Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

IoT Security and Privacy – Sleep-Walking into a Living Nightmare?

4,287 views

Published on

These slides are from the remote presentation I gave to IoT Edinburgh on the 24th of March 2016: http://www.meetup.com/iotEdinburgh/events/228581984/

They cover part of the story around IoT security issues, particularly in the connected home. This doesn't really go into technical detail, there is a much longer version that explains some of the technical issues and solutions which I hope to upload at some point.

Published in: Technology
  • Be the first to comment

IoT Security and Privacy – Sleep-Walking into a Living Nightmare?

  1. 1. IoT Security and Privacy – Sleep-Walking into a Living Nightmare? David Rogers, Copper Horse @drogersuk IoTEdinburgh 24th March 2016 Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved. 1 http://www.mobilephonesecurity.org
  2. 2. Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved. Who is Connected to the Future Internet? 2 Source: http://cheezburger.com/8068370944
  3. 3. Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved. Who is Connected to the Future Internet? (2) 3 Source: http://spectrum.ieee.org/computing/em bedded-systems/on-the-internet-of- things-nobody-knows-youre-a-dog
  4. 4. Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved. What is Home Security? 4
  5. 5. Copyright © 2015 Copper Horse Solutions Ltd. All rights reserved. 5
  6. 6. Opening up Access to Who? From: http://www.independent.co.uk/news/world/americas/hacker-takes-control-of-ohio-couples-baby-monitor-and-screams-bad-things-9296986.html Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved. 6
  7. 7. Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved. Connected Lightbulbs 7  WiFi password can be extracted – pivot attack
  8. 8. Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved. Connected Doorbell 8  WiFi password can be extracted – pivot attack / physical access
  9. 9. Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved. Wireless Burglar Alarm 9
  10. 10. Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved. Wireless Burglar Alarm Attack 10  Easily subverted by just removing batteries  Solution was to reduce alarm alert time to 0 seconds! – Home owner forced to use key-fob. https://www.youtube.com/watch?v=Wf SDUOBYUFE
  11. 11. Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved. Samsung SmartThings Vulnerabilities 11  February 2016 – ZigBee flaws highlighted – Open locks by decrypting signals – Jamming – “Insecure rejoin”  There are other issues! http://www.forbes.com/sites/thomasbrewster/2016/02/17/samsung- smartthings-vulnerabilities/#ed6d54a4e59d
  12. 12. Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved. Smart TV Vulnerabilities 12  Privacy – voice control  Webcams  Software update issued
  13. 13. Connected Pets  War Kitteh  Denial of Service Dog Copyright © 2015 Copper Horse Solutions Ltd. All rights reserved. 13
  14. 14. Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved. Smart Meters 14  ZigBee, GSM – meter reading  Profiling
  15. 15. Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved. Other Devices 15  Radiator and home thermostats  Kettles and kitchen appliances  Garage door openers / detectors  Garden, plant sensors and food dispensers  White goods (e.g. washing machines)  Etc!
  16. 16. Counterfeit / Substandard Devices Copyright © 2013 Copper Horse Solutions Ltd. All rights reserved. 16
  17. 17. Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved. Near Future Devices 17  Amazon Echo - Alexa
  18. 18. Connected Home Updates? Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved. 18
  19. 19. Samsung Smart TV Privacy Policy Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved.  221 pages!  Plus other Terms, Nuance privacy policy etc.
  20. 20. Plant / Critical Infrastructure Copyright © 2015 Copper Horse Solutions Ltd. All rights reserved. 20
  21. 21. Automotive (not just cars!) Copyright © 2015 Copper Horse Solutions Ltd. All rights reserved. 21
  22. 22. Make it Safe to Connect https://iotsecurityfoundation.org/ Copyright © 2013 Copper Horse Solutions Ltd. All rights reserved. 22
  23. 23. Thanks! david.rogers [@] copperhorse.co.uk @drogersuk @copperhorseuk Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved. 23

×