From Internet of Shit to secure Internet of Thing – What we can learn from epic securtiy fails to create better IoT products and applications? In this session at ThingsCon 2017 three experts shared their visions: Ame Elliott, Mirko Ross, Jeff Katz.

1. @ameellio
SECURITYIoT
ame@simplysecure.org
USER
&
EXPERIENCE
PRIVACY
:

2. DESIGNERS DEVELOPERS RESEARCHERS USERS
Simply Secure is a
nonprofit for security,
privacy, ethics, people
2

3. 3
THREAT MODELS BETTER BASICS NEW FRONTIERS

4. 4
Who are you worried
about having your
data? It depends on
your threat model
COMPANIESGOVERNMENTSHACKERS STALKERS

5. 5
Twitter and US
National Security
Letters in 2014

6. Graphic by Troy Hunt
6
US Immigration &
Customs Enforcement
seeking help fro tech
companies to monitor
people

7. ICE has a 20,000
member police force
that arrests people and
deports them

8. I hate when people say,
I have a Muslim name. I and get regularly asked
where I’m really from. I do not take it lightly.
But using these services is a requirement for participating
– San Francisco, March 2017.
in modern society.
‘Well what do you have to hide?’

9. 9
THREAT MODELS NEW FRONTIERSBETTER BASICS

10. Graphic by Dan Grover
10
Beyond “usable,”
interfaces must be
understandable,
accountable, trusted

11. Browsers also use
icons to communicate
security risk
11

12. Read receipts use a
limited visual
vocabulary to change
behavior
12

13. The details that fight
phishing build trust

14. Phishing is the
attempt to obtain
sensitive
information like
_ user names
_ passwords
_ credit card details
by masquerading
as a trustworthy
entity in an
electronic
communication.
– Adapted from
Wikipedia

15. 15
http://berlinstreetwear.com/signup/?
id=43289s32
https://berlinstreetwear.siliconalllee.com
https://berlinstreetwear.siliconallee.com
https://berlinstreetwear.com/ezpay
https://berlinstreetwear.ezpay.com
https://ezpay.com/berlinstreetwear
Easy to spoof
Your site, not 3rd party
http://acm.us2.list-manage.com/track/
clicku=db7c289da&id=e70bf2b789&e
Content strategy and
site information
architecture prevent
phishing with good
URLs

16. Dangerous URLs are
hard to detect on
mobile
16
Via Eric Lawrence @ericlaw https://twitter.com/ericlaw/status/900429796240277504

17. Defense: Writing style
guide for consistent
tone builds trust
17

18. 18
Defense: Style guides
codifying visual design
build trust

19. 19
THREAT MODELS NEW FRONTIERSBETTER BASICS

20. San Francisco and
other US cities have
microphones listening
for gunshots

21. People give away
personal data for the
price of a coffee
21

22. App permissions
surprise people

23. Alexa and voice-based
assistants are a
serious challenge to
transparency

24. 24https://krebsonsecurity.com/2016/09/the-democratization-of-censorship/
IoT botnets break the
internet by overwhelming
capacity (DDOS attacks)

25. NEW FRONTIERS
25
THREAT MODELS BETTER BASICS

26. 26
Who are you worried
about having your
data? It depends on
your threat model
COMPANIESGOVERNMENTSHACKERS

27. 27
Style guides codify
visual design, and that
consistency builds
trust

28. App permissions
surprise people

29. 29
https://
simplysecure.org/
knowledge-base

30. slack@simplysecure.org
GET
YOUTHANK
INVOLVED
!
@simplysecureorg @ameellio
ame@simplysecure.org