Unblocking The Main Thread Solving ANRs and Frozen Frames
Prakash Padariya - IoT Cyber Warfare
1. UNCLASSIFIED 1UNITED IN SERVICE TO OUR NATION
IoT Cyber Warfare
Prakash Padariya
September 2019
All views are strictly personal
2. Prakash Padariya
www.linkedin.com/in/prakashp
• 16+ years of core Information / Cyber Security & Technology corporate experience
• Fortune 100 multinational corporations like GE, Royal Bank of Scotland, IBM, Target Corporation & Accenture.
• India, USA, UK, Australia, Canada and UAE.
• Chief Information Security Officer (CISO) of GE India Technology Center (JFWTC) responsible to manage
14+ portfolios for 11 GE businesses covering 5500+ employees in 50 acres campus.
• Personal website www.thesecureplanet.com focusing on Information security world.
• Strong supporter of Entrepreneurship & Start-up Ecosystem (IT/Non-IT).
11. Cyber Warfare - Let the Game Begin !!
Well Started Long time Back
– Stuxnet –
Developed in 2005,
Uncovered in 2010
A Huge
Nuclear
Plant
Scope
Prakash Padariya
12. UNCLASSIFIED 12UNITED IN SERVICE TO OUR NATION
A Small
Toothbrush
1. Adafruit Bluefruit Snier
2. Ubertooth
3. BLE Snier Python Scripts
4. Python - Bluepy
Prakash Padariya
13. UNCLASSIFIED 13UNITED IN SERVICE TO OUR NATIONUNCLASSIFIED
Drone Hacking - A New Aviation Industry
• Military drones - Well-controlled, Heavily regulated, Very secure
• Commercial and Personal/Hobby drones - Perfect spy device & ATTACK Device too
Attack Vectors
• GPS location spoofing and spoofing of altitude, speed
• GPS channel remote command injection
• Control channel traffic interception and decryption
• Control channel remote command injection
• Return feed inception and monitoring
• Return feed traffic spoofing
• Malicious firmware
• Malicious hardware
• Hardware implants
• Hardware tinkering/hacking
• Software code failure
• GPS signal jamming
• Control channel signal jamming
• Return feed signal jamming
Next Gen Risks?
• Artificial intelligence in drones
• Self-power (Solar power) – Infinite Flying
Prakash Padariya
14. UNCLASSIFIED 14UNITED IN SERVICE TO OUR NATION
Remember - Skynet?
Can It Happen in race of AI & ML?
Prakash Padariya
15. UNCLASSIFIED 15UNITED IN SERVICE TO OUR NATIONUNCLASSIFIED
OWASP IoT Top 10
https://www.owasp.org/images/1/1c/OWASP-IoT-Top-10-2018-final.pdf
Take Away
CIS Critical Controls Framework
https://www.cisecurity.org/critical-controls.cfm
CTIA - Wireless communications industry - IoT Cybersecurity Certification
https://www.ctia.org/about-ctia/certification-resources
Stanford Secure Internet of Things Project
http://iot.stanford.edu/
NISTIR 8200 - International Cybersecurity Standardization for the Internet of Things (IoT)
https://nvlpubs.nist.gov/nistpubs/ir/2018/NIST.IR.8200.pdf
ENISA (European Union) Baseline Security Recommendations for IoT
https://www.enisa.europa.eu/publications/baseline-security-recommendations-for-iot/at_download/fullReport
IEEE Internet of Things Standards (30+)
https://standards.ieee.org/initiatives/iot/stds.html
Cloud Security Alliance IoT Security Controls Framework
https://cloudsecurityalliance.org/artifacts/iot-security-controls-framework/
How can "WE" make IoT Secure?
Prakash Padariya
16. UNCLASSIFIED 16UNITED IN SERVICE TO OUR NATION
IoT Cyber Warfare
Questions?
Prakash Padariya
Image Credits - Beecham Research, Cisco, Gartner, Dan Ledger www.linkedin.com/in/prakashp