SlideShare a Scribd company logo
1 of 39
Download to read offline
David Strom
April 2018
http://strominator.com 3
http://strominator.com 4
Agenda
• What is the IoT, really?
• Notable recent IoT security disasters
• What makes these devices unsafe
• It isn’t just what you have in your home or
business
• What you can do to be more secure
Sample IoT devices
Notable IoT Security Disasters
Internet-connected hard drives
WD My Cloud Drive
c. 2018
HP JetDirect
c. 1991
IoT Security, then and now
What a simple webcam can do now
IoT and the cloud
What are these words?
What makes devices unsafe?
• Insecure firmware
• Or lousy updates of your firmware
• Operating system bugs (Windows esp.)
• Bad coding practices by device makers
• Application insecurity
• Physical security: like that fishtank
What is wrong with devices
Many devices have
no security
whatsoever: Once
you know the
device’s IP
address, game
over
Many privacy issues
• Device passwords often ignored – or
sometimes can’t be changed
• Device permissions rarely monitored
• Devices can be used to launch network-based
attacks and spread malware
• Device firmware rarely upgraded or tracked
Suggestions to sleep better
Search for security issues before you
buy an IoT device
Change all device passwords – today!
Buy your own firewall/router
device for your home network
Secure your home Wifi network
Upgrade your firmware regularly
Use a password manager
For further reading
• https://www.hpe.com/us/en/insights/articles/9-ways-
to-make-iot-devices-more-secure-1701.html
• https://www.theguardian.com/world/2018/jan/28/fitn
ess-tracking-app-gives-away-location-of-secret-us-
army-bases
• https://www.bleepingcomputer.com/news/security/ab
out-90-percent-of-smart-tvs-vulnerable-to-remote-
hacking-via-rogue-tv-signals/
• (Network printers)
https://blog.strom.com/wp/?p=5751
(c) 2018 David Strom Inc.
http://strominator.com
39
David Strom, david@strom.com
strominator.com
Subscribe to my newsletter: inside.com/security
These slides can be found here:
http://slideshare.net/davidstrom

More Related Content

What's hot

Mobile Design Challenges: Planning for Enterprise Software Development
Mobile Design Challenges: Planning for Enterprise Software DevelopmentMobile Design Challenges: Planning for Enterprise Software Development
Mobile Design Challenges: Planning for Enterprise Software DevelopmentSteven Hoober
 
Two factor authentication 2018
Two factor authentication 2018Two factor authentication 2018
Two factor authentication 2018Will Adams
 
Windows Accelerate IT Pro Bootcamp: Security (Module 4 of 8)
Windows Accelerate IT Pro Bootcamp: Security (Module 4 of 8)Windows Accelerate IT Pro Bootcamp: Security (Module 4 of 8)
Windows Accelerate IT Pro Bootcamp: Security (Module 4 of 8)Intergen
 
How Intel Security Ensures Identity Protection - Infographic
How Intel Security Ensures Identity Protection - InfographicHow Intel Security Ensures Identity Protection - Infographic
How Intel Security Ensures Identity Protection - InfographicIntel IT Center
 
(ISC)2 Kamprianis - Mobile Security
(ISC)2 Kamprianis - Mobile Security(ISC)2 Kamprianis - Mobile Security
(ISC)2 Kamprianis - Mobile SecurityMichalis Kamprianis
 
2014 BYOD and Mobile Security Survey Preliminary Results
2014 BYOD and Mobile Security Survey Preliminary Results2014 BYOD and Mobile Security Survey Preliminary Results
2014 BYOD and Mobile Security Survey Preliminary ResultsLumension
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythIoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythSecurity Innovation
 
Iot Security, Internet of Things
Iot Security, Internet of ThingsIot Security, Internet of Things
Iot Security, Internet of ThingsBryan Len
 
Design%20Considerations%20for%20Mobile%20Security[1]
Design%20Considerations%20for%20Mobile%20Security[1]Design%20Considerations%20for%20Mobile%20Security[1]
Design%20Considerations%20for%20Mobile%20Security[1]Vikash Lalsing (CITP)
 
Two Factor Authentication
Two Factor AuthenticationTwo Factor Authentication
Two Factor AuthenticationNikhil Shaw
 
Security in the Internet of Things
Security in the Internet of ThingsSecurity in the Internet of Things
Security in the Internet of ThingsForgeRock
 
Bringing Government and Enterprise Security Controls to the Android Endpoint
Bringing Government and Enterprise Security Controls to the Android EndpointBringing Government and Enterprise Security Controls to the Android Endpoint
Bringing Government and Enterprise Security Controls to the Android EndpointHamilton Turner
 
Intro to Smart Cards & Multi-Factor Authentication
Intro to Smart Cards & Multi-Factor AuthenticationIntro to Smart Cards & Multi-Factor Authentication
Intro to Smart Cards & Multi-Factor Authenticationhon1nbo
 
Multifactor Authentication
Multifactor AuthenticationMultifactor Authentication
Multifactor AuthenticationRonnie Isherwood
 
Small Business Guide to Information Security
Small Business Guide to Information Security Small Business Guide to Information Security
Small Business Guide to Information Security Leo Welder
 
Multi-Factor Authentication - "Moving Towards the Enterprise"
Multi-Factor Authentication - "Moving Towards the Enterprise" Multi-Factor Authentication - "Moving Towards the Enterprise"
Multi-Factor Authentication - "Moving Towards the Enterprise" mycroftinc
 
Application Security within Agile
Application Security within AgileApplication Security within Agile
Application Security within AgileNetlight Consulting
 
Two Factor Authentication: Easy Setup, Major Impact
Two Factor Authentication: Easy Setup, Major ImpactTwo Factor Authentication: Easy Setup, Major Impact
Two Factor Authentication: Easy Setup, Major ImpactSalesforce Admins
 

What's hot (20)

Mobile Design Challenges: Planning for Enterprise Software Development
Mobile Design Challenges: Planning for Enterprise Software DevelopmentMobile Design Challenges: Planning for Enterprise Software Development
Mobile Design Challenges: Planning for Enterprise Software Development
 
Two factor authentication 2018
Two factor authentication 2018Two factor authentication 2018
Two factor authentication 2018
 
Windows Accelerate IT Pro Bootcamp: Security (Module 4 of 8)
Windows Accelerate IT Pro Bootcamp: Security (Module 4 of 8)Windows Accelerate IT Pro Bootcamp: Security (Module 4 of 8)
Windows Accelerate IT Pro Bootcamp: Security (Module 4 of 8)
 
How Intel Security Ensures Identity Protection - Infographic
How Intel Security Ensures Identity Protection - InfographicHow Intel Security Ensures Identity Protection - Infographic
How Intel Security Ensures Identity Protection - Infographic
 
(ISC)2 Kamprianis - Mobile Security
(ISC)2 Kamprianis - Mobile Security(ISC)2 Kamprianis - Mobile Security
(ISC)2 Kamprianis - Mobile Security
 
2014 BYOD and Mobile Security Survey Preliminary Results
2014 BYOD and Mobile Security Survey Preliminary Results2014 BYOD and Mobile Security Survey Preliminary Results
2014 BYOD and Mobile Security Survey Preliminary Results
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythIoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" Myth
 
Iot Security, Internet of Things
Iot Security, Internet of ThingsIot Security, Internet of Things
Iot Security, Internet of Things
 
Design%20Considerations%20for%20Mobile%20Security[1]
Design%20Considerations%20for%20Mobile%20Security[1]Design%20Considerations%20for%20Mobile%20Security[1]
Design%20Considerations%20for%20Mobile%20Security[1]
 
Two Factor Authentication
Two Factor AuthenticationTwo Factor Authentication
Two Factor Authentication
 
Security in the Internet of Things
Security in the Internet of ThingsSecurity in the Internet of Things
Security in the Internet of Things
 
Bringing Government and Enterprise Security Controls to the Android Endpoint
Bringing Government and Enterprise Security Controls to the Android EndpointBringing Government and Enterprise Security Controls to the Android Endpoint
Bringing Government and Enterprise Security Controls to the Android Endpoint
 
Intro to Smart Cards & Multi-Factor Authentication
Intro to Smart Cards & Multi-Factor AuthenticationIntro to Smart Cards & Multi-Factor Authentication
Intro to Smart Cards & Multi-Factor Authentication
 
Multifactor Authentication
Multifactor AuthenticationMultifactor Authentication
Multifactor Authentication
 
IOS security
IOS securityIOS security
IOS security
 
Small Business Guide to Information Security
Small Business Guide to Information Security Small Business Guide to Information Security
Small Business Guide to Information Security
 
Multi-Factor Authentication - "Moving Towards the Enterprise"
Multi-Factor Authentication - "Moving Towards the Enterprise" Multi-Factor Authentication - "Moving Towards the Enterprise"
Multi-Factor Authentication - "Moving Towards the Enterprise"
 
Application Security within Agile
Application Security within AgileApplication Security within Agile
Application Security within Agile
 
Secure enterprise mobility
Secure enterprise mobilitySecure enterprise mobility
Secure enterprise mobility
 
Two Factor Authentication: Easy Setup, Major Impact
Two Factor Authentication: Easy Setup, Major ImpactTwo Factor Authentication: Easy Setup, Major Impact
Two Factor Authentication: Easy Setup, Major Impact
 

Similar to ​Understanding the Internet of Things

Security Testing for IoT Systems
Security Testing for IoT SystemsSecurity Testing for IoT Systems
Security Testing for IoT SystemsSecurity Innovation
 
Hack one iot device, break them all!
Hack one iot device, break them all!Hack one iot device, break them all!
Hack one iot device, break them all!Justin Black
 
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014Security Weekly
 
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...Positive Hack Days
 
Null mumbai-reversing-IoT-firmware
Null mumbai-reversing-IoT-firmwareNull mumbai-reversing-IoT-firmware
Null mumbai-reversing-IoT-firmwareNitesh Malviya
 
2014CyberSecurityProject
2014CyberSecurityProject2014CyberSecurityProject
2014CyberSecurityProjectKaley Hair
 
Mickey pacsec2016_final
Mickey pacsec2016_finalMickey pacsec2016_final
Mickey pacsec2016_finalPacSecJP
 
Security Fundamental for IoT Devices; Creating the Internet of Secure Things
Security Fundamental for IoT Devices; Creating the Internet of Secure ThingsSecurity Fundamental for IoT Devices; Creating the Internet of Secure Things
Security Fundamental for IoT Devices; Creating the Internet of Secure ThingsDesign World
 
This Time, It’s Personal: Why Security and the IoT Is Different
This Time, It’s Personal: Why Security and the IoT Is DifferentThis Time, It’s Personal: Why Security and the IoT Is Different
This Time, It’s Personal: Why Security and the IoT Is DifferentJustin Grammens
 
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...CableLabs
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com -  IoT SecurityRyan Wilson - ryanwilson.com -  IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson
 
How to create a secure IoT device
How to create a secure IoT deviceHow to create a secure IoT device
How to create a secure IoT deviceAbhijeet Rane
 

Similar to ​Understanding the Internet of Things (20)

Security Testing for IoT Systems
Security Testing for IoT SystemsSecurity Testing for IoT Systems
Security Testing for IoT Systems
 
Hack one iot device, break them all!
Hack one iot device, break them all!Hack one iot device, break them all!
Hack one iot device, break them all!
 
Hugo Fiennes - Security and the IoT - Electric Imp
Hugo Fiennes - Security and the IoT - Electric ImpHugo Fiennes - Security and the IoT - Electric Imp
Hugo Fiennes - Security and the IoT - Electric Imp
 
Lecture 7 - Security
Lecture 7 - SecurityLecture 7 - Security
Lecture 7 - Security
 
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014
The Internet Of Insecure Things: 10 Most Wanted List - Derbycon 2014
 
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
 
IoT security
IoT securityIoT security
IoT security
 
IoT -Internet of Things
IoT -Internet of ThingsIoT -Internet of Things
IoT -Internet of Things
 
Null mumbai-reversing-IoT-firmware
Null mumbai-reversing-IoT-firmwareNull mumbai-reversing-IoT-firmware
Null mumbai-reversing-IoT-firmware
 
Security Issues in Internet of Things
Security Issues in Internet of ThingsSecurity Issues in Internet of Things
Security Issues in Internet of Things
 
2014CyberSecurityProject
2014CyberSecurityProject2014CyberSecurityProject
2014CyberSecurityProject
 
Mickey pacsec2016_final
Mickey pacsec2016_finalMickey pacsec2016_final
Mickey pacsec2016_final
 
Security Fundamental for IoT Devices; Creating the Internet of Secure Things
Security Fundamental for IoT Devices; Creating the Internet of Secure ThingsSecurity Fundamental for IoT Devices; Creating the Internet of Secure Things
Security Fundamental for IoT Devices; Creating the Internet of Secure Things
 
This Time, It’s Personal: Why Security and the IoT Is Different
This Time, It’s Personal: Why Security and the IoT Is DifferentThis Time, It’s Personal: Why Security and the IoT Is Different
This Time, It’s Personal: Why Security and the IoT Is Different
 
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com -  IoT SecurityRyan Wilson - ryanwilson.com -  IoT Security
Ryan Wilson - ryanwilson.com - IoT Security
 
ICT Security.pdf
ICT Security.pdfICT Security.pdf
ICT Security.pdf
 
How to create a secure IoT device
How to create a secure IoT deviceHow to create a secure IoT device
How to create a secure IoT device
 
Christopher Biedermann, EmiTel Ltd: Cybersecurity and the Internet of Things
Christopher Biedermann, EmiTel Ltd: Cybersecurity and the Internet of ThingsChristopher Biedermann, EmiTel Ltd: Cybersecurity and the Internet of Things
Christopher Biedermann, EmiTel Ltd: Cybersecurity and the Internet of Things
 
Computer Security Threats
Computer Security ThreatsComputer Security Threats
Computer Security Threats
 

More from David Strom

Spark Twitter fails Mar2023
Spark Twitter fails Mar2023Spark Twitter fails Mar2023
Spark Twitter fails Mar2023David Strom
 
Getting Your First Cybersecurity Job
Getting Your First Cybersecurity JobGetting Your First Cybersecurity Job
Getting Your First Cybersecurity JobDavid Strom
 
What endpoint protection solutions are available on the market today?
What endpoint protection solutions are available on the market today?What endpoint protection solutions are available on the market today?
What endpoint protection solutions are available on the market today?David Strom
 
Fears and fulfillment with IT security
Fears and fulfillment with IT securityFears and fulfillment with IT security
Fears and fulfillment with IT securityDavid Strom
 
Protecting your digital and online privacy
Protecting your digital and online privacyProtecting your digital and online privacy
Protecting your digital and online privacyDavid Strom
 
AI and cyber security: new directions, old fears
AI and cyber security: new directions, old fearsAI and cyber security: new directions, old fears
AI and cyber security: new directions, old fearsDavid Strom
 
The legalities of hacking back
The legalities of  hacking backThe legalities of  hacking back
The legalities of hacking backDavid Strom
 
How to market your book in today's social media world
How to market your book in today's social media worldHow to market your book in today's social media world
How to market your book in today's social media worldDavid Strom
 
How to make your mobile phone safe from hackers
How to make your mobile phone safe from hackersHow to make your mobile phone safe from hackers
How to make your mobile phone safe from hackersDavid Strom
 
Implications and response to large security breaches
Implications and response to large security breaches Implications and response to large security breaches
Implications and response to large security breaches David Strom
 
Using social networks to find your next job (2017)
Using social networks to find your next job (2017)Using social networks to find your next job (2017)
Using social networks to find your next job (2017)David Strom
 
Security v. Privacy: the great debate
Security v. Privacy: the great debateSecurity v. Privacy: the great debate
Security v. Privacy: the great debateDavid Strom
 
Using OpenStack to Control VM Chaos
Using OpenStack to Control VM ChaosUsing OpenStack to Control VM Chaos
Using OpenStack to Control VM ChaosDavid Strom
 
Notable Twitter fails
Notable Twitter failsNotable Twitter fails
Notable Twitter failsDavid Strom
 
How to make the move towards hybrid cloud computing
How to make the move towards hybrid cloud computingHow to make the move towards hybrid cloud computing
How to make the move towards hybrid cloud computingDavid Strom
 
Listen to Your Customers: How IT Can Provide Better Support
Listen to Your Customers: How IT Can Provide Better SupportListen to Your Customers: How IT Can Provide Better Support
Listen to Your Customers: How IT Can Provide Better SupportDavid Strom
 
Network security practice: then and now
Network security practice: then and nowNetwork security practice: then and now
Network security practice: then and nowDavid Strom
 
Biggest startup mistakes
Biggest startup mistakesBiggest startup mistakes
Biggest startup mistakesDavid Strom
 
Picking the right Single Sign On Tool to protect your network
Picking the right Single Sign On Tool to protect your networkPicking the right Single Sign On Tool to protect your network
Picking the right Single Sign On Tool to protect your networkDavid Strom
 
Big data analytics
Big data analyticsBig data analytics
Big data analyticsDavid Strom
 

More from David Strom (20)

Spark Twitter fails Mar2023
Spark Twitter fails Mar2023Spark Twitter fails Mar2023
Spark Twitter fails Mar2023
 
Getting Your First Cybersecurity Job
Getting Your First Cybersecurity JobGetting Your First Cybersecurity Job
Getting Your First Cybersecurity Job
 
What endpoint protection solutions are available on the market today?
What endpoint protection solutions are available on the market today?What endpoint protection solutions are available on the market today?
What endpoint protection solutions are available on the market today?
 
Fears and fulfillment with IT security
Fears and fulfillment with IT securityFears and fulfillment with IT security
Fears and fulfillment with IT security
 
Protecting your digital and online privacy
Protecting your digital and online privacyProtecting your digital and online privacy
Protecting your digital and online privacy
 
AI and cyber security: new directions, old fears
AI and cyber security: new directions, old fearsAI and cyber security: new directions, old fears
AI and cyber security: new directions, old fears
 
The legalities of hacking back
The legalities of  hacking backThe legalities of  hacking back
The legalities of hacking back
 
How to market your book in today's social media world
How to market your book in today's social media worldHow to market your book in today's social media world
How to market your book in today's social media world
 
How to make your mobile phone safe from hackers
How to make your mobile phone safe from hackersHow to make your mobile phone safe from hackers
How to make your mobile phone safe from hackers
 
Implications and response to large security breaches
Implications and response to large security breaches Implications and response to large security breaches
Implications and response to large security breaches
 
Using social networks to find your next job (2017)
Using social networks to find your next job (2017)Using social networks to find your next job (2017)
Using social networks to find your next job (2017)
 
Security v. Privacy: the great debate
Security v. Privacy: the great debateSecurity v. Privacy: the great debate
Security v. Privacy: the great debate
 
Using OpenStack to Control VM Chaos
Using OpenStack to Control VM ChaosUsing OpenStack to Control VM Chaos
Using OpenStack to Control VM Chaos
 
Notable Twitter fails
Notable Twitter failsNotable Twitter fails
Notable Twitter fails
 
How to make the move towards hybrid cloud computing
How to make the move towards hybrid cloud computingHow to make the move towards hybrid cloud computing
How to make the move towards hybrid cloud computing
 
Listen to Your Customers: How IT Can Provide Better Support
Listen to Your Customers: How IT Can Provide Better SupportListen to Your Customers: How IT Can Provide Better Support
Listen to Your Customers: How IT Can Provide Better Support
 
Network security practice: then and now
Network security practice: then and nowNetwork security practice: then and now
Network security practice: then and now
 
Biggest startup mistakes
Biggest startup mistakesBiggest startup mistakes
Biggest startup mistakes
 
Picking the right Single Sign On Tool to protect your network
Picking the right Single Sign On Tool to protect your networkPicking the right Single Sign On Tool to protect your network
Picking the right Single Sign On Tool to protect your network
 
Big data analytics
Big data analyticsBig data analytics
Big data analytics
 

Recently uploaded

How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS:  6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS:  6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...itnewsafrica
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Jeffrey Haguewood
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFMichael Gough
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Nikki Chapple
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...BookNet Canada
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfAarwolf Industries LLC
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesManik S Magar
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentMahmoud Rabie
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructureitnewsafrica
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Karmanjay Verma
 

Recently uploaded (20)

How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS:  6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS:  6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
 
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
Email Marketing Automation for Bonterra Impact Management (fka Social Solutio...
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDF
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdf
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career Development
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#
 

​Understanding the Internet of Things

Editor's Notes

  1. Understanding the security implications of the Internet of Things We are awash in many IoT devices, such as web cams, Amazon Alexa, Nest thermostats and Apple smart watches. But these and other devices can be an issue in staying secure, both in our homes and across our workplaces. In this talk, I will describe the landscape and suggest how people can better protect themselves against potential IoT security threats and where these threats are likely to come from. 
  2. Consumer IoT devices – Apple Smart Watch, Alexa from Amazon and Google Home, and the Nest thermostat
  3. I write about various B2B security products for business trade publications, and also produce this regular newsletter via email for Inside.com, Sign up now for free!
  4. I used to write for the NY Times about computer topics.
  5. Rasberry Pi, Arduino, Android Things platform Insulin pumps
  6. You can play you tube videos and music on your wall switch. This is progress?
  7. In addition to these devices, there are also Traffic sensors and Cop body cams that can connect to business networks.
  8. Notable IoT Exploits
  9. The classic insider revenge scenario dates back to 1999, when VitekBoden was applying for a job for the Maroochy county sewer district in Australia. He was a contractor for the district and the county decided not to hire him. To seek revenge, he caused thousands of gallons of raw sewage to be dumped into the local waterways, using a series of radio commands. He was eventually caught by a police officer with various RF equipment. What is important to note is that Boden had all this insider knowledge, yet never worked for the agency that he attacked. He was able to disguise his actions and avoid immediate detection by the agency IT department, which never had any security policies or procedures in place for disgruntled employees.
  10. This is perhaps the most infamous example of IoT – the uranium enrichment centrifuges that operated at the Iran Natanz facility that were targeted by the Stuxnet malware. The malware compromise the computers controlling the centrifuges in an attempt to thwart Iran’s nuclear weapons program. More info: http://readwrite.com/2011/06/28/how-symantec-cracked-stuxnet/
  11. Earlier this year UnderArmour revealed that it had leaked more than 150 million users of its app called MyFitness Pal. While not specifically an IoT device, it does work with their fitness tracking apps. Another way to lose weight: have your data leaked by a formerly trusted vendor.
  12. They entered the casino’s network through an IoT-connected thermometer, and then moved around the casion’s network until they found a copy of their high roller’s database.
  13. https://www.bleepingcomputer.com/news/security/about-90-percent-of-smart-tvs-vulnerable-to-remote-hacking-via-rogue-tv-signals/
  14. This Western Digital NAS drive has a hard-coded username and password that enables hackers to insert exploit code on the drives and use them as part of a botnet. This means that every command executed through the web interface has full access to the operating system -- an attacker would have the keys to the kingdom.  https://www.engadget.com/2017/03/05/wd-my-cloud-security-exploits/
  15. The original IoT enterprise device: the HP Jet Direct printer interface. First invented back in 1991, it has been a source of network vulnerabilities for decades. The early models didn’t have any telnet passwords, making them a hacker’s playground. A few years ago HP came out with more protected printers that lock down their BIOS and have built-in intrusion detection. https://blog.strom.com/wp/?p=5751
  16. Imperva found in 2017 a record high number of IoT issues, more than 100 of them. That was the year of the Mirai botnet. https://www.imperva.com/blog/2017/12/the-state-of-web-application-vulnerabilities-in-2017/
  17. There are many things to learn from construction of the Mirai malware and its leverage of various IoT embedded devices. Let’s talk about the timeline of the destruction it has already accomplished. This began in September 2016, when the website for journalist Brian Krebs was attacked. Eventually, this became one of the largest attacks that had been attempted, when about half of the total Internet’s capacity was focused on his website. A month later the source code for this attack was published and then other sites were targeted.
  18. What is being communicated and when? Does the cloud make the IoT device more of an asset or a threat? Do you need a different enterprise firewall or a different operating procedure?
  19. All are names of IoTMalware attacks that have happened over the past several years.
  20. This is just one website, called Shodan, that makes finding particular devices very easy. Think of it as a search engine for looking for potential IoT targets.
  21. Bluetooth headsets can also be vulnerable and can be a security sinkhole
  22. IoT threats are pervasive and widespread, witness the growth of various botnets based on them such as Mirai and WannaCry in the past year Insecure IoT devices can be found across a wide collection of industries, computing operating systems, networks, and situations IoT is a growing category for many companies that are implementing embedded sensors, applications, and automated systems Gartner, Inc. has estimated that 6.4 billion connected things are in use worldwide in 2016, and predicts that this will reach 20.8 billion by 2020