SlideShare a Scribd company logo
1 of 23
IoT Security and Privacy – Sleep-Walking
into a Living Nightmare?
David Rogers, Copper Horse
@drogersuk
IoTEdinburgh
24th March 2016
Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved. 1
http://www.mobilephonesecurity.org
Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved.
Who is Connected to the Future Internet?
2
Source:
http://cheezburger.com/8068370944
Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved.
Who is Connected to the Future Internet? (2)
3
Source:
http://spectrum.ieee.org/computing/em
bedded-systems/on-the-internet-of-
things-nobody-knows-youre-a-dog
Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved.
What is Home Security?
4
Copyright © 2015 Copper Horse Solutions Ltd. All rights reserved. 5
Opening up Access to Who?
From: http://www.independent.co.uk/news/world/americas/hacker-takes-control-of-ohio-couples-baby-monitor-and-screams-bad-things-9296986.html
Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved. 6
Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved.
Connected Lightbulbs
7
 WiFi password can be extracted – pivot attack
Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved.
Connected Doorbell
8
 WiFi password can be extracted – pivot attack / physical access
Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved.
Wireless Burglar Alarm
9
Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved.
Wireless Burglar Alarm Attack
10
 Easily subverted by just removing batteries
 Solution was to reduce alarm alert time to 0 seconds!
– Home owner forced to use key-fob.
https://www.youtube.com/watch?v=Wf
SDUOBYUFE
Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved.
Samsung SmartThings Vulnerabilities
11
 February 2016 – ZigBee flaws highlighted
– Open locks by decrypting signals
– Jamming
– “Insecure rejoin”
 There are other issues!
http://www.forbes.com/sites/thomasbrewster/2016/02/17/samsung-
smartthings-vulnerabilities/#ed6d54a4e59d
Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved.
Smart TV Vulnerabilities
12
 Privacy – voice control
 Webcams
 Software update issued
Connected Pets
 War Kitteh
 Denial of Service Dog
Copyright © 2015 Copper Horse Solutions Ltd. All rights reserved. 13
Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved.
Smart Meters
14
 ZigBee, GSM – meter reading
 Profiling
Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved.
Other Devices
15
 Radiator and home thermostats
 Kettles and kitchen appliances
 Garage door openers / detectors
 Garden, plant sensors and food dispensers
 White goods (e.g. washing machines)
 Etc!
Counterfeit / Substandard Devices
Copyright © 2013 Copper Horse Solutions Ltd. All rights reserved. 16
Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved.
Near Future Devices
17
 Amazon Echo - Alexa
Connected Home Updates?
Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved. 18
Samsung Smart TV Privacy Policy
Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved.
 221 pages!
 Plus other Terms, Nuance privacy policy etc.
Plant / Critical Infrastructure
Copyright © 2015 Copper Horse Solutions Ltd. All rights reserved. 20
Automotive (not just cars!)
Copyright © 2015 Copper Horse Solutions Ltd. All rights reserved. 21
Make it Safe to Connect
https://iotsecurityfoundation.org/
Copyright © 2013 Copper Horse Solutions Ltd. All rights reserved. 22
Thanks!
david.rogers [@] copperhorse.co.uk
@drogersuk
@copperhorseuk
Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved. 23

More Related Content

Viewers also liked

Key Data Management Requirements for the IoT
Key Data Management Requirements for the IoTKey Data Management Requirements for the IoT
Key Data Management Requirements for the IoT
MongoDB
 

Viewers also liked (16)

[IoT Tech Expo] Smart Cities – Leveraging Messaging from Project to City to ...
[IoT Tech Expo] Smart Cities – Leveraging Messaging from Project to City to ...[IoT Tech Expo] Smart Cities – Leveraging Messaging from Project to City to ...
[IoT Tech Expo] Smart Cities – Leveraging Messaging from Project to City to ...
 
The Prospect of IoT in the Oil & Gas
The Prospect of IoT in the Oil & Gas The Prospect of IoT in the Oil & Gas
The Prospect of IoT in the Oil & Gas
 
HP Iot platform and solution plans
HP Iot platform and solution plansHP Iot platform and solution plans
HP Iot platform and solution plans
 
Security issues and solutions : IoT
Security issues and solutions : IoTSecurity issues and solutions : IoT
Security issues and solutions : IoT
 
Cybersecurity and Internet Governance
Cybersecurity and Internet GovernanceCybersecurity and Internet Governance
Cybersecurity and Internet Governance
 
The Internet of Things: Privacy and Security Issues
The Internet of Things: Privacy and Security IssuesThe Internet of Things: Privacy and Security Issues
The Internet of Things: Privacy and Security Issues
 
Internet of Things: Challenges and Issues
Internet of Things: Challenges and IssuesInternet of Things: Challenges and Issues
Internet of Things: Challenges and Issues
 
IoT Standardization and Implementation Challenges
IoT Standardization and Implementation ChallengesIoT Standardization and Implementation Challenges
IoT Standardization and Implementation Challenges
 
IoT and the Oil & Gas industry at M2M Oil & Gas 2014 in London
IoT and the Oil & Gas industry at M2M Oil & Gas 2014 in LondonIoT and the Oil & Gas industry at M2M Oil & Gas 2014 in London
IoT and the Oil & Gas industry at M2M Oil & Gas 2014 in London
 
IoT implementation and Challenges
IoT implementation and ChallengesIoT implementation and Challenges
IoT implementation and Challenges
 
Key Data Management Requirements for the IoT
Key Data Management Requirements for the IoTKey Data Management Requirements for the IoT
Key Data Management Requirements for the IoT
 
IOT Factory - Open IOT Platform & Startup Studio
IOT Factory - Open IOT Platform & Startup StudioIOT Factory - Open IOT Platform & Startup Studio
IOT Factory - Open IOT Platform & Startup Studio
 
Big data and value creation
Big data and value creationBig data and value creation
Big data and value creation
 
Overview of IoT and Security issues
Overview of IoT and Security issuesOverview of IoT and Security issues
Overview of IoT and Security issues
 
Importance of IoT in Retail
Importance of IoT in RetailImportance of IoT in Retail
Importance of IoT in Retail
 
IoT security (Internet of Things)
IoT security (Internet of Things)IoT security (Internet of Things)
IoT security (Internet of Things)
 

Recently uploaded

Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
UXDXConf
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Peter Udo Diehl
 

Recently uploaded (20)

Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
 
How we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdfHow we scaled to 80K users by doing nothing!.pdf
How we scaled to 80K users by doing nothing!.pdf
 
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and Planning
 
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfIntroduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
 
Oauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoftOauth 2.0 Introduction and Flows with MuleSoft
Oauth 2.0 Introduction and Flows with MuleSoft
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024
 
Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024Enterprise Knowledge Graphs - Data Summit 2024
Enterprise Knowledge Graphs - Data Summit 2024
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
 
Connecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKConnecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAK
 
AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John Staveley
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024
 
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlFuture Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo Diehl
 
Google I/O Extended 2024 Warsaw
Google I/O Extended 2024 WarsawGoogle I/O Extended 2024 Warsaw
Google I/O Extended 2024 Warsaw
 
Strategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsStrategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering Teams
 

IoT Security and Privacy – Sleep-Walking into a Living Nightmare?

  • 1. IoT Security and Privacy – Sleep-Walking into a Living Nightmare? David Rogers, Copper Horse @drogersuk IoTEdinburgh 24th March 2016 Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved. 1 http://www.mobilephonesecurity.org
  • 2. Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved. Who is Connected to the Future Internet? 2 Source: http://cheezburger.com/8068370944
  • 3. Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved. Who is Connected to the Future Internet? (2) 3 Source: http://spectrum.ieee.org/computing/em bedded-systems/on-the-internet-of- things-nobody-knows-youre-a-dog
  • 4. Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved. What is Home Security? 4
  • 5. Copyright © 2015 Copper Horse Solutions Ltd. All rights reserved. 5
  • 6. Opening up Access to Who? From: http://www.independent.co.uk/news/world/americas/hacker-takes-control-of-ohio-couples-baby-monitor-and-screams-bad-things-9296986.html Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved. 6
  • 7. Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved. Connected Lightbulbs 7  WiFi password can be extracted – pivot attack
  • 8. Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved. Connected Doorbell 8  WiFi password can be extracted – pivot attack / physical access
  • 9. Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved. Wireless Burglar Alarm 9
  • 10. Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved. Wireless Burglar Alarm Attack 10  Easily subverted by just removing batteries  Solution was to reduce alarm alert time to 0 seconds! – Home owner forced to use key-fob. https://www.youtube.com/watch?v=Wf SDUOBYUFE
  • 11. Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved. Samsung SmartThings Vulnerabilities 11  February 2016 – ZigBee flaws highlighted – Open locks by decrypting signals – Jamming – “Insecure rejoin”  There are other issues! http://www.forbes.com/sites/thomasbrewster/2016/02/17/samsung- smartthings-vulnerabilities/#ed6d54a4e59d
  • 12. Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved. Smart TV Vulnerabilities 12  Privacy – voice control  Webcams  Software update issued
  • 13. Connected Pets  War Kitteh  Denial of Service Dog Copyright © 2015 Copper Horse Solutions Ltd. All rights reserved. 13
  • 14. Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved. Smart Meters 14  ZigBee, GSM – meter reading  Profiling
  • 15. Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved. Other Devices 15  Radiator and home thermostats  Kettles and kitchen appliances  Garage door openers / detectors  Garden, plant sensors and food dispensers  White goods (e.g. washing machines)  Etc!
  • 16. Counterfeit / Substandard Devices Copyright © 2013 Copper Horse Solutions Ltd. All rights reserved. 16
  • 17. Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved. Near Future Devices 17  Amazon Echo - Alexa
  • 18. Connected Home Updates? Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved. 18
  • 19. Samsung Smart TV Privacy Policy Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved.  221 pages!  Plus other Terms, Nuance privacy policy etc.
  • 20. Plant / Critical Infrastructure Copyright © 2015 Copper Horse Solutions Ltd. All rights reserved. 20
  • 21. Automotive (not just cars!) Copyright © 2015 Copper Horse Solutions Ltd. All rights reserved. 21
  • 22. Make it Safe to Connect https://iotsecurityfoundation.org/ Copyright © 2013 Copper Horse Solutions Ltd. All rights reserved. 22
  • 23. Thanks! david.rogers [@] copperhorse.co.uk @drogersuk @copperhorseuk Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved. 23