The document discusses various security challenges at different levels of IoT architecture. At the sensor level, authentication of small devices with limited resources is challenging. GPS spoofing and hardware attacks are also risks. Networking components like the baseband processor can be vulnerable if firmware exploits exist. Hardening devices like Raspberry Pi that act as IoT hubs is important. When integrating with cloud services and APIs, authentication, privacy, and security configurability need attention.
We did not predict the Internet, the Web, social networking, Facebook, Twitter, millions of apps for smart-phones, etc. New research problems arise due to the large scale of devices, the connection of the physical and cyber worlds, the openness of the systems of systems, and continuing problems of privacy and security. It is hoped that there is more cooperation between the research communities in order to solve the myriad of problems sooner as well as to avoid re-inventing the wheel when a particular community solves a problem.
An overview of security and privacy challenges that must be faced and solved when creating new Things for the Internet of Things. We discussed why are Things inherently insecure together with examples of attack vectors and learned some risk mitigation strategies. We realized why should users be wary of Things violating their privacy and gained awareness of upcoming EU privacy legislation that affects providers of IoT-based solutions. Talk given at Pixels Camp 2017, Lisbon.
Embedded computing is everywhere. It is in our car engines, refrigerators, and even in the singing greeting cards we send. With improvements in wireless technology, these systems are starting to talk with each other, and they are appearing in places like our shoes and wrists to monitor our athletic activity or health. This emerging Internet of Everything (IoE) has tremendous potential to improve our lives. But like any powerful technology, it also has a dark side: it will observe and implement many of our actions. Security in the IoE is likely to be even more critical than general Internet security. After reviewing some of the challenges in creating a secure IoE, Horowitz will describe a new research program at Stanford to address this issue.
The IoT Era Begins
Components of IoT-Enabled Things
IoT Reference model
IoT Security
IoT Security & Privacy Req. defined by ITU-T
An IoT Security Framework
IoT Security Challenges
Internet of Things - Liability
IoT security tools
Internet of Things (IoT) is an emerging platform for human interaction. As such it needs enough security and privacy guarantees to make it an attractive platform for people to come onboard.
We did not predict the Internet, the Web, social networking, Facebook, Twitter, millions of apps for smart-phones, etc. New research problems arise due to the large scale of devices, the connection of the physical and cyber worlds, the openness of the systems of systems, and continuing problems of privacy and security. It is hoped that there is more cooperation between the research communities in order to solve the myriad of problems sooner as well as to avoid re-inventing the wheel when a particular community solves a problem.
An overview of security and privacy challenges that must be faced and solved when creating new Things for the Internet of Things. We discussed why are Things inherently insecure together with examples of attack vectors and learned some risk mitigation strategies. We realized why should users be wary of Things violating their privacy and gained awareness of upcoming EU privacy legislation that affects providers of IoT-based solutions. Talk given at Pixels Camp 2017, Lisbon.
Embedded computing is everywhere. It is in our car engines, refrigerators, and even in the singing greeting cards we send. With improvements in wireless technology, these systems are starting to talk with each other, and they are appearing in places like our shoes and wrists to monitor our athletic activity or health. This emerging Internet of Everything (IoE) has tremendous potential to improve our lives. But like any powerful technology, it also has a dark side: it will observe and implement many of our actions. Security in the IoE is likely to be even more critical than general Internet security. After reviewing some of the challenges in creating a secure IoE, Horowitz will describe a new research program at Stanford to address this issue.
The IoT Era Begins
Components of IoT-Enabled Things
IoT Reference model
IoT Security
IoT Security & Privacy Req. defined by ITU-T
An IoT Security Framework
IoT Security Challenges
Internet of Things - Liability
IoT security tools
Internet of Things (IoT) is an emerging platform for human interaction. As such it needs enough security and privacy guarantees to make it an attractive platform for people to come onboard.
Internet of things are exploding. This whitepaper would help product developers to understand the Security and Privacy issues, their impact and a recommendation for embedding the best practices during PDLC.
Internet of Things (IoT) devices are everywhere, and they're not going away any time soon.Here are some Security Challenges of IoT. #ChromeInfotech
1. How does IoT works?
2. What are the top security challenges that a mobile application developers face?
3. What are the challenges that IoT brings to mobile developers?
Helpful survey for researchers and students who are intended to investigate in the Internet of things field in term of security and privacy side. This survey has general overview in security issues with the solutions addressed these issues.
This presentation discusses about IoT, challenges associated with it, common threats to IoT. It also briefs about how OWASP introduces Vulnerabilities in IoT.
IOT Security. Internet of Things impact is everywhere from your bedroom to office. Everyone should be aware about iot security to run it without any hassle and security risk.
Why you should take IOT security training course ?
Learn about risks of unsecured enterprise and home IoT devices connecting to the Internet and able to share the information they generate.
Iot security training covers these topics :
Device and platform vulnerabilities,
Authentication and authorization,
Web interface and software,
Transport encryption,
Management issues,
Privacy and security enhancements and other iot issues
Iot and security risks :
Most serious IoT security risks involve software. Software attacks can exploit entire systems, steal information, alter data, deny service and compromise or damage devices.
In a phishing attack, for example, Attackers also use malware, such as viruses, worms and Trojans, to damage or delete data, steal information, monitor users and disrupt key system functions.
Learn about:
IoT Principles
Principles of IoT Security
IoT Attack Areas
IoT Vulnerabilities
IoT Firmware Analysis
IoT Software Weaknesses
IoT Security Verification, Validation
Assessing IoT devices attack surfaces
Evaluation of IoT device firmware analysis, attack surface, vulnerabilities and exploiting the vulnerabilities
Request more information.
Visit tonex.com for iot security training course and workshop detail.
https://www.tonex.com/training-courses/iot-security-training-iot-security-awareness/
Internet of Things means every household or handy device which is used to make our world easy and better and connected with IP which transmit some data.
This slide covers IOT description, OWASP Top 10 2014 & its recommendations.
Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...ClicTest
We are in the age of Cybercrimes and just getting started with Internet of Things. There will be a huge demand for IoT as 50 billion connected devices will be deployed across the globe by 2020. These devices will communicate with each other where the web and the physical world will meet with different set of internet infrastructure and protocols. This in turn, will not only help us in saving money, but also provide us with more options.
Discussion Topics:
• The importance of IoT
• How will they impact in our everyday lives?
• Is Internet of Things Secure?
• Securing Internet of Things
But, the Tech buzz is all about: Security of Things (Security in the Internet of Things). How far these Internet of Things can be trusted? Can these IoT devices be hacked? How they have become the Next Cyber Security Target for hackers? How can we secure Internet of Things?
For more details, please visit www.clictest.com or drop us an email to info@clictest.com
IoT Security: Debunking the "We Aren't THAT Connected" MythSecurity Innovation
In a world where convenience is key, consumers are adopting every new connected device that hits the shelves - and doing so with the assumption that due diligence security has been considered. But recent IoT attacks suggest otherwise.
As organizations migrate from a primarily offline to online business model, they are failing to consider IoT’s unique threats which traditional solutions are unable to secure. As a result, steps must be taken to ensure that the device, connections and infrastructure are hardened, especially software which runs IoT devices and is the source of ~90% of attacks.
This webinar is ideal for risk, technology, and security professionals that want to understand why a hacker would want to attack their “harmless” IoT device and what the stealth risk to their organization and consumers is.
Topics covered include:
- IoT security – why it’s so different….and tough
- The IoT ecosystem and attack surface
- Managing liability - IoT risks to consumers and vendors
- Auditing IoT software development
IoT security and privacy: main challenges and how ISOC-OTA address themRadouane Mrabet
Internet Society (ISOC) aims are:
make security an integrated function of connected objects and encourages IoT device and service providers for consumers to adopt the Online Trust Alliance (OTA) security and privacy principles ;
increase the consumer demand for security and privacy in the IoT devices they purchase;
create government policies and regulations that promote better security and privacy features in IoT devices.
Your Thing is Pwned - Security Challenges for the IoTWSO2
The Internet of Things and Machine to Machine are growing areas, and security and privacy are prime issues. In this session security challenges are examined around using M2M devices with protocols such as MQTT & CoAP - encryption, federated identity and authorisation models in particular.
On the topic of encryption, we’ll examine securing MQTT with TLS, challenges with Arduino, and using hardware encryption for microcontrollers. A key privacy requirement for user-centric IoT use cases will be giving users control over how their things collect and share data. On the Internet, protocols like OAuth 2.0, OpenID Connect & User Managed Access have been defined to enable a privacy-respecting user consent & authorization model. We'll look at the issues with applying these protocols to the M2M world and review existing proposals & activity for extending the above M2M protocols to include federated identity concepts.
The session included a live demonstration of Arduino and Eclipse Paho inter-operating secured by OAuth 2.0.
Security Fundamental for IoT Devices; Creating the Internet of Secure ThingsDesign World
In this webinar we will discuss the state of security for IoT devices, the threats that exists for IoT devices and the challenges for building secure IoT devices. We will also discuss the technologies available to ensure your IoT device is secure.
IoT Security Imperative: Stop your Fridge from Sending you SpamAmit Rohatgi
We've all heard the continuing news about or been victims of hacked passwords, data breaches, identity theft and lost privacy, because our heavy reliance on Internet connectivity. Our digital world necessitates ever improving security. But now we're on the cusp of a major revolution where our appliances, cars, clothes and the very fabric of our lives (no pun intended) are also connected. Software and silicon designers must take active design measures for ensuring user data. In this talk, Amit Rohatgi, president of the prpl Foundation, will outline the market and technical challenges as well as the essential measures in the design phase for securing our ever-more-connected digital world. He will also discuss why open-source is appropriately suited for addressing theses challenge and how the prpl Foundation is tackling this from the ground-up.
IoT Hardware Teardown, Security Testing & Control DesignPriyanka Aash
The Internet of Things (IoT) is the interconnection of uniquely identifiable embedded computing devices within the existing Internet infrastructure.
- ‘Interconnection’ refers to (wireless) networking
- ‘Uniquely identifiable’ reminds (IPv6) addressing
- ‘Embedded’ reminds reduced size and full integration of components ‘Computing’ reminds processing capabilities
Internet of things are exploding. This whitepaper would help product developers to understand the Security and Privacy issues, their impact and a recommendation for embedding the best practices during PDLC.
Internet of Things (IoT) devices are everywhere, and they're not going away any time soon.Here are some Security Challenges of IoT. #ChromeInfotech
1. How does IoT works?
2. What are the top security challenges that a mobile application developers face?
3. What are the challenges that IoT brings to mobile developers?
Helpful survey for researchers and students who are intended to investigate in the Internet of things field in term of security and privacy side. This survey has general overview in security issues with the solutions addressed these issues.
This presentation discusses about IoT, challenges associated with it, common threats to IoT. It also briefs about how OWASP introduces Vulnerabilities in IoT.
IOT Security. Internet of Things impact is everywhere from your bedroom to office. Everyone should be aware about iot security to run it without any hassle and security risk.
Why you should take IOT security training course ?
Learn about risks of unsecured enterprise and home IoT devices connecting to the Internet and able to share the information they generate.
Iot security training covers these topics :
Device and platform vulnerabilities,
Authentication and authorization,
Web interface and software,
Transport encryption,
Management issues,
Privacy and security enhancements and other iot issues
Iot and security risks :
Most serious IoT security risks involve software. Software attacks can exploit entire systems, steal information, alter data, deny service and compromise or damage devices.
In a phishing attack, for example, Attackers also use malware, such as viruses, worms and Trojans, to damage or delete data, steal information, monitor users and disrupt key system functions.
Learn about:
IoT Principles
Principles of IoT Security
IoT Attack Areas
IoT Vulnerabilities
IoT Firmware Analysis
IoT Software Weaknesses
IoT Security Verification, Validation
Assessing IoT devices attack surfaces
Evaluation of IoT device firmware analysis, attack surface, vulnerabilities and exploiting the vulnerabilities
Request more information.
Visit tonex.com for iot security training course and workshop detail.
https://www.tonex.com/training-courses/iot-security-training-iot-security-awareness/
Internet of Things means every household or handy device which is used to make our world easy and better and connected with IP which transmit some data.
This slide covers IOT description, OWASP Top 10 2014 & its recommendations.
Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...ClicTest
We are in the age of Cybercrimes and just getting started with Internet of Things. There will be a huge demand for IoT as 50 billion connected devices will be deployed across the globe by 2020. These devices will communicate with each other where the web and the physical world will meet with different set of internet infrastructure and protocols. This in turn, will not only help us in saving money, but also provide us with more options.
Discussion Topics:
• The importance of IoT
• How will they impact in our everyday lives?
• Is Internet of Things Secure?
• Securing Internet of Things
But, the Tech buzz is all about: Security of Things (Security in the Internet of Things). How far these Internet of Things can be trusted? Can these IoT devices be hacked? How they have become the Next Cyber Security Target for hackers? How can we secure Internet of Things?
For more details, please visit www.clictest.com or drop us an email to info@clictest.com
IoT Security: Debunking the "We Aren't THAT Connected" MythSecurity Innovation
In a world where convenience is key, consumers are adopting every new connected device that hits the shelves - and doing so with the assumption that due diligence security has been considered. But recent IoT attacks suggest otherwise.
As organizations migrate from a primarily offline to online business model, they are failing to consider IoT’s unique threats which traditional solutions are unable to secure. As a result, steps must be taken to ensure that the device, connections and infrastructure are hardened, especially software which runs IoT devices and is the source of ~90% of attacks.
This webinar is ideal for risk, technology, and security professionals that want to understand why a hacker would want to attack their “harmless” IoT device and what the stealth risk to their organization and consumers is.
Topics covered include:
- IoT security – why it’s so different….and tough
- The IoT ecosystem and attack surface
- Managing liability - IoT risks to consumers and vendors
- Auditing IoT software development
IoT security and privacy: main challenges and how ISOC-OTA address themRadouane Mrabet
Internet Society (ISOC) aims are:
make security an integrated function of connected objects and encourages IoT device and service providers for consumers to adopt the Online Trust Alliance (OTA) security and privacy principles ;
increase the consumer demand for security and privacy in the IoT devices they purchase;
create government policies and regulations that promote better security and privacy features in IoT devices.
Your Thing is Pwned - Security Challenges for the IoTWSO2
The Internet of Things and Machine to Machine are growing areas, and security and privacy are prime issues. In this session security challenges are examined around using M2M devices with protocols such as MQTT & CoAP - encryption, federated identity and authorisation models in particular.
On the topic of encryption, we’ll examine securing MQTT with TLS, challenges with Arduino, and using hardware encryption for microcontrollers. A key privacy requirement for user-centric IoT use cases will be giving users control over how their things collect and share data. On the Internet, protocols like OAuth 2.0, OpenID Connect & User Managed Access have been defined to enable a privacy-respecting user consent & authorization model. We'll look at the issues with applying these protocols to the M2M world and review existing proposals & activity for extending the above M2M protocols to include federated identity concepts.
The session included a live demonstration of Arduino and Eclipse Paho inter-operating secured by OAuth 2.0.
Security Fundamental for IoT Devices; Creating the Internet of Secure ThingsDesign World
In this webinar we will discuss the state of security for IoT devices, the threats that exists for IoT devices and the challenges for building secure IoT devices. We will also discuss the technologies available to ensure your IoT device is secure.
IoT Security Imperative: Stop your Fridge from Sending you SpamAmit Rohatgi
We've all heard the continuing news about or been victims of hacked passwords, data breaches, identity theft and lost privacy, because our heavy reliance on Internet connectivity. Our digital world necessitates ever improving security. But now we're on the cusp of a major revolution where our appliances, cars, clothes and the very fabric of our lives (no pun intended) are also connected. Software and silicon designers must take active design measures for ensuring user data. In this talk, Amit Rohatgi, president of the prpl Foundation, will outline the market and technical challenges as well as the essential measures in the design phase for securing our ever-more-connected digital world. He will also discuss why open-source is appropriately suited for addressing theses challenge and how the prpl Foundation is tackling this from the ground-up.
IoT Hardware Teardown, Security Testing & Control DesignPriyanka Aash
The Internet of Things (IoT) is the interconnection of uniquely identifiable embedded computing devices within the existing Internet infrastructure.
- ‘Interconnection’ refers to (wireless) networking
- ‘Uniquely identifiable’ reminds (IPv6) addressing
- ‘Embedded’ reminds reduced size and full integration of components ‘Computing’ reminds processing capabilities
Yesterday Pierluigi Paganini, CISO Bit4Id and founder Security Affairs, presented at the ISACA Roma & OWASP Italy conference the state of the art for the Internet of Things paradigm. The presentation highlights the security and privacy issues for the Internet of Things, a technology that is changing user’s perception of the technology.
security is something we don't like but we cant do without it, as embedded systems growing news vulnerabilities are shown, here is some powerful steps to secure an embedded system.
Autonomous robotics based on simplesensor inputs.sathish sak
A “robot” is explained as “a device that performs functions normally ascribed to humans” - Webster.
“Autonomous” means that the robot can work totally independently of itself, once it has been programmed, and it should be able to function without interaction from any human influence. Many robots are used nowadays to work in conditions where it is inaccessible for humans to work and therefore need to be autonomous.
The aim of this project is to program a robot (shown left) using PIC (peripheral interface controller) chips, so that it will utilise its infra red sensors and run its stepper motors to follow a boundary wall within an enclosed environment.
This presentation aims to share working knowledge on how attackers are taking an advantage of connected (IOT) devices for scaling attacks. From hardware to repeatable software exploitation that scale. X-ray on the current security resilience of some of today's connected devices. Typically challenges developers are facing today and a proof of concept attack on a "secure" connected camera with critical consequences. Finally we give valuable takeaways for improving the security of your solutions and avoid these horrible mistakes.
The Internet of Things is the idea that everything around us from cars to ovens can be connected. If everything around us is linked and collecting information, these networks must be able to provide security and privacy to the end-user particularly in low-power lossy networks.
CODE BLUE 2014 : DeviceDisEnabler : A hypervisor which hides devices to prote...CODE BLUE
Current mobile gadgets includes of rich devices (high resolution video camera, microphone, GPS, etc) which enable high quantity communication (Video conference, current location data, etc). Unfortunately, the rich devices make easy to conduct cyber espionage. For example, a high resolution video is used to read the text on a display. A GPS device is used to track the user's location ("Cerberus" and "mSpy" are famous. Japanese application named "karelog" became social issues). These devices are not used in company's office or factory and computer administrators want to prohibit these devices. Unfortunately, the devices are embedded in a mobile gadget and most of them cannot be disenabled by BIOS or EFI.
In order to In order to solve this problem, we propose a thin hypervisor called "DeviceDisEnabler (DDE)", which hides some devices from OS. DDE is a lightweight hypervisor and can be inserted to a pre-installed OS. Although the OS uses "IN" instruction to get the device information on PCI and USB (Vendor ID, Device Class, etc), the "IN" instruction is hooked by DDE and the device information is hidden if the devices is prohibited in the company.
Unfortunately, not only attackers but also employees want to bypass the DDE because they want to use the devices. In order to protect bypassing the DDE, it encrypts the disk image of the OS. It means the OS cannot be used without the help of DDE. In order to hide the encryption key, the DDE has three types of key managements (A technique gets a key from the Internet with a secure communication. A technique hides the key into a TPM chip and obtains it at a certain state of boot time only. A technique obfuscates the key into the code using Whitebox Cryptography technique).
Current implementation is based on BitVisor 1.4 and the target is a mobile gadget which has Intel CPU. I will talk about the requirements for ARM CPU based implementation.
NFC: Naked Fried Chicken / Пентест NFC — вот что я люблюPositive Hack Days
Ведущий: Маттео Беккаро (Matteo Beccaro)
Доклад посвящен общим вопросам транспортной безопасности, мошенничества и технологических сбоев и будет интересен как профессиональным пентестерам, так и любителям. Докладчик рассмотрит несколько серьезных уязвимостей в реальных транспортных системах, в которых используется технология NFC, и продемонстрирует открытое приложение для тестирования таких систем со смартфона.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
6. OF TODAY
• Smart sensors which tells us for how long
our employees/students were on their seat
My boss on
seat or not ??
7. AND REALITY OF TOMORROW
4)Smart beds which automatically wake us up
(in case we have something urgent to do)
5)Smart utensils which tells our doctors about
what we ate in last 3 months
6)Smart meters to regulate flow of electricity in
our houses and buildings
7)Well today we have technology much beyond
what we usually imagine . . . .
9. IOT relies on satellites, Cellular networks and all the telecommunication system apart
From cloud, conventional networking and computing systems.
Implementation of IOT also relies on:
10. WHAT IOT SECURITY MEANS
• IOT Security is really about understanding
threats at all the different layers included at all
the different levels
• Threat modeling in IOT is really about
understanding threats at different levels and
then designing the security of application
based on it’s required functionality.
11. LEVEL-1
• How do I authenticate my sensors and what
could be the possible risk?
• Challenges:
• Small size
• No memory or processing power
• Physical security
• Example: temperature sensor, alcohol sensor,
pir sensor
12. MITIGATION
• Possible solutions:
• Use of micro-controllers (which then come
with their own challenges of course)
• Authentication problems can be solved
• Encryption can be used
14. OTHER SENSORS
• There are some sensors whose operation
depends on Physical Quantities like
(temperature, sound) etc.
• And on the other hand, there are sensors
which don’t directly use physical quantities.
Rather they rely on other equipment(like
satellites for their operation)
• Example is GPS technology
16. Problem
• What is GPS spoofing?
• The problem traces it’s route back to the basic
working of the GPS
• A GPS receiver constantly talks to the satellites
GPS
RECIEVER
SATELLITE
FREQUENCY
17. HOW ATTACK WORKS
• A GPS spoofing attack attempts to deceive a GPS
receiver by broadcasting counterfeit GPS signals,
structured to resemble a set of normal GPS
signals, or by rebroadcasting genuine signals
captured elsewhere or at a different time
• These spoofed signals may be modified in such a
way as to cause the receiver to estimate its
position to be somewhere other than where it
actually is, or to be located where it is but at a
different time, as determined by the attacker
18. PROOF OF CONCEPT
• A "proof-of-concept" attack was successfully
performed in June, 2013, when the luxury yacht
"White Rose" was misdirected with spoofed GPS
signals from Monaco to the island of Rhodes by a
group of aerospace engineering students from
the Cockrell School of Engineering at the
University of Texas in Austin
• It has been suggested that the capture of a
Lockheed RQ-170 drone aircraft in
northeastern Iran in December, 2011, was the
result of such an attack
19. Possible Solutions
• RAIM (Receiver autonomous integrity
monitoring)
• Use of Artificial Intelligent Algorithms to catch
the difference in patterns (Only applicable if
the path to be taken by a device is know in
advance and measure of deviation from
original path is monitored)
20. LEVEL-2
Let’s look at the Hardware technology on which IOT
architecture Relies. (taking only gateway hardware
into consideration)
Apps
OS/Services
Hardware/Firmware e.g. ARM, INTEL, QUALCOMM,
BROADCOM, AVR, FREESCALE etc
e.g. LINUX, RTOS etc and services provided
By them
Custom IOT applications written in either
Python, Java or C/C++ or any other language
21. Possible Attacks on Processor
• What are the different ways in which a
hardware is compromised?
• ARM (Advanced Risk Machines) has outlined 3
types of Hardware Attacks
22. Hardware Threats to IOT
• Hack attack
• A hack attack is one where the hacker is only capable of executing a
software attack. Examples of hack attacks include viruses and malware
which are downloaded to the device via a physical or a wireless
connection.
• In many cases of a successful hack attack the device user inadvertently
approves the installation of the software that then executes the attack.
This is either because the malware pretends to be a piece of the software
that the user does want to install, or because the user does not
understand the warning messages displayed by the operating
environment.
• In the book “Securing Java” there is a section which sums up the decision
making capability of the typical user when it comes to choosing between
security and desirable functionality:
• “Given a choice between dancing pigs and security, users will pick dancing
pigs every time.”
23. IOT Security Risks
• Shack attack
• A shack attack is a low-budget hardware attack, using equipment
that could be bought on the high street from a store such as Radio
Shack. In these scenarios the attackers have physical access to the
device, but not enough equipment or expertise to attack within the
integrated circuit packages.
• The attackers can attempt to connect to the device using JTAG
debug and built-in self test facilities. They can passively monitor the
system using logic probes and network analyzers to snoop bus lines,
pins and system signals. The attackers may also be able to perform
simple active hardware attacks, such as forcing pins and bus lines to
be at a high or low voltage, reprogramming memory devices, and
replacing hardware components with malicious alternatives.
24. Unique Secret per Device
• Lab attack
• The lab attack vector is the most comprehensive and invasive. If the attacker has
access to laboratory equipment, such as electron microscopes, they can perform
unlimited reverse engineering of the device. It must be assumed that the attacker
can reverse engineer transistor-level detail for any sensitive part of the design -
including logic and memories.
• Attackers can reverse engineer a design, attach microscopic logic probes to silicon
metal layers, and glitch a running circuit using lasers or other techniques. Attackers
can also monitor analog signals, such as device power usage and electromagnetic
emissions, to perform attacks such as cryptographic key analysis.
• In most cases, considering the rule of thumb that states every device can be
broken, a device should not try and defend against lab attack directly, but should
take measures which limit the damage when a device is broken and therefore
make the lab attack uneconomical. Use of per-device unique secrets is one
example where reverse engineering a single device provides the attacker with no
useful information; they have the secret for the device that they already own, but
not any of the other devices in that class.
25. Feasibility of these attacks
• Hardware attacks are less common because:
• Not every attacker has access to a lab or
specialized skills and equipment required
• Firmware vulnerabilities can be patched
• OS’es can be made hard
• Attacker (in many cases) need to be physically
present to attack the hardware, which makes
it a little difficult
26. That’s it about hardware
attacks?
• The story of hardware hacking should have
ended here
27. But then came the base !!
• But the truth is that many people access
internet using cellular services
• IOT is possible with moving devices only if we
use GPRS, 3G, 4G services
And Baseband can act as the base for all
Hardware hacking to start.
It is the not the second but the first door
Used by hackers to come in.
28. • Most devices use baseband processors to talk
to BTS stations
• Mobile phones being the best example
• Baseband processor is different from
application processor
• But they are usually packaged into the same
SOC
29. What is the Problem?
• The problem is:
• Most baseband processors use proprietary
firmware from companies like ‘qualcomm,
broadcomm and so on.
• Researchers show that there are many
vulnerabilities in these firmwares
• And what makes things more interesting is
that they can be attacked remotely
30. • But we are using cell-phones from decades
without problems?
31. Problems with Cellular Setup
• Initially it was not possible for an attacker or
security researcher to set his own “BTS” just for
attack/research purpose
• Now it has become much easier with things like:
• OpenBTS (open software)
• IDA (used for reverse engineering)
• Raspberry pi ??? Why raspberry pi.
• Any radio front-end (to generate frequency
signals)
32. • What is the depth of penetration of these attacks??
• It depends upon:
• Whether app-processor and baseband processor share
ram or their communication is hardened??
• Moreover it depends upon what is allowed by the
vulnerability being exploited
• In some cases it is possible to hijack the system
completely bypassing all security mechanisms
implemented by app-processor
• Stack overflows and Heap overflows are most common
attacks
33. Impact
• What could be the impact of cellular based
attacks:
• Millions of devices could be compromised by a
single vulnerability
• GSM is still the most popular network in the
world
34. Suggested by Researchers
• Possible ways of mitigating the risk:
• Isolation of memory used by the processors
• In many cases use of a serial communication,
only AT cmd interface
• Scanning the data being received from the
baseband processors
35. Level-3
• After sensors and hardware, the next level is
protection at OS and software levels.
• This levels is most vulnerable to attacks
• Mostly attackers get into systems because of
vulnerable OS software or weakness in the
applications being served on the top of
different software stacks
36. When Raspberry is the
GAteway
• Raspberry Pi is becoming increasing popular
among IOT enthusiasts
• If we search ExploitDB with keyword
‘Raspberry PI’ we can easily find shell codes
targeted towards the ARM architecture
• Hardening the raspberry is therefore another
challenge while designing apps for the IOT
37. Hardening the PI
• What are some of the common ways of
hardening IOT hub (in general) and specifically
Raspberry PI (running the Rasbian OS)
38. Make it hard for attackers
• General Precautionary measures:
• Create a new user with your USERNAME and
set a strong PASSWORD (many scanners come
these days which try to login using
pi/raspberry pair)
• Delete the default pi/raspberry user account
from your system
• Use a strong password (Check for list of black-
listed password on internet and avoid them)
39. • Decide what you really want to do with your PI,
and disable any unused services
• Rasbian comes pre-configured with JDK, php,
python, perl and many such programming and
other tools which may not at all be required but
could be potential ATTACK VECTORS
• Disable all such un-used software
• E.g. Do you really need a web server running? If
not disable it
• If you don’t use java, just “purge the JDK” and all
related tools
40. • If Apache is required, then be sure to secure it
using the OWASP best practices on hardening
an apache server
• Make sure to do the same with other services
like MySQL, NGINX
• OWASP (http://owasp.org) is a good source of
information on how we can secure our servers
and services running.
41. • Decide whether you need to ssh into your PI
• If yes make sure to use public/private key pair
for authentication of use strong passwords
• Disable remote login as a root user
• Change the default ssh port
• Use Account Lockout after 3-5 failed attempts
• Add another layer of security using techniques
like PORT-KNOCKING
42. • Configure logging to monitor logins and failed
login attempts
• Install and configure iptables
• More defensive measures:
• Honeypots can be deployed.
• https://redmine.honeynet.org/projects/honeeepi
/wiki
• Honeeepi is a project based on setting up
honeynets with raspberry pi
43. • Encrypt only the folder which contain useful
data
• Full Disk Encryption could be an expensive
operation in context of Raspberry pi therefore
we should try to avoid it
• Execute application code from trusted sources
only
45. Web Interface Security
• Never use un-encrypted channel for data transfer
• Use of TLS is mandatory
• Use 2 factor (multi-factor where applicable and
appropriate) authentication for critical operations
• OTP is one the methods which can be used when
a user performs operations like:
• Changing password, deleting data, updating
permissions etc
46. Privacy Concerns
• Privacy Concerns among users is another
major challenge to the wide spread
acceptance of the IOT
• Providing sufficient controls to users so they
can allow/block who access their data is
important
• At the same time, it should not compromise
the user experience
47. Using 3rd party api’s
• With IOT, use of 3rd party API’s like Twitter,
Facebook, IFTTT, Google+ is very common and
expected to increase.
• It is important to make sure that
vulnerabilities in 3rd party api’s doesn’t
compromise our app’s data in any way
• Therefore when using 3rd pary api’s user’s data
should be exposed in a limited way
48. Security Configurability
• ‘Lack of Security Configurability’ is on of the
major reasons for weakness in IOT devices as
of today.
• Therefore user should be able to easily
configure the basic and advanced security
• Log’s collected from client (IOT hub) and web
+ mobile interface can be collected at one
place and co-related to raise alerts in case of
any abnormal patterns
49. Account Lock and Forgot
Password
• Forget password is one of the most popular
insecure being.
• Password reset attacks can be made difficult
by taking away the control from web-interface
all together (Number of users has to be taken
into account)
• Similarly alert can be raised if more than a
threshold number of failed login attempts are
observed.