #1: The “thing” must be a server
Myth #1: The “thing” must be a server © Cumulocity GmbH 2014 Device is Server Device is Client Security Very High Risk No open port => lower Optimal for Actuators Sensors Data sharing By device (not in mobile!) By server Data Access & Scaling Difficult to impossible Easy and cheap Addressing Static IP Dynamic & Private IP Consequence Requires VPN Requires Device Push
Myth #2: A VPN solution is enough for security © Cumulocity GmbH 2014
Myth #2: A VPN solution is enough for security • Industrial-level attacks often come from insiders – IoT is just a new dimension. • IoT devices are often unattended and a VPN setup may be used as entry point into the corporate network. • Mobile IoT devices can be still attacked through SMS (reconfiguration, redirection, DoS). • VPN causes expensive overhead on mobile, customers complain about an extra 10-90 MB of traffic per month. © Cumulocity GmbH 2014
Myth #3: My protocol is better! © Cumulocity GmbH 2014
What you can do! Translate your security practices to the IoT world. I.e., • Check physical security. – USB/serial/LAN ports on devices in public places? – Tamper sensors included? • Check network security. – Switch off SMS on the device or use a secure SMS service. – Switch off local/web element managers. – Replace standard/static passwords. • Check application security. – Validate device protocol. Use device only as client to a secure IoT service with individual credentials. © Cumulocity GmbH 2014
What you can do! Don’t reinvent the wheel, pick an IoT middleware … © Cumulocity GmbH 2014 https://cumulocity.com

Recommended

Internet of Things
Internet of ThingsInternet of Things
Internet of Thingscumulocity
 
Internet of things basics
Internet of things basicsInternet of things basics
Internet of things basicscumulocity
 
Top 10 reasons your IoT project will fail
Top 10 reasons your IoT project will failTop 10 reasons your IoT project will fail
Top 10 reasons your IoT project will failYodit Stanton
 
Iot 1906 - approaches for building applications with the IBM IoT cloud
Iot 1906 - approaches for building applications with the IBM IoT cloudIot 1906 - approaches for building applications with the IBM IoT cloud
Iot 1906 - approaches for building applications with the IBM IoT cloudPeterNiblett
 
Dynamic Software Defined Network Infrastructure Test Bed at Marist College
Dynamic Software Defined Network Infrastructure Test Bed at Marist CollegeDynamic Software Defined Network Infrastructure Test Bed at Marist College
Dynamic Software Defined Network Infrastructure Test Bed at Marist CollegeADVA
 
“Machine Learning for the Real World: What is Acceptable Accuracy, and How Ca...
“Machine Learning for the Real World: What is Acceptable Accuracy, and How Ca...“Machine Learning for the Real World: What is Acceptable Accuracy, and How Ca...
“Machine Learning for the Real World: What is Acceptable Accuracy, and How Ca...Edge AI and Vision Alliance
 
People Counting: Internet of Things in Motion at JavaOne 2013
People Counting: Internet of Things in Motion at JavaOne 2013People Counting: Internet of Things in Motion at JavaOne 2013
People Counting: Internet of Things in Motion at JavaOne 2013Eurotech
 
Session 1908 connecting devices to the IBM IoT Cloud
Session 1908 connecting devices to the IBM IoT CloudSession 1908 connecting devices to the IBM IoT Cloud
Session 1908 connecting devices to the IBM IoT CloudPeterNiblett
 

Recommended

Internet of Things
Internet of ThingsInternet of Things
Internet of Thingscumulocity
 
Internet of things basics
Internet of things basicsInternet of things basics
Internet of things basicscumulocity
 
Top 10 reasons your IoT project will fail
Top 10 reasons your IoT project will failTop 10 reasons your IoT project will fail
Top 10 reasons your IoT project will failYodit Stanton
 
Iot 1906 - approaches for building applications with the IBM IoT cloud
Iot 1906 - approaches for building applications with the IBM IoT cloudIot 1906 - approaches for building applications with the IBM IoT cloud
Iot 1906 - approaches for building applications with the IBM IoT cloudPeterNiblett
 
Dynamic Software Defined Network Infrastructure Test Bed at Marist College
Dynamic Software Defined Network Infrastructure Test Bed at Marist CollegeDynamic Software Defined Network Infrastructure Test Bed at Marist College
Dynamic Software Defined Network Infrastructure Test Bed at Marist CollegeADVA
 
“Machine Learning for the Real World: What is Acceptable Accuracy, and How Ca...
“Machine Learning for the Real World: What is Acceptable Accuracy, and How Ca...“Machine Learning for the Real World: What is Acceptable Accuracy, and How Ca...
“Machine Learning for the Real World: What is Acceptable Accuracy, and How Ca...Edge AI and Vision Alliance
 
People Counting: Internet of Things in Motion at JavaOne 2013
People Counting: Internet of Things in Motion at JavaOne 2013People Counting: Internet of Things in Motion at JavaOne 2013
People Counting: Internet of Things in Motion at JavaOne 2013Eurotech
 
Session 1908 connecting devices to the IBM IoT Cloud
Session 1908 connecting devices to the IBM IoT CloudSession 1908 connecting devices to the IBM IoT Cloud
Session 1908 connecting devices to the IBM IoT CloudPeterNiblett
 
Foster your business with the cloud - Webinar for MSPs
Foster your business with the cloud - Webinar for MSPsFoster your business with the cloud - Webinar for MSPs
Foster your business with the cloud - Webinar for MSPsManuel Daza
 
M2M Scenario
M2M ScenarioM2M Scenario
M2M ScenarioMartin Gutberlet
 
IBM_BHTelecom_Cloud_Orchestrator
IBM_BHTelecom_Cloud_OrchestratorIBM_BHTelecom_Cloud_Orchestrator
IBM_BHTelecom_Cloud_OrchestratorAdnan Hantalasevic
 
Industrial IoT Mayhem? Java IoT Gateways to the Rescue
Industrial IoT Mayhem? Java IoT Gateways to the RescueIndustrial IoT Mayhem? Java IoT Gateways to the Rescue
Industrial IoT Mayhem? Java IoT Gateways to the RescueEurotech
 
Real World IoT Architecture Use Cases
Real World IoT Architecture Use CasesReal World IoT Architecture Use Cases
Real World IoT Architecture Use CasesEurotech
 
Gen-i: Business Continuity considering reputation, security and virtualisation
Gen-i: Business Continuity considering reputation, security and virtualisationGen-i: Business Continuity considering reputation, security and virtualisation
Gen-i: Business Continuity considering reputation, security and virtualisationVincent Kwon
 
OSGi and Java in Industrial IoT
OSGi and Java in Industrial IoTOSGi and Java in Industrial IoT
OSGi and Java in Industrial IoTEurotech
 
Carousel Industries
Carousel IndustriesCarousel Industries
Carousel Industriesgueste845fd
 
Simplify Internet of Things with an Intelligent Gateway
Simplify Internet of Things with an Intelligent GatewaySimplify Internet of Things with an Intelligent Gateway
Simplify Internet of Things with an Intelligent GatewayEurotech
 
Ibm ai in cognitive era
Ibm ai in cognitive eraIbm ai in cognitive era
Ibm ai in cognitive eraMike Chang
 
Developing Interoperable Components for an Open IoT Foundation
Developing Interoperable Components for an Open IoT Foundation Developing Interoperable Components for an Open IoT Foundation
Developing Interoperable Components for an Open IoT Foundation Eurotech
 
L’IoT industriale e i vantaggi competitivi della trasformazione digitale
L’IoT industriale e i vantaggi competitivi della trasformazione digitale L’IoT industriale e i vantaggi competitivi della trasformazione digitale
L’IoT industriale e i vantaggi competitivi della trasformazione digitale Eurotech
 
Siyavuyisa Township Networks 2011
Siyavuyisa Township Networks 2011Siyavuyisa Township Networks 2011
Siyavuyisa Township Networks 2011siyavuyisa
 
The Rise of Communications-as-a-Service (CaaS)
The Rise of Communications-as-a-Service (CaaS)The Rise of Communications-as-a-Service (CaaS)
The Rise of Communications-as-a-Service (CaaS)Roberto Moctezuma
 
Building IoT Mashups for Industry 4.0 with Eclipse Kura and Kura Wires
Building IoT Mashups for Industry 4.0 with Eclipse Kura and Kura WiresBuilding IoT Mashups for Industry 4.0 with Eclipse Kura and Kura Wires
Building IoT Mashups for Industry 4.0 with Eclipse Kura and Kura WiresEurotech
 
Internet of Things
Internet of ThingsInternet of Things
Internet of ThingsPeter Tutty
 
IBM Global Technology Services
IBM Global Technology Services IBM Global Technology Services
IBM Global Technology Services Ana Alves Sequeira
 
Intimate Things: How Wearables Are Changing The Internet of Things
Intimate Things: How Wearables Are Changing The Internet of ThingsIntimate Things: How Wearables Are Changing The Internet of Things
Intimate Things: How Wearables Are Changing The Internet of ThingsPaul Brody
 
DWS15 Connected Things Forum - Guest Keynote - Paul-Edouard LAUNAY - Jasper
DWS15 Connected Things Forum - Guest Keynote - Paul-Edouard LAUNAY - JasperDWS15 Connected Things Forum - Guest Keynote - Paul-Edouard LAUNAY - Jasper
DWS15 Connected Things Forum - Guest Keynote - Paul-Edouard LAUNAY - JasperIDATE DigiWorld
 
#bluemixdrone is at Southbank for the IBM Service Advisory Exchange
#bluemixdrone is at Southbank for the IBM Service Advisory Exchange#bluemixdrone is at Southbank for the IBM Service Advisory Exchange
#bluemixdrone is at Southbank for the IBM Service Advisory ExchangeBrandon Jones
 
An introduction to Internet of Things and Maker Movement
An introduction to Internet of Things and Maker MovementAn introduction to Internet of Things and Maker Movement
An introduction to Internet of Things and Maker MovementAndri Yadi
 
Getting Started with AWS IoT
Getting Started with AWS IoTGetting Started with AWS IoT
Getting Started with AWS IoTAmazon Web Services
 

More Related Content

What's hot

Foster your business with the cloud - Webinar for MSPs
Foster your business with the cloud - Webinar for MSPsFoster your business with the cloud - Webinar for MSPs
Foster your business with the cloud - Webinar for MSPsManuel Daza
 
IBM_BHTelecom_Cloud_Orchestrator
IBM_BHTelecom_Cloud_OrchestratorIBM_BHTelecom_Cloud_Orchestrator
IBM_BHTelecom_Cloud_OrchestratorAdnan Hantalasevic
 
Industrial IoT Mayhem? Java IoT Gateways to the Rescue
Industrial IoT Mayhem? Java IoT Gateways to the RescueIndustrial IoT Mayhem? Java IoT Gateways to the Rescue
Industrial IoT Mayhem? Java IoT Gateways to the RescueEurotech
 
Real World IoT Architecture Use Cases
Real World IoT Architecture Use CasesReal World IoT Architecture Use Cases
Real World IoT Architecture Use CasesEurotech
 
Gen-i: Business Continuity considering reputation, security and virtualisation
Gen-i: Business Continuity considering reputation, security and virtualisationGen-i: Business Continuity considering reputation, security and virtualisation
Gen-i: Business Continuity considering reputation, security and virtualisationVincent Kwon
 
OSGi and Java in Industrial IoT
OSGi and Java in Industrial IoTOSGi and Java in Industrial IoT
OSGi and Java in Industrial IoTEurotech
 
Carousel Industries
Carousel IndustriesCarousel Industries
Carousel Industriesgueste845fd
 
Simplify Internet of Things with an Intelligent Gateway
Simplify Internet of Things with an Intelligent GatewaySimplify Internet of Things with an Intelligent Gateway
Simplify Internet of Things with an Intelligent GatewayEurotech
 
Ibm ai in cognitive era
Ibm ai in cognitive eraIbm ai in cognitive era
Ibm ai in cognitive eraMike Chang
 
Developing Interoperable Components for an Open IoT Foundation
Developing Interoperable Components for an Open IoT Foundation Developing Interoperable Components for an Open IoT Foundation
Developing Interoperable Components for an Open IoT Foundation Eurotech
 
L’IoT industriale e i vantaggi competitivi della trasformazione digitale
L’IoT industriale e i vantaggi competitivi della trasformazione digitale L’IoT industriale e i vantaggi competitivi della trasformazione digitale
L’IoT industriale e i vantaggi competitivi della trasformazione digitale Eurotech
 
Siyavuyisa Township Networks 2011
Siyavuyisa Township Networks 2011Siyavuyisa Township Networks 2011
Siyavuyisa Township Networks 2011siyavuyisa
 
The Rise of Communications-as-a-Service (CaaS)
The Rise of Communications-as-a-Service (CaaS)The Rise of Communications-as-a-Service (CaaS)
The Rise of Communications-as-a-Service (CaaS)Roberto Moctezuma
 
Building IoT Mashups for Industry 4.0 with Eclipse Kura and Kura Wires
Building IoT Mashups for Industry 4.0 with Eclipse Kura and Kura WiresBuilding IoT Mashups for Industry 4.0 with Eclipse Kura and Kura Wires
Building IoT Mashups for Industry 4.0 with Eclipse Kura and Kura WiresEurotech
 
Internet of Things
Internet of ThingsInternet of Things
Internet of ThingsPeter Tutty
 
IBM Global Technology Services
IBM Global Technology Services IBM Global Technology Services
IBM Global Technology Services Ana Alves Sequeira
 
Intimate Things: How Wearables Are Changing The Internet of Things
Intimate Things: How Wearables Are Changing The Internet of ThingsIntimate Things: How Wearables Are Changing The Internet of Things
Intimate Things: How Wearables Are Changing The Internet of ThingsPaul Brody
 
DWS15 Connected Things Forum - Guest Keynote - Paul-Edouard LAUNAY - Jasper
DWS15 Connected Things Forum - Guest Keynote - Paul-Edouard LAUNAY - JasperDWS15 Connected Things Forum - Guest Keynote - Paul-Edouard LAUNAY - Jasper
DWS15 Connected Things Forum - Guest Keynote - Paul-Edouard LAUNAY - JasperIDATE DigiWorld
 
#bluemixdrone is at Southbank for the IBM Service Advisory Exchange
#bluemixdrone is at Southbank for the IBM Service Advisory Exchange#bluemixdrone is at Southbank for the IBM Service Advisory Exchange
#bluemixdrone is at Southbank for the IBM Service Advisory ExchangeBrandon Jones
 

What's hot (20)

Foster your business with the cloud - Webinar for MSPs
Foster your business with the cloud - Webinar for MSPsFoster your business with the cloud - Webinar for MSPs
Foster your business with the cloud - Webinar for MSPs
 
M2M Scenario
M2M ScenarioM2M Scenario
M2M Scenario
 
IBM_BHTelecom_Cloud_Orchestrator
IBM_BHTelecom_Cloud_OrchestratorIBM_BHTelecom_Cloud_Orchestrator
IBM_BHTelecom_Cloud_Orchestrator
 
Industrial IoT Mayhem? Java IoT Gateways to the Rescue
Industrial IoT Mayhem? Java IoT Gateways to the RescueIndustrial IoT Mayhem? Java IoT Gateways to the Rescue
Industrial IoT Mayhem? Java IoT Gateways to the Rescue
 
Real World IoT Architecture Use Cases
Real World IoT Architecture Use CasesReal World IoT Architecture Use Cases
Real World IoT Architecture Use Cases
 
Gen-i: Business Continuity considering reputation, security and virtualisation
Gen-i: Business Continuity considering reputation, security and virtualisationGen-i: Business Continuity considering reputation, security and virtualisation
Gen-i: Business Continuity considering reputation, security and virtualisation
 
OSGi and Java in Industrial IoT
OSGi and Java in Industrial IoTOSGi and Java in Industrial IoT
OSGi and Java in Industrial IoT
 
Carousel Industries
Carousel IndustriesCarousel Industries
Carousel Industries
 
Simplify Internet of Things with an Intelligent Gateway
Simplify Internet of Things with an Intelligent GatewaySimplify Internet of Things with an Intelligent Gateway
Simplify Internet of Things with an Intelligent Gateway
 
Ibm ai in cognitive era
Ibm ai in cognitive eraIbm ai in cognitive era
Ibm ai in cognitive era
 
Developing Interoperable Components for an Open IoT Foundation
Developing Interoperable Components for an Open IoT Foundation Developing Interoperable Components for an Open IoT Foundation
Developing Interoperable Components for an Open IoT Foundation
 
L’IoT industriale e i vantaggi competitivi della trasformazione digitale
L’IoT industriale e i vantaggi competitivi della trasformazione digitale L’IoT industriale e i vantaggi competitivi della trasformazione digitale
L’IoT industriale e i vantaggi competitivi della trasformazione digitale
 
Siyavuyisa Township Networks 2011
Siyavuyisa Township Networks 2011Siyavuyisa Township Networks 2011
Siyavuyisa Township Networks 2011
 
The Rise of Communications-as-a-Service (CaaS)
The Rise of Communications-as-a-Service (CaaS)The Rise of Communications-as-a-Service (CaaS)
The Rise of Communications-as-a-Service (CaaS)
 
Building IoT Mashups for Industry 4.0 with Eclipse Kura and Kura Wires
Building IoT Mashups for Industry 4.0 with Eclipse Kura and Kura WiresBuilding IoT Mashups for Industry 4.0 with Eclipse Kura and Kura Wires
Building IoT Mashups for Industry 4.0 with Eclipse Kura and Kura Wires
 
Internet of Things
Internet of ThingsInternet of Things
Internet of Things
 
IBM Global Technology Services
IBM Global Technology Services IBM Global Technology Services
IBM Global Technology Services
 
Intimate Things: How Wearables Are Changing The Internet of Things
Intimate Things: How Wearables Are Changing The Internet of ThingsIntimate Things: How Wearables Are Changing The Internet of Things
Intimate Things: How Wearables Are Changing The Internet of Things
 
DWS15 Connected Things Forum - Guest Keynote - Paul-Edouard LAUNAY - Jasper
DWS15 Connected Things Forum - Guest Keynote - Paul-Edouard LAUNAY - JasperDWS15 Connected Things Forum - Guest Keynote - Paul-Edouard LAUNAY - Jasper
DWS15 Connected Things Forum - Guest Keynote - Paul-Edouard LAUNAY - Jasper
 
#bluemixdrone is at Southbank for the IBM Service Advisory Exchange
#bluemixdrone is at Southbank for the IBM Service Advisory Exchange#bluemixdrone is at Southbank for the IBM Service Advisory Exchange
#bluemixdrone is at Southbank for the IBM Service Advisory Exchange
 

Viewers also liked

An introduction to Internet of Things and Maker Movement
An introduction to Internet of Things and Maker MovementAn introduction to Internet of Things and Maker Movement
An introduction to Internet of Things and Maker MovementAndri Yadi
 
(MBL311) NEW! AWS IoT: Securely Building, Provisioning, & Using Things
(MBL311) NEW! AWS IoT: Securely Building, Provisioning, & Using Things(MBL311) NEW! AWS IoT: Securely Building, Provisioning, & Using Things
(MBL311) NEW! AWS IoT: Securely Building, Provisioning, & Using ThingsAmazon Web Services
 
Internet of Things & Hardware Industry Report 2016
Internet of Things & Hardware Industry Report 2016Internet of Things & Hardware Industry Report 2016
Internet of Things & Hardware Industry Report 2016Bernard Moon
 
(MBL205) New! Everything You Want to Know About AWS IoT
(MBL205) New! Everything You Want to Know About AWS IoT(MBL205) New! Everything You Want to Know About AWS IoT
(MBL205) New! Everything You Want to Know About AWS IoTAmazon Web Services
 
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesPierluigi Paganini
 
Internet of Things - The Tip of an Iceberg
Internet of Things - The Tip of an IcebergInternet of Things - The Tip of an Iceberg
Internet of Things - The Tip of an IcebergDr. Mazlan Abbas
 
Internet of Things
Internet of ThingsInternet of Things
Internet of ThingsVala Afshar
 

Viewers also liked (9)

An introduction to Internet of Things and Maker Movement
An introduction to Internet of Things and Maker MovementAn introduction to Internet of Things and Maker Movement
An introduction to Internet of Things and Maker Movement
 
Getting Started with AWS IoT
Getting Started with AWS IoTGetting Started with AWS IoT
Getting Started with AWS IoT
 
(MBL311) NEW! AWS IoT: Securely Building, Provisioning, & Using Things
(MBL311) NEW! AWS IoT: Securely Building, Provisioning, & Using Things(MBL311) NEW! AWS IoT: Securely Building, Provisioning, & Using Things
(MBL311) NEW! AWS IoT: Securely Building, Provisioning, & Using Things
 
Internet of Things & Hardware Industry Report 2016
Internet of Things & Hardware Industry Report 2016Internet of Things & Hardware Industry Report 2016
Internet of Things & Hardware Industry Report 2016
 
Getting Started with AWS IoT
Getting Started with AWS IoTGetting Started with AWS IoT
Getting Started with AWS IoT
 
(MBL205) New! Everything You Want to Know About AWS IoT
(MBL205) New! Everything You Want to Know About AWS IoT(MBL205) New! Everything You Want to Know About AWS IoT
(MBL205) New! Everything You Want to Know About AWS IoT
 
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issues
 
Internet of Things - The Tip of an Iceberg
Internet of Things - The Tip of an IcebergInternet of Things - The Tip of an Iceberg
Internet of Things - The Tip of an Iceberg
 
Internet of Things
Internet of ThingsInternet of Things
Internet of Things
 

Similar to Debunking IoT Security Myths

(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)Rui Miguel Feio
 
An Internet of Things Reference Architecture
An Internet of Things Reference Architecture An Internet of Things Reference Architecture
An Internet of Things Reference Architecture Symantec
 
Enterprise innovation in an ever-expanding mobile world
Enterprise innovation in an ever-expanding mobile worldEnterprise innovation in an ever-expanding mobile world
Enterprise innovation in an ever-expanding mobile worldSamsung Business USA
 
Reinventing Cybersecurity in the Internet of Things
Reinventing Cybersecurity in the Internet of ThingsReinventing Cybersecurity in the Internet of Things
Reinventing Cybersecurity in the Internet of ThingsNirmal Misra
 
151022_oml_reinventing_cybersecurity_IoT_v1p
151022_oml_reinventing_cybersecurity_IoT_v1p151022_oml_reinventing_cybersecurity_IoT_v1p
151022_oml_reinventing_cybersecurity_IoT_v1pStéphane Roule
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson
 
Connecting devices to the internet of things
Connecting devices to the internet of thingsConnecting devices to the internet of things
Connecting devices to the internet of thingsBernard Kufluk
 
Bolstering the security of iiot applications – how to go about it
Bolstering the security of iiot applications – how to go about it Bolstering the security of iiot applications – how to go about it
Bolstering the security of iiot applications – how to go about it Moon Technolabs Pvt. Ltd.
 
Learnings of how to simplifying io t solutions and securing business value
Learnings of how to simplifying io t solutions and securing business valueLearnings of how to simplifying io t solutions and securing business value
Learnings of how to simplifying io t solutions and securing business valueDan Mårtensson
 
The Identity-infused Enterprise
The Identity-infused EnterpriseThe Identity-infused Enterprise
The Identity-infused EnterpriseNovell
 
Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...LabSharegroup
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythIoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythSecurity Innovation
 
Written by Mark Stanislav and Tod Beardsley September 2015.docx
Written by Mark Stanislav and Tod Beardsley September 2015.docxWritten by Mark Stanislav and Tod Beardsley September 2015.docx
Written by Mark Stanislav and Tod Beardsley September 2015.docxjeffevans62972
 
Written by Mark Stanislav and Tod Beardsley September 2015.docx
Written by Mark Stanislav and Tod Beardsley September 2015.docxWritten by Mark Stanislav and Tod Beardsley September 2015.docx
Written by Mark Stanislav and Tod Beardsley September 2015.docxodiliagilby
 
Infinity_Architecture_June_Webinar__Final_Wiki.pptx
Infinity_Architecture_June_Webinar__Final_Wiki.pptxInfinity_Architecture_June_Webinar__Final_Wiki.pptx
Infinity_Architecture_June_Webinar__Final_Wiki.pptxssuser365526
 
Lessons learned to keep cholesterol on proper level base on private cloud pr...
Lessons learned to keep cholesterol on proper level base on private cloud pr... Lessons learned to keep cholesterol on proper level base on private cloud pr...
Lessons learned to keep cholesterol on proper level base on private cloud pr...Robert Bigos
 
Report the whole IoT r0.0.pptx
Report the whole IoT r0.0.pptxReport the whole IoT r0.0.pptx
Report the whole IoT r0.0.pptxoldmanegan
 
7.5 steps to overlaying byod & iot
7.5 steps to overlaying byod & iot7.5 steps to overlaying byod & iot
7.5 steps to overlaying byod & iotCaston Thomas
 

Similar to Debunking IoT Security Myths (20)

(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
(2019) Hack All the Way Through From Fridge to Mainframe (v0.2)
 
An Internet of Things Reference Architecture
An Internet of Things Reference Architecture An Internet of Things Reference Architecture
An Internet of Things Reference Architecture
 
Enterprise innovation in an ever-expanding mobile world
Enterprise innovation in an ever-expanding mobile worldEnterprise innovation in an ever-expanding mobile world
Enterprise innovation in an ever-expanding mobile world
 
Reinventing Cybersecurity in the Internet of Things
Reinventing Cybersecurity in the Internet of ThingsReinventing Cybersecurity in the Internet of Things
Reinventing Cybersecurity in the Internet of Things
 
151022_oml_reinventing_cybersecurity_IoT_v1p
151022_oml_reinventing_cybersecurity_IoT_v1p151022_oml_reinventing_cybersecurity_IoT_v1p
151022_oml_reinventing_cybersecurity_IoT_v1p
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT Security
 
Connecting devices to the internet of things
Connecting devices to the internet of thingsConnecting devices to the internet of things
Connecting devices to the internet of things
 
Bolstering the security of iiot applications – how to go about it
Bolstering the security of iiot applications – how to go about it Bolstering the security of iiot applications – how to go about it
Bolstering the security of iiot applications – how to go about it
 
Hugo Fiennes - Security and the IoT - Electric Imp
Hugo Fiennes - Security and the IoT - Electric ImpHugo Fiennes - Security and the IoT - Electric Imp
Hugo Fiennes - Security and the IoT - Electric Imp
 
Learnings of how to simplifying io t solutions and securing business value
Learnings of how to simplifying io t solutions and securing business valueLearnings of how to simplifying io t solutions and securing business value
Learnings of how to simplifying io t solutions and securing business value
 
The Identity-infused Enterprise
The Identity-infused EnterpriseThe Identity-infused Enterprise
The Identity-infused Enterprise
 
Zero Trust Networks
Zero Trust NetworksZero Trust Networks
Zero Trust Networks
 
Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...Software security, secure software development in the age of IoT, smart thing...
Software security, secure software development in the age of IoT, smart thing...
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythIoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" Myth
 
Written by Mark Stanislav and Tod Beardsley September 2015.docx
Written by Mark Stanislav and Tod Beardsley September 2015.docxWritten by Mark Stanislav and Tod Beardsley September 2015.docx
Written by Mark Stanislav and Tod Beardsley September 2015.docx
 
Written by Mark Stanislav and Tod Beardsley September 2015.docx
Written by Mark Stanislav and Tod Beardsley September 2015.docxWritten by Mark Stanislav and Tod Beardsley September 2015.docx
Written by Mark Stanislav and Tod Beardsley September 2015.docx
 
Infinity_Architecture_June_Webinar__Final_Wiki.pptx
Infinity_Architecture_June_Webinar__Final_Wiki.pptxInfinity_Architecture_June_Webinar__Final_Wiki.pptx
Infinity_Architecture_June_Webinar__Final_Wiki.pptx
 
Lessons learned to keep cholesterol on proper level base on private cloud pr...
Lessons learned to keep cholesterol on proper level base on private cloud pr... Lessons learned to keep cholesterol on proper level base on private cloud pr...
Lessons learned to keep cholesterol on proper level base on private cloud pr...
 
Report the whole IoT r0.0.pptx
Report the whole IoT r0.0.pptxReport the whole IoT r0.0.pptx
Report the whole IoT r0.0.pptx
 
7.5 steps to overlaying byod & iot
7.5 steps to overlaying byod & iot7.5 steps to overlaying byod & iot
7.5 steps to overlaying byod & iot
 

Recently uploaded

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 

Recently uploaded (20)

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 

Debunking IoT Security Myths

  • 1. Debunking IoT Security Myths © Cumulocity GmbH 2014 André Eickler
  • 2. Overview • What is Cumulocity? • What is the Internet of Things (IoT)? • What security challenges are there? • What common myths are there? • What you can do! © Cumulocity GmbH 2014
  • 3. What is Cumulocity? Where do we come from? • Started 2010 as Nokia Networks product line. • Independent company since 2012. • Originally targeted to the very security-aware telco industry. What do we do? • Cloud service to fundamentally reduce the complexity of deploying Internet of Things solutions. • Pay-as-you-grow starting from €1/device/month. © Cumulocity GmbH 2014
  • 4. What is Cumulocity? © Cumulocity GmbH 2014
  • 5. What is the Internet of Things? Asset + Device + Application © Cumulocity GmbH 2014
  • 6. What security challenges are there? IoT devices are where your assets are. • Limited physical control over device and network connection. • “Data center distributed all over the country.” IoT devices are extremely heterogeneous. • Little standardization, thousands of manufacturers and platforms. • “BYOD to the max.” IoT devices come in billions. • … at least if the analysts are right. • Great target for dDoS. © Cumulocity GmbH 2014
  • 7. What security challenges are there? IoT devices may control the physical world. • Production plants, cars, wheel chairs, … • Extremely attractive target for attacks. IoT business cases often rely on cheap devices. • Low-end devices make communication security difficult. • Often no remote patching or upgrade facility. • Mobile M2M tariffs are counted by the KB, SSL/VPN overhead unwanted. © Cumulocity GmbH 2014
  • 8. What common myths are there? Actual issues are no surprise to security experts, but … • They are not viewed from the context of IoT. • They are misunderstood even by renowned publishers. © Cumulocity GmbH 2014
  • 9. © Cumulocity GmbH 2014 IPSO Power Control c’t 09/13, p.98 Myth #1: The “thing” must be a server
  • 10. Myth #1: The “thing” must be a server © Cumulocity GmbH 2014 Device is Server Device is Client Security Very High Risk No open port => lower Optimal for Actuators Sensors Data sharing By device (not in mobile!) By server Data Access & Scaling Difficult to impossible Easy and cheap Addressing Static IP Dynamic & Private IP Consequence Requires VPN Requires Device Push
  • 11. Myth #2: A VPN solution is enough for security © Cumulocity GmbH 2014
  • 12. Myth #2: A VPN solution is enough for security • Industrial-level attacks often come from insiders – IoT is just a new dimension. • IoT devices are often unattended and a VPN setup may be used as entry point into the corporate network. • Mobile IoT devices can be still attacked through SMS (reconfiguration, redirection, DoS). • VPN causes expensive overhead on mobile, customers complain about an extra 10-90 MB of traffic per month. © Cumulocity GmbH 2014
  • 13. Myth #3: My protocol is better! © Cumulocity GmbH 2014
  • 14. What you can do! Translate your security practices to the IoT world. I.e., • Check physical security. – USB/serial/LAN ports on devices in public places? – Tamper sensors included? • Check network security. – Switch off SMS on the device or use a secure SMS service. – Switch off local/web element managers. – Replace standard/static passwords. • Check application security. – Validate device protocol. Use device only as client to a secure IoT service with individual credentials. © Cumulocity GmbH 2014
  • 15. What you can do! Don’t reinvent the wheel, pick an IoT middleware … © Cumulocity GmbH 2014 https://cumulocity.com