The Real Internet of Things: How Universal Daemonization Will Change Everything

The Real Internet of Things
How universal daemonization will change everything
Daniel Miessler
HouSecCon
October 2014

Me
- Practice Principal at HP Fortify on Demand
- Lead the research and development team
- Web and mobile pentesting focus
- 15 years in infosec
- OWASP project leader (IoT, Mobil…)
- danielmiessler.com
- @danielmiessler

The Internet of Things
Image from cloudtimes.com

Common IoT Narrative
Image from navigantresearch.com
- analog things go online
- toasters, microwaves, cameras
- device to device interaction
- your alarm starts your coffee maker
- your car opens your garage
- a factory ﬂoor self-optimizes

Personal Servers
Avatars by iconizeme.com

Personal Servers: Julie
- single
- loves coffee
- favorite movie: sneakers
- went to Aldrin high school
- hates sand
- dog person
- afraid of owls
- wishes she was Arya
Everyone will be broadcasting a geo-based daemon

Personal Servers: Chris
- single
- loves coffee
- favorite movie: chaos theory
- favorite band is Zao
- hates sponges
- cat person
- afraid of owls
- has broken 19 bones
Everyone will be broadcasting a geo-based daemon

Personal Servers: Interaction
- single
- loves coffee
- afraid of owls
The power comes from the continuous interaction between daemons

Personal Assistants
Siri and Google Now will become integral to our lives
- managing calendar
- texting
- emailing
- ﬁnding you movies
- picking food for you
- ﬁltering mates
- parsing daemons

Personal Assistants: Burden--
- single
- loves coffee
- afraid of owls
We won’t be managing those interactions—our PAs will

Personal Daemons + AssistantsConstant managed interactions between personal daemons

Businesses are people, tooBusinesses will have daemons as well, powerfully extending their functionality

Businesses + RDF = PowerBusinesses will have daemons as well, powerfully extending their functionality

Business Daemon AttributesThink of what a business would want to broadcast in their daemons

Business Daemon AttributesBusinesses will have daemons as well, powerfully extending their functionality
- Menu
- Item1
- Item2
- Safety
- Allergies
- Construction
- Hiring
- Openings
- Music
- Current
- Playlist
- Recommend
- Climate
- Raise
- Lower
- Condiments
- Request

Business Daemon InputsEach business will have different types of APIs that are useful for customers
- Menu
- Item1
- Item2
- Safety
- Allergies
- Construction
- Hiring
- Openings
- Music
- Current
- Playlist
- Recommend
- Climate
- Raise
- Lower
- Condiments
- Request

Business Daemon APIsNot just read-only
https://stores.bww.api/8941/api/climate

Rich Business API FunctionalityBusinesses will expose powerful functionality that our PAs can manage for us

Sync
1. Personal Daemons broadcast information about us

Sync
2. Businesses will have daemons as well

Sync
2. Businesses will have daemons as well
3. Our personal assistants will broker on our behalf

Sensors will be on everything…
- Video
- Audio
- Vibration
- Air Quality
- Air Pressure
- Radiation

- Architect
- Built
- Materials
- Certiﬁcation
- /api/climate
- /api/doors
- /api/cameras
- /api/pool
- /api/cameras
- /api/windows
House

- Birthday
- Gender
- Ancestry
- Profession
- Books
- Movies
- Education
- /api/connect
Human

- Make
- Model
- VIN
- Features
- /api/climate
- /api/music
- /api/voice
- /api/video
- /api/cameras
- /api/sensors
Car

- Brand
- Model
- Version
- Features
- /api/battery
- /api/video
- /api/audio
- /api/sensors
Watch

- Type
- Age
- Planted By
- Birthday
- /api/status
- /api/water
- /api/camera
Tree

Baby Clothes
- Video
- Audio
- Vibration
- Air Quality
- Air Pressure
- Radiation

Furniture
- Video
- Audio
- Vibration
- Air Quality
- Air Pressure
- Radiation

Park Benches
- Video
- Audio
- Vibration
- Air Quality
- Air Pressure
- Radiation

- City
- Street
- Geo
- Hours
- /api/pay
- /api/tickets
- /api/camera
- /api/sensors
Parking Meter

- Brand
- Model
- Version
- BuildDay
- BulbStatus
- /api/light
- /api/audio
- /api/video
- /api/air
Lamp

Character Sheet
- Shoes
- Pants
- Watch
- Purse
- Total CPU cycles
- Total memory
- Brands
- Year
- Season
- Gucci
- Louboutin

- Owner
- Height
- Architect
- Materials
- /api/climate
- /api/video
- /api/audio
- /api/sensors
- /api/security
Building

Sensors + Daemon + API
- Video
- Audio
- Vibration
- Air Quality
- Air Pressure
- Radiation

Ubiquitous CustomizationYour business experiences will be customized based on constant PA-to-daemon interaction
/api/purchase
/api/music /api/tv
/api/connect
/api/browse
/api/test

Also, much will be recorded
- Video
- Audio
- Vibration
- Air Quality
- Air Pressure
- Radiation

“Computer: Show me video of this location
between the hours of midnight and 4am.”
Ofﬁcial Investigations

TCP/IP vs. victimUniversal Daemonization

Universal Daemonization
Ubiquitous
Customization
Personal
AssistantsUniversal
Daemonization
- Everything is an object
- Everything has a daemon
- Everything has an API

What’s the protocol?
- Security?
- Privacy?

?
How do we handle auth?
- Owner
- Height
- Architect
- Materials
- /api/climate
- /api/video
- /api/audio
- /api/sensors
- /api/security
- Google?
- Facebook?
- Local/State/Federal/Global?

How do we maintain privacy?
- Killswitches?
- Do-not-monitor?
- Darkzones?

What we're doing
-OWASP Internet of Things Top 10 
https://www.owasp.org/index.php/OWASP_Internet_of_Things_Top_Ten_Project
-HP FoD Top 10 IoT Device Research Report 
http://fortifyprotect.com/HP_IoT_Research_Study.pdf
-Offering IoT assessments using the IoT Top 10

What you can do
-Reach out and help on the IoT Top 10
daniel.miessler@owasp.org
- I am the Cavalry (https://www.iamthecavalry.org)

Wizard Wars
Wizard Wars
http://www.dilbert.com/blog/entry/wizard_wars/

The Real Internet of Things: How Universal Daemonization Will Change Everything

More Related Content

Viewers also liked

Similar to The Real Internet of Things: How Universal Daemonization Will Change Everything

Recently uploaded

The Real Internet of Things: How Universal Daemonization Will Change Everything