The document discusses the security risks posed by the growing Internet of Things (IoT). As more everyday devices become connected to the internet, they could be vulnerable to attacks that turn them into "thingbots" that are part of botnets controlled by hackers. This could allow hackers to launch large-scale distributed denial of service (DDoS) attacks or spy on users by accessing unsecured cameras and other smart home devices. Researchers have already discovered botnets made up of thousands of compromised IoT devices like routers, smart TVs and refrigerators. To address this, the document recommends steps like using secure chips and honeypots to detect malicious activity from IoT devices and help secure the growing IoT ecosystem.

1. THINGBOT
IOT SECURITY
BY :
BELLAJ BADR

2. IOT : Internet des objets
The Internet of Things is a new term in the tech industry that refers to a concept where every
device in your house gets its own computer chip, software, and connection to the Internet: your
fridge, thermostat, smart water meter, door locks, etc.
The Internet of Things (IoT) is a vision. It is being built
today

3. TERAMAGAZINE
9

4. IOT Classes
The day when virtually
every electronic device -
- from phones and cars
to refrigerators and light
switches -- will be
connected to the
Internet is not far away.

5. Materiel & Protocoles
Arduino/arduino/ognion io/Raspberry pi/CHIP/SAM L21 (processeur ARM ) consome 35
microamps/Hz
SUN/Microsoft/Google…
Wireless/Xbee/Zigbee(2.4 GHz /250 kbps/200m/128 bit AES encryption)/bluethoot 4.0/NFC
6LoWPAN (IPv6 over Low power Wireless Personal Area Networks)
uIP : The uIP is an open source TCP/IP stack capable of being used with tiny 8- and 16-bit microcontrollers
MQTT (Message Queuing Telemetry Transport)
CoAP (Constrained Application Protocol)
"CoAP is an application layer protocol that is intended for use in resource-constrained internet devices, such as WSN nodes. CoAP is
designed to easily translate to HTTP for simplified integration with the web
XMPP (Extensible Messaging and Presence Protocol)
"An open technology for real-time communication, which powers a wide range of applications including instant messaging, presence, multi-
party chat, voice and video
DDS is a powerful device-to-device service that offers high performance data distribution calls, collaboration, lightweight middleware,
content syndication, and generalized routing of XML data."

7. C,H,I,P
9$C.H.I.P. has built in WiFi + Bluetooth. Connect to the
internet and attach a keyboard and
mouseWIRELESSLY!

8. Connected Tvs
Wearables
Connected cars

9. “Connected” ne veux pas dire
forcement “Smart”
Smart object : objects connected to the Net; objects
that can sense their users and display smart behaviour

10. The number of Internet-connected devices
is growing rapidly and is expected to reach
50 billion by 2020.(Cisco report)
As the number of Internet-connected devices grows, the
potential security challenges of the so-called "Internet of
Things," or IoT, can no longer be ignored. The web of
interconnected devices promises both enormous benefits to
users and serious security threats, due to the sensitive data
those devices will share.
Futur

13. euh ….

14. Now the really scary part
Internet-of-things "devices are typically not protected
by the anti-spam and anti-virus infrastructures
available to organizations and individual consumers,
nor are they routinely monitored by dedicated IT
teams or alerting software to receive patches to
address new security issues as they arise.

15. Why menaced
the paradigm is menaced by a multitude of threat
actors, from cybercriminals to government entities,
even hacktivists. The reason is simple: IoT devices
manage a huge quantity of information, they are
capillary distributed in every industry, and,
unfortunately, their current level of security is still low.

16. IOT THREATS
As explained by experts at Symantec, the principal cyber threats for the Internet of
Things are:
◦ Denial of service – DDoS attacks could target all the end points of a working scenario, causing
a serious problem with the network of smart devices and paralyzing the service it provides.
◦ Botnets and malware based attacks.
◦ Data breaches : Attackers could spy on the communications between peers in a IoT network
and collect information on the services they implement
◦ Weakening perimeters: If the attacker is able to compromise a device, he could have access
to our domestic network, spy on us, or cause physical damage to our domestic environment.
The problem is equally serious if we consider the use of IoT devices in any industry.

17. The OWASP Internet of Things (IoT) Top 10
The Open Web Application Security Project (OWASP) has the primary intent to divulge best
practices to improve the security of software. It is natural that the project also analyzed the top
10 security issues related to the popular paradigm.
◦ Insecure Web Interface
◦ Insufficient Authentication/Authorization
◦ Insecure Network Services
◦ Lack of Transport Encryption
◦ Privacy Concerns
◦ Insecure Cloud Interface
◦ Insecure Mobile Interface
◦ Insufficient Security Configurability
◦ Insecure Software/Firmware
◦ Poor Physical Security

18. Internet of Things devices are generally
not designed with security in mind.

19. “Many users may not be aware that they are using
vulnerable devices in their homes or offices,”
“Another issue we could face is that even if users notice
vulnerable devices, no updates have been provided to some
products by the vendor, because of outdated technology or
hardware limitations, such as not having enough memory
or a CPU that is too slow to support new versions of the
software.”

20. In May 2013, two security experts from Cylance hacked into Google's building
management system in Australia, accessing floor plans, piping layouts, alarm
systems and equipment schedules. They used the hack to point out serious
holes in software developed by Tridium, a Honeywell-owned firm.
http://goo.gl/AAbekx
"If Google can fall
victim...anyone can,"
wrote the hackers.

21. www.youtube.com/watch?v=h5
PRvBpLuJs

22. Botnets //&
Thingbots

24. A ‘bot' is a type of malware that an attacker can
use to control an infected computer or mobile
device. A group or network of machines that
have been co-opted this way and are under the
control of the same attacker is known a ‘botnet‘
Your computer could be a part of a botnet

25. BOT = Robot(zombbie)
Net=Network

26. BOTNET ARCHITECTURE

28. We are looking at a new age of botnets. The first
age was servers, PCs, and laptops. The second
age was mobile devices such as smartphones,
phablets, and tablets. What’s the newest wave?
… Thingbots.

29. BOTNETS & ThingBots
A malware author specifically designs their codes to
compromise architectures used by IoT devices. A malicious code
could be used to infect computers used to control a network of
smart devices or to compromise the software running on them.
In this second scenario, the attackers can exploit the presence of
a flaw in the firmware running on the devices and run their
arbitrary code, turning IoT components to unplanned use.

30. BOTNETS & ThingBots
In November 2013, Symantec discovered a
new Linux worm, Linux.Darlloz, infecting Intel
x86-powered Linux devices. The attackers
compromised IoT devices in order to build a
botnet (a thingbot)

31. Bot-nets are already a major security
concern and the emergence of
thingbots may make the situation
much worse,

32. BOTNETS & ThingBots
Meanwhile, the attacks continue. Recently, experts at Akamai’s
Prolexic Security Engineering & Response Team (PLXsert)
spotted a new malware kit named Spike, which is used to run
DDoS attacks through desktops and Internet of Things devices.
The Spike thingbot was able to run different types of DDoS
attacks, including SYN, UDP, Domain Name System query, and
GET floods against Linux based machines, Windows, and ARM-
based Linux hosts.

33. BOTNETS & ThingBots
The thingbot was composed of home routers, smart
dryers, smart thermostats and other intelligent
devices. Akamai noticed a number of devices for the
Spike botnet ranging from 12,000 to 15,000. The
researchers highlighted the ability of attackers to
customize the malware also for ARM architectures
widely adopted by IoT devices.

34. BOTNETS & ThingBots
Akamai published an interesting report on the Spike botnet that
includes details related to DDoS attacks run by the threat actor.
The experts observed that one of the attacks clocked 215
gigabits per second (Gbps) and 150 million packets per second
(Mpps). The document confirms that, even if the majority of the
DDoS attacks launched from low-powered devices could be
insignificant, IoT devices could anyway represent a powerful
weapon in the hand of the attackers.

35. BOTNETS & ThingBots
In March 2014, researchers at Team Cymru
published a detailed report on a large scale
SOHO pharming attack that hit more that
300,000 devices worldwide

36. Hackers are Trying to Turn
Your Connected Fridge Into a
‘Thingbot

38. Security researchers at Proofpoint have uncovered the very first
wide-scale hack that involved television sets and at least one
refrigerator.
Yes, a fridge.
This is being hailed as the first home appliance "botnet" and the
first cyberattack from the Internet of Things.

39. The hack happened between December 23, 2013 and
January 6, 2014, and featured waves of malicious email,
typically sent in bursts of 100,000, three times per day,
targeting enterprises and individuals worldwide.
one-quarter, were sent by hacked home appliances.
Hackers didn't have to be amazingly smart when breaking
into home appliances. Many times they gained access
because the home owners didn't set them up correctly, or
used the default password that came with the device.

40. More Than 750,000 Phishing and SPAM
Emails Launched From "Thingbots"
Including Televisions, Fridge
Think about when we’ll have 22 Billion -_-

41. DDOS (Distributed Denial of Service ) attacks
Ddos one of the prefered hackivists as a
methode of protest.
Internal or external DDOS
Cloudflare/prolexic/..= cost
Layer7 ddos = large amount get/pop or
download large files => 3G/4G bandwith !!

42. Performance
Attackers could use thingbots to mine bitcoins !!
Malicious attackers can crash your devices,
block them from connecting and drain their
Battery
Attack could use them as a private
proxy to mask their identity.
Decrease in performance

43. Privacy
Each of these devices has some level of capability to allow hackers to
influence and gain knowledge about our lives. Compromised devices can
share what our cameras see, change our environmental controls, and affect
our very lives by changing settings on our medical devices.
Samsung's latest voice-controlled TVs can listen to private conversations.
Our physical security is in danger

44. What To do

45. Create your thingbot
1. Compile bot’s code for a desired architecture or use
a bot builder.
2. Spread it
3. Setup your C&C

46. Which architecture

47. Watch a documentary
about
Dionaea (a honeypot)
ON

48. Setup a honeypot
Deploying Dionaea on a Raspberry Pi using MHN
https://github.com/threatstream/mhn/wiki/Deploying-
Dionaea-on-a-Raspberry-Pi

49. In computer terminology, a
honeypot is a trap set to detect,
deflect, or, in some manner,
counteract attempts at
unauthorized use of information
systems
A honeypot is a trap

50. Trust Zone
Invest in secure chips to add a
security layer to existent systems.
Secure chips

51. Bot-nets are already a
major security concern
and the emergence of
thingbots may make
the situation much
worse,