SlideShare a Scribd company logo

Securing Your Wearable Tech Brand

S
Simon Loe

This presentation was given by Rahul Gupta of Spirent at the IoT Asia event in Singapore in March 2016

Internet
1 of 23
Download to read offline
1Spirent Communications PROPRIETARY AND CONFIDENTIAL Securing your wearable tech brand Rahul Gupta – Market segment manager 30th March 2016 Making IoT adoption Simple, Safe & Secure
2Spirent Communications PROPRIETARY AND CONFIDENTIAL Internet Of Things (IoT) Challenges Management & control of remote devices in the field for 10+ years New security threats, vulnerabilities & attack surfaces Multiple standards initiatives which lack unification & ratification Volume/Variety of devices requiring different Testing, Qualification & Quality New developers who lack expertise in network coms, IP/IT security etc. Chrysler Jeep hacked over internet (July 2015) Explosion in number of connections & diverse call models to the Network
3Spirent Communications PROPRIETARY AND CONFIDENTIAL IoT connectivity Source : uBlox
4Spirent Communications Wearable drone control Source : Postscapes.com
5Spirent Communications Wearable controlled cars “Volvo owners will be able to talk to their car via their Microsoft Band 2, allowing them to instruct their vehicle to perform tasks including, setting the navigation, starting the heater, locking the doors, flashing the lights or sounding the horn via Volvo’s mobile app Volvo on Call and the connected wearable device” Source : Trafficsafe.org Jan’16
6Spirent Communications
7Spirent Communications Fitbit user accounts attacked Source : CNBC Jan’16 The hackers also gained access to Fitbit users' GPS history, "which shows where a person regularly runs or cycles, as well as data showing what time a person usually goes to sleep,"
8Spirent Communications The smartphone pairing  Hackers can use malicious apps do a variety of things from making phone calls without your permission, sending and receiving texts and extracting personal information—all potentially without your knowledge. They can also, with the help of your wearable, track your location through GPS and record any health issues you’ve entered into your wearable. The point is: once they have permissions to your mobile device, they have a lot of control and a lot of resources.  The hacker can then use this data to conduct varying forms of fraud. Need a special prescription from your doctor that happens to sell well on the black market? Well, so does the hacker. Going out for a jog in the morning? Good information for a burglar to know. These personal details just scratch the surface of information available for the taking on your mobile devices.
9Spirent Communications BT & Wi-Fi connections  Bluetooth and Wi-Fi communication between wearable devices and paired smartphones is another area of vulnerability for enterprise data.  Recently, security firm BitDefender demonstrated that the Bluetooth communication between Android devices and smartphones could be deciphered using brute-force attacks.  Rather than focusing in on software vulnerabilities, hackers opt for persistent trial and error, trying username and password combinations until they crack the code and are able to access contents stored on devices.
10Spirent Communications PROPRIETARY AND CONFIDENTIAL Increasing use of GPS receivers in IoT applications  Tracking People and Pets (For Health and Safety)  For kids and the elderly  Real-time accurate positions required  Wearable devices required with high-level of accuracy  Monitoring environment  Sensors positioned to monitor air quality, seismic events, etc  May be positioned in GNSS-difficult locations Important to Test location-aware devices integrating GPS receivers  GPS chipsets have various levels of quality: Accuracy, Precision, Integrity  Errors: Multipath, Atmospheric, RF Interference, System, Timing and more  Ensure your devices are fully tested for GNSS vulnerabilities
11Spirent Communications PROPRIETARY AND CONFIDENTIAL Overview of GPS GNSS Vulnerabilities
12Spirent Communications PROPRIETARY AND CONFIDENTIAL …common problems Map issues No position Sensor fusion algorithm prioritiesMultipath errors Signal selectionPoor performance in city High errors Wrong time Antenna problems Errors indoors? Position jumps Interference
13Spirent Communications GPS Disruption – Real atmospheric events  UK June 2015 Reports that some GPS receivers were affected by at least one (of the two) solar weather events experienced in June 2015 (mid-level solar flare)  USA December 2006 Solar radio bursts during December 2006 were sufficiently intense to be measurable with GPS receivers. This event was about 10 times larger than any previously reported event. The strength of the event was especially surprising since the solar radio bursts occurred near solar minimum. Civilian dual frequency GPS receivers were the most severely affected
15Spirent Communications • Michael Robinson – DEFCON 23, August 2015 • Demonstrated effect of disrupted (jammed) GPS Signal on a drone… • Drone reverted to Non-GPS flying mode but before it did…. • …Video feed started to jitter and video feeds were tagged as “unstable” • Video synch required precise timing from GPS GPS jamming – unexpected behaviour GPS Interference can cause unexpected behaviour in an unprotected system
16Spirent Communications GPS Spoofing demonstrated at Hacker’s convention  DEFCON 23, Las Vegas…  Huang and Yang spoof a drone’s GPS co-ordinates  The drone is geo-fenced and cannot fly in a forbidden area….  But with spoofed co-ordinates it can!
17Spirent Communications Availability of hacking tools Goo Buy – China Feb 2016…. Amazon Japan Store Feb 2015… Cheap Jammers now available from mainstream internet stores worldwide Amazon UK Store Dec 2015…. Unknown, USA
18Spirent Communications • Low-cost Software Defined Radio boards are easy to procure – not designed for “Reverse Radio Hacking” but ideally suited as a platform to do this • Used with Open Source Code - readily available on the internet for– • GPS transmitter (spoofer or repeater) • GPS Receiver (legitimate) • Previous attempts at GPS spoofing have all used more expensive custom hardware. Generating replica GNSS signals
19Spirent Communications How are GPS GNSS threats evolving?  Information Security categories apply to GNSS situation (Source: SANS Institute)  Unstructured Hacker  Structured Hacker  Organised crime/industrial espionage  Insider  Unfunded terrorist group  Funded terrorist group  Nation State  GNSS threat evolution has strong parallels with evolution of Information Security threats (Theunissen, 2014)  Currently no “responsible disclosure” for GNSS threats and vulnerabilities LikelySeverity ofimpact Low Very High
20Spirent Communications PROPRIETARY AND CONFIDENTIAL IoT GPS GNSS Cyber Security Risk Assessment Test vs threats Implement mitigation strategy Use the most appropriate and cost effective improvement areas….. Detection and characterisation of environment
21Spirent Communications PROPRIETARY AND CONFIDENTIAL IoT Security Testing • Compliance level scans (i.e. OWASP, SANS 20) • Attack surface and connectivity testing • Stack hardening (Fuzzing) • Malware testing • Penetration (PEN) testing • Privacy data testing • Blended volumetric attack testing (i.e. multiple DDoS) • Load & stress testing • Security audits (Ethical Hacking) • Horizontal & vertical privilege escalations • Static code analysis Spirent Cyber Security Test Services Lab testing Live testing Remote testing Field testing
22Spirent Communications PROPRIETARY AND CONFIDENTIAL Customer Challenges and Our Solutions Develop IoT Devices & Applications Operate & Optimize IoT Networks & Applications Customer Challenges Our Solutions Simple developers test tools Embedded software to speed development Embedded software to facilitate connection & configuration Tests & services to quickly qualify devices & applications Analytics to detect performance & security issues
23Spirent Communications PROPRIETARY AND CONFIDENTIAL IoT Community & IoT SLAM Internet of Things Community: virtual worldwide community (Spirent is founder member & chair) • Hosted via social business network “LinkedIn” • Over ~11,500 members • Environment for collaboration, sharing & influence • Holds virtual & in-person events/forums http://iotslam.com/
24Spirent Communications PROPRIETARY AND CONFIDENTIAL © Spirent Communications, Inc. All of the company names and/or brand names and/or product names and/or logos referred to in this document, in particular the name “Spirent” and its logo device, are either registered trademarks or trademarks pending registration in accordance with relevant national laws. All rights reserved. spirent.com Thank you • Join the GNSS Vulnerabilities group on LinkedIn to find out more about GNSS jamming and spoofing and join the discussion

Recommended

Final ppt
Final pptFinal ppt
Final pptPradeep R
 
Controlling Laptop and Smartphone Access to Corporate Networks
Controlling Laptop and Smartphone Access to Corporate NetworksControlling Laptop and Smartphone Access to Corporate Networks
Controlling Laptop and Smartphone Access to Corporate NetworksIcomm Technologies
 
Securing Internet of Things
Securing Internet of ThingsSecuring Internet of Things
Securing Internet of ThingsRishabh Sharma
 
R1 - Slides
R1 - SlidesR1 - Slides
R1 - SlidesezSec
 
Rapid7 Report: Security Flaws in Universal Plug and Play: Unplug, Don't Play.
Rapid7 Report: Security Flaws in Universal Plug and Play: Unplug, Don't Play.Rapid7 Report: Security Flaws in Universal Plug and Play: Unplug, Don't Play.
Rapid7 Report: Security Flaws in Universal Plug and Play: Unplug, Don't Play.Rapid7
 
2015 ISA Calgary Show: IACS Cyber Incident Preparation
2015 ISA Calgary Show: IACS Cyber Incident Preparation2015 ISA Calgary Show: IACS Cyber Incident Preparation
2015 ISA Calgary Show: IACS Cyber Incident PreparationCimation
 
IoT Mobility Forensics
IoT Mobility ForensicsIoT Mobility Forensics
IoT Mobility ForensicsSabidur Rahman
 
Developing a Protection Profile for Smart TV
Developing a Protection Profile for Smart TVDeveloping a Protection Profile for Smart TV
Developing a Protection Profile for Smart TVSeungjoo Kim
 

Recommended

Final ppt
Final pptFinal ppt
Final pptPradeep R
 
Controlling Laptop and Smartphone Access to Corporate Networks
Controlling Laptop and Smartphone Access to Corporate NetworksControlling Laptop and Smartphone Access to Corporate Networks
Controlling Laptop and Smartphone Access to Corporate NetworksIcomm Technologies
 
Securing Internet of Things
Securing Internet of ThingsSecuring Internet of Things
Securing Internet of ThingsRishabh Sharma
 
R1 - Slides
R1 - SlidesR1 - Slides
R1 - SlidesezSec
 
Rapid7 Report: Security Flaws in Universal Plug and Play: Unplug, Don't Play.
Rapid7 Report: Security Flaws in Universal Plug and Play: Unplug, Don't Play.Rapid7 Report: Security Flaws in Universal Plug and Play: Unplug, Don't Play.
Rapid7 Report: Security Flaws in Universal Plug and Play: Unplug, Don't Play.Rapid7
 
2015 ISA Calgary Show: IACS Cyber Incident Preparation
2015 ISA Calgary Show: IACS Cyber Incident Preparation2015 ISA Calgary Show: IACS Cyber Incident Preparation
2015 ISA Calgary Show: IACS Cyber Incident PreparationCimation
 
IoT Mobility Forensics
IoT Mobility ForensicsIoT Mobility Forensics
IoT Mobility ForensicsSabidur Rahman
 
Developing a Protection Profile for Smart TV
Developing a Protection Profile for Smart TVDeveloping a Protection Profile for Smart TV
Developing a Protection Profile for Smart TVSeungjoo Kim
 
Innovative Solutions for AREA Surveillance & Intrusion Detection
Innovative Solutions for AREA Surveillance & Intrusion DetectionInnovative Solutions for AREA Surveillance & Intrusion Detection
Innovative Solutions for AREA Surveillance & Intrusion DetectionTristan Wiggill
 
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT SecurityCableLabs
 
Smart TV Security - #1984 in 21st century -
Smart TV Security - #1984 in 21st century -Smart TV Security - #1984 in 21st century -
Smart TV Security - #1984 in 21st century -Seungjoo Kim
 
Mobile security - Intense overview
Mobile security - Intense overviewMobile security - Intense overview
Mobile security - Intense overviewPrivateWave Italia SpA
 
Internet of Things: Challenges and Issues
Internet of Things: Challenges and IssuesInternet of Things: Challenges and Issues
Internet of Things: Challenges and Issuesrjain51
 
No Safety Without Security
No Safety Without SecurityNo Safety Without Security
No Safety Without SecuritySecurity Innovation
 
Hacking Internet of Things (IoT)
Hacking Internet of Things (IoT)Hacking Internet of Things (IoT)
Hacking Internet of Things (IoT)SecPod Technologies
 
Introduction to contact tracing apps and privacy issues
Introduction to contact tracing apps and privacy issuesIntroduction to contact tracing apps and privacy issues
Introduction to contact tracing apps and privacy issuesChristian Spolaore
 
Security as a top of mind issue for mobile application development
Security as a top of mind issue for mobile application developmentSecurity as a top of mind issue for mobile application development
Security as a top of mind issue for mobile application developmentȘtefan Popa
 
Mobile containers - The good, the bad and the ugly
Mobile containers - The good, the bad and the uglyMobile containers - The good, the bad and the ugly
Mobile containers - The good, the bad and the uglyPriyanka Aash
 
Anonymizers
AnonymizersAnonymizers
AnonymizersGregory Hanis
 
IoT Security Risks and Challenges
IoT Security Risks and ChallengesIoT Security Risks and Challenges
IoT Security Risks and ChallengesOWASP Delhi
 
How to assign a CVE to yourself?
How to assign a CVE to yourself?How to assign a CVE to yourself?
How to assign a CVE to yourself?Ramin Farajpour Cami
 
OLD - altOS Secure Mobile Platform - Public
OLD - altOS Secure Mobile Platform - PublicOLD - altOS Secure Mobile Platform - Public
OLD - altOS Secure Mobile Platform - PublicSimon Hartley
 
How Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat DetectionHow Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat DetectionNowSecure
 
NewsByte Mumbai October 2017
NewsByte Mumbai October 2017NewsByte Mumbai October 2017
NewsByte Mumbai October 2017chauhananand17
 
The Internet of Things – Good, Bad or Just Plain Ugly?
The Internet of Things – Good, Bad or Just Plain Ugly?The Internet of Things – Good, Bad or Just Plain Ugly?
The Internet of Things – Good, Bad or Just Plain Ugly?Yasmin AbdelAziz
 
SE-4063, Leveraging Fingerprint Biometric Authentication to Streamline Secure...
SE-4063, Leveraging Fingerprint Biometric Authentication to Streamline Secure...SE-4063, Leveraging Fingerprint Biometric Authentication to Streamline Secure...
SE-4063, Leveraging Fingerprint Biometric Authentication to Streamline Secure...AMD Developer Central
 
Mobile Apps The Essentials
Mobile Apps The EssentialsMobile Apps The Essentials
Mobile Apps The EssentialsGlenn McKnight
 
Air Tight Airport Wi Fi Scan Analysis
Air Tight Airport Wi Fi Scan AnalysisAir Tight Airport Wi Fi Scan Analysis
Air Tight Airport Wi Fi Scan AnalysisAirTight Networks
 
LPWan 101
LPWan 101LPWan 101
LPWan 101David Fowler
 
01
0101
01Hsiao-ling Chang
 

More Related Content

What's hot

Innovative Solutions for AREA Surveillance & Intrusion Detection
Innovative Solutions for AREA Surveillance & Intrusion DetectionInnovative Solutions for AREA Surveillance & Intrusion Detection
Innovative Solutions for AREA Surveillance & Intrusion DetectionTristan Wiggill
 
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT SecurityCableLabs
 
Smart TV Security - #1984 in 21st century -
Smart TV Security - #1984 in 21st century -Smart TV Security - #1984 in 21st century -
Smart TV Security - #1984 in 21st century -Seungjoo Kim
 
Internet of Things: Challenges and Issues
Internet of Things: Challenges and IssuesInternet of Things: Challenges and Issues
Internet of Things: Challenges and Issuesrjain51
 
Hacking Internet of Things (IoT)
Hacking Internet of Things (IoT)Hacking Internet of Things (IoT)
Hacking Internet of Things (IoT)SecPod Technologies
 
Introduction to contact tracing apps and privacy issues
Introduction to contact tracing apps and privacy issuesIntroduction to contact tracing apps and privacy issues
Introduction to contact tracing apps and privacy issuesChristian Spolaore
 
Security as a top of mind issue for mobile application development
Security as a top of mind issue for mobile application developmentSecurity as a top of mind issue for mobile application development
Security as a top of mind issue for mobile application developmentȘtefan Popa
 
Mobile containers - The good, the bad and the ugly
Mobile containers - The good, the bad and the uglyMobile containers - The good, the bad and the ugly
Mobile containers - The good, the bad and the uglyPriyanka Aash
 
IoT Security Risks and Challenges
IoT Security Risks and ChallengesIoT Security Risks and Challenges
IoT Security Risks and ChallengesOWASP Delhi
 
OLD - altOS Secure Mobile Platform - Public
OLD - altOS Secure Mobile Platform - PublicOLD - altOS Secure Mobile Platform - Public
OLD - altOS Secure Mobile Platform - PublicSimon Hartley
 
How Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat DetectionHow Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat DetectionNowSecure
 
NewsByte Mumbai October 2017
NewsByte Mumbai October 2017NewsByte Mumbai October 2017
NewsByte Mumbai October 2017chauhananand17
 
The Internet of Things – Good, Bad or Just Plain Ugly?
The Internet of Things – Good, Bad or Just Plain Ugly?The Internet of Things – Good, Bad or Just Plain Ugly?
The Internet of Things – Good, Bad or Just Plain Ugly?Yasmin AbdelAziz
 
SE-4063, Leveraging Fingerprint Biometric Authentication to Streamline Secure...
SE-4063, Leveraging Fingerprint Biometric Authentication to Streamline Secure...SE-4063, Leveraging Fingerprint Biometric Authentication to Streamline Secure...
SE-4063, Leveraging Fingerprint Biometric Authentication to Streamline Secure...AMD Developer Central
 
Mobile Apps The Essentials
Mobile Apps The EssentialsMobile Apps The Essentials
Mobile Apps The EssentialsGlenn McKnight
 
Air Tight Airport Wi Fi Scan Analysis
Air Tight Airport Wi Fi Scan AnalysisAir Tight Airport Wi Fi Scan Analysis
Air Tight Airport Wi Fi Scan AnalysisAirTight Networks
 

What's hot (20)

Innovative Solutions for AREA Surveillance & Intrusion Detection
Innovative Solutions for AREA Surveillance & Intrusion DetectionInnovative Solutions for AREA Surveillance & Intrusion Detection
Innovative Solutions for AREA Surveillance & Intrusion Detection
 
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security
 
Smart TV Security - #1984 in 21st century -
Smart TV Security - #1984 in 21st century -Smart TV Security - #1984 in 21st century -
Smart TV Security - #1984 in 21st century -
 
Mobile security - Intense overview
Mobile security - Intense overviewMobile security - Intense overview
Mobile security - Intense overview
 
Internet of Things: Challenges and Issues
Internet of Things: Challenges and IssuesInternet of Things: Challenges and Issues
Internet of Things: Challenges and Issues
 
No Safety Without Security
No Safety Without SecurityNo Safety Without Security
No Safety Without Security
 
Hacking Internet of Things (IoT)
Hacking Internet of Things (IoT)Hacking Internet of Things (IoT)
Hacking Internet of Things (IoT)
 
Introduction to contact tracing apps and privacy issues
Introduction to contact tracing apps and privacy issuesIntroduction to contact tracing apps and privacy issues
Introduction to contact tracing apps and privacy issues
 
Security as a top of mind issue for mobile application development
Security as a top of mind issue for mobile application developmentSecurity as a top of mind issue for mobile application development
Security as a top of mind issue for mobile application development
 
Mobile containers - The good, the bad and the ugly
Mobile containers - The good, the bad and the uglyMobile containers - The good, the bad and the ugly
Mobile containers - The good, the bad and the ugly
 
Anonymizers
AnonymizersAnonymizers
Anonymizers
 
IoT Security Risks and Challenges
IoT Security Risks and ChallengesIoT Security Risks and Challenges
IoT Security Risks and Challenges
 
How to assign a CVE to yourself?
How to assign a CVE to yourself?How to assign a CVE to yourself?
How to assign a CVE to yourself?
 
OLD - altOS Secure Mobile Platform - Public
OLD - altOS Secure Mobile Platform - PublicOLD - altOS Secure Mobile Platform - Public
OLD - altOS Secure Mobile Platform - Public
 
How Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat DetectionHow Android and iOS Security Enhancements Complicate Threat Detection
How Android and iOS Security Enhancements Complicate Threat Detection
 
NewsByte Mumbai October 2017
NewsByte Mumbai October 2017NewsByte Mumbai October 2017
NewsByte Mumbai October 2017
 
The Internet of Things – Good, Bad or Just Plain Ugly?
The Internet of Things – Good, Bad or Just Plain Ugly?The Internet of Things – Good, Bad or Just Plain Ugly?
The Internet of Things – Good, Bad or Just Plain Ugly?
 
SE-4063, Leveraging Fingerprint Biometric Authentication to Streamline Secure...
SE-4063, Leveraging Fingerprint Biometric Authentication to Streamline Secure...SE-4063, Leveraging Fingerprint Biometric Authentication to Streamline Secure...
SE-4063, Leveraging Fingerprint Biometric Authentication to Streamline Secure...
 
Mobile Apps The Essentials
Mobile Apps The EssentialsMobile Apps The Essentials
Mobile Apps The Essentials
 
Air Tight Airport Wi Fi Scan Analysis
Air Tight Airport Wi Fi Scan AnalysisAir Tight Airport Wi Fi Scan Analysis
Air Tight Airport Wi Fi Scan Analysis
 

Viewers also liked

Paving the path to Narrowband 5G with LTE IoT
Paving the path to Narrowband 5G with LTE IoTPaving the path to Narrowband 5G with LTE IoT
Paving the path to Narrowband 5G with LTE IoTQualcomm Research
 
mbed Connect Asia 2016 Securing IoT with the ARM mbed ecosystem
mbed Connect Asia 2016 Securing IoT with the ARM mbed ecosystemmbed Connect Asia 2016 Securing IoT with the ARM mbed ecosystem
mbed Connect Asia 2016 Securing IoT with the ARM mbed ecosystemarmmbed
 
mbed Connect Asia 2016 Developing IoT devices with mbed OS 5
mbed Connect Asia 2016 Developing IoT devices with mbed OS 5mbed Connect Asia 2016 Developing IoT devices with mbed OS 5
mbed Connect Asia 2016 Developing IoT devices with mbed OS 5armmbed
 

Viewers also liked (6)

LPWan 101
LPWan 101LPWan 101
LPWan 101
 
01
0101
01
 
LoRa and NB-IoT
LoRa and NB-IoT LoRa and NB-IoT
LoRa and NB-IoT
 
Paving the path to Narrowband 5G with LTE IoT
Paving the path to Narrowband 5G with LTE IoTPaving the path to Narrowband 5G with LTE IoT
Paving the path to Narrowband 5G with LTE IoT
 
mbed Connect Asia 2016 Securing IoT with the ARM mbed ecosystem
mbed Connect Asia 2016 Securing IoT with the ARM mbed ecosystemmbed Connect Asia 2016 Securing IoT with the ARM mbed ecosystem
mbed Connect Asia 2016 Securing IoT with the ARM mbed ecosystem
 
mbed Connect Asia 2016 Developing IoT devices with mbed OS 5
mbed Connect Asia 2016 Developing IoT devices with mbed OS 5mbed Connect Asia 2016 Developing IoT devices with mbed OS 5
mbed Connect Asia 2016 Developing IoT devices with mbed OS 5
 

Similar to Securing Your Wearable Tech Brand

Privacy and security in IoT
Privacy and security in IoTPrivacy and security in IoT
Privacy and security in IoTVasco Veloso
 
IoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalIoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalFrank Siepmann
 
Three Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security SuperheroThree Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security SuperheroSkycure
 
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...IJCSIS Research Publications
 
The Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatThe Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatDuo Security
 
IoT Vulnerability Analysis and IOT In security Controls
IoT Vulnerability Analysis and IOT In security ControlsIoT Vulnerability Analysis and IOT In security Controls
IoT Vulnerability Analysis and IOT In security ControlsJay Nagar
 
Mobile Commerce: A Security Perspective
Mobile Commerce: A Security PerspectiveMobile Commerce: A Security Perspective
Mobile Commerce: A Security PerspectivePragati Rai
 
[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT Success[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT SuccessElectric Imp
 
i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...
i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...
i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...ProductNation/iSPIRT
 
Bolstering the security of iiot applications – how to go about it
Bolstering the security of iiot applications – how to go about it Bolstering the security of iiot applications – how to go about it
Bolstering the security of iiot applications – how to go about it Moon Technolabs Pvt. Ltd.
 
Internet of things, and rise of ibeacons
Internet of things, and rise of ibeaconsInternet of things, and rise of ibeacons
Internet of things, and rise of ibeaconsJanusz Chudzynski
 
IoT Software Testing Challenges: The IoT World Is Really Different
IoT Software Testing Challenges: The IoT World Is Really DifferentIoT Software Testing Challenges: The IoT World Is Really Different
IoT Software Testing Challenges: The IoT World Is Really DifferentTechWell
 
WEEK5 Mobile Device Security 31032022.pdf
WEEK5 Mobile Device Security 31032022.pdfWEEK5 Mobile Device Security 31032022.pdf
WEEK5 Mobile Device Security 31032022.pdfSetiya Nugroho
 
Self-Driving Cars, Smart Watches and Heads-Up Displays... Oh My!
Self-Driving Cars, Smart Watches and Heads-Up Displays... Oh My! Self-Driving Cars, Smart Watches and Heads-Up Displays... Oh My!
Self-Driving Cars, Smart Watches and Heads-Up Displays... Oh My! Laurie Lamberth
 
Internet of things(iot)
Internet of things(iot)Internet of things(iot)
Internet of things(iot)SimiAttri
 
LIFT OFF 2017: IoT and MSS Deep Dive
LIFT OFF 2017: IoT and MSS Deep DiveLIFT OFF 2017: IoT and MSS Deep Dive
LIFT OFF 2017: IoT and MSS Deep DiveRobert Herjavec
 

Similar to Securing Your Wearable Tech Brand (20)

Privacy and security in IoT
Privacy and security in IoTPrivacy and security in IoT
Privacy and security in IoT
 
IoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalIoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 final
 
AirTight Networks - Wireless Security 2011
AirTight Networks - Wireless Security 2011AirTight Networks - Wireless Security 2011
AirTight Networks - Wireless Security 2011
 
The Internet of Things
The Internet of ThingsThe Internet of Things
The Internet of Things
 
Three Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security SuperheroThree Secrets to Becoming a Mobile Security Superhero
Three Secrets to Becoming a Mobile Security Superhero
 
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
 
The Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatThe Internet of Things: We've Got to Chat
The Internet of Things: We've Got to Chat
 
IoT Vulnerability Analysis and IOT In security Controls
IoT Vulnerability Analysis and IOT In security ControlsIoT Vulnerability Analysis and IOT In security Controls
IoT Vulnerability Analysis and IOT In security Controls
 
Mobile Commerce: A Security Perspective
Mobile Commerce: A Security PerspectiveMobile Commerce: A Security Perspective
Mobile Commerce: A Security Perspective
 
[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT Success[Webinar] Why Security Certification is Crucial for IoT Success
[Webinar] Why Security Certification is Crucial for IoT Success
 
i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...
i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...
i7 Networks - Presentation at Zensar #TechShowcase - An iSPIRT ProductNation ...
 
Bolstering the security of iiot applications – how to go about it
Bolstering the security of iiot applications – how to go about it Bolstering the security of iiot applications – how to go about it
Bolstering the security of iiot applications – how to go about it
 
Internet of things, and rise of ibeacons
Internet of things, and rise of ibeaconsInternet of things, and rise of ibeacons
Internet of things, and rise of ibeacons
 
IoT Software Testing Challenges: The IoT World Is Really Different
IoT Software Testing Challenges: The IoT World Is Really DifferentIoT Software Testing Challenges: The IoT World Is Really Different
IoT Software Testing Challenges: The IoT World Is Really Different
 
Evento 15 aprile
Evento 15 aprileEvento 15 aprile
Evento 15 aprile
 
WEEK5 Mobile Device Security 31032022.pdf
WEEK5 Mobile Device Security 31032022.pdfWEEK5 Mobile Device Security 31032022.pdf
WEEK5 Mobile Device Security 31032022.pdf
 
Self-Driving Cars, Smart Watches and Heads-Up Displays... Oh My!
Self-Driving Cars, Smart Watches and Heads-Up Displays... Oh My! Self-Driving Cars, Smart Watches and Heads-Up Displays... Oh My!
Self-Driving Cars, Smart Watches and Heads-Up Displays... Oh My!
 
Internet of things(iot)
Internet of things(iot)Internet of things(iot)
Internet of things(iot)
 
LIFT OFF 2017: IoT and MSS Deep Dive
LIFT OFF 2017: IoT and MSS Deep DiveLIFT OFF 2017: IoT and MSS Deep Dive
LIFT OFF 2017: IoT and MSS Deep Dive
 
Aca presentation arm_
Aca presentation arm_Aca presentation arm_
Aca presentation arm_
 

Recently uploaded

Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Sheetaleventcompany
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)Damian Radcliffe
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Dana Luther
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Roomishabajaj13
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts servicevipmodelshub1
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Roomdivyansh0kumar0
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024APNIC
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$kojalkojal131
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebJames Anderson
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsThierry TROUIN ☁
 
Gram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaGram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaimessage0108
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...Diya Sharma
 
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Callshivangimorya083
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGAPNIC
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 

Recently uploaded (20)

Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
 
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with Flows
 
Gram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaGram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of india
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
 
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
 

Securing Your Wearable Tech Brand

  • 1. 1Spirent Communications PROPRIETARY AND CONFIDENTIAL Securing your wearable tech brand Rahul Gupta – Market segment manager 30th March 2016 Making IoT adoption Simple, Safe & Secure
  • 2. 2Spirent Communications PROPRIETARY AND CONFIDENTIAL Internet Of Things (IoT) Challenges Management & control of remote devices in the field for 10+ years New security threats, vulnerabilities & attack surfaces Multiple standards initiatives which lack unification & ratification Volume/Variety of devices requiring different Testing, Qualification & Quality New developers who lack expertise in network coms, IP/IT security etc. Chrysler Jeep hacked over internet (July 2015) Explosion in number of connections & diverse call models to the Network
  • 3. 3Spirent Communications PROPRIETARY AND CONFIDENTIAL IoT connectivity Source : uBlox
  • 4. 4Spirent Communications Wearable drone control Source : Postscapes.com
  • 5. 5Spirent Communications Wearable controlled cars “Volvo owners will be able to talk to their car via their Microsoft Band 2, allowing them to instruct their vehicle to perform tasks including, setting the navigation, starting the heater, locking the doors, flashing the lights or sounding the horn via Volvo’s mobile app Volvo on Call and the connected wearable device” Source : Trafficsafe.org Jan’16
  • 7. 7Spirent Communications Fitbit user accounts attacked Source : CNBC Jan’16 The hackers also gained access to Fitbit users' GPS history, "which shows where a person regularly runs or cycles, as well as data showing what time a person usually goes to sleep,"
  • 8. 8Spirent Communications The smartphone pairing  Hackers can use malicious apps do a variety of things from making phone calls without your permission, sending and receiving texts and extracting personal information—all potentially without your knowledge. They can also, with the help of your wearable, track your location through GPS and record any health issues you’ve entered into your wearable. The point is: once they have permissions to your mobile device, they have a lot of control and a lot of resources.  The hacker can then use this data to conduct varying forms of fraud. Need a special prescription from your doctor that happens to sell well on the black market? Well, so does the hacker. Going out for a jog in the morning? Good information for a burglar to know. These personal details just scratch the surface of information available for the taking on your mobile devices.
  • 9. 9Spirent Communications BT & Wi-Fi connections  Bluetooth and Wi-Fi communication between wearable devices and paired smartphones is another area of vulnerability for enterprise data.  Recently, security firm BitDefender demonstrated that the Bluetooth communication between Android devices and smartphones could be deciphered using brute-force attacks.  Rather than focusing in on software vulnerabilities, hackers opt for persistent trial and error, trying username and password combinations until they crack the code and are able to access contents stored on devices.
  • 10. 10Spirent Communications PROPRIETARY AND CONFIDENTIAL Increasing use of GPS receivers in IoT applications  Tracking People and Pets (For Health and Safety)  For kids and the elderly  Real-time accurate positions required  Wearable devices required with high-level of accuracy  Monitoring environment  Sensors positioned to monitor air quality, seismic events, etc  May be positioned in GNSS-difficult locations Important to Test location-aware devices integrating GPS receivers  GPS chipsets have various levels of quality: Accuracy, Precision, Integrity  Errors: Multipath, Atmospheric, RF Interference, System, Timing and more  Ensure your devices are fully tested for GNSS vulnerabilities
  • 11. 11Spirent Communications PROPRIETARY AND CONFIDENTIAL Overview of GPS GNSS Vulnerabilities
  • 12. 12Spirent Communications PROPRIETARY AND CONFIDENTIAL …common problems Map issues No position Sensor fusion algorithm prioritiesMultipath errors Signal selectionPoor performance in city High errors Wrong time Antenna problems Errors indoors? Position jumps Interference
  • 13. 13Spirent Communications GPS Disruption – Real atmospheric events  UK June 2015 Reports that some GPS receivers were affected by at least one (of the two) solar weather events experienced in June 2015 (mid-level solar flare)  USA December 2006 Solar radio bursts during December 2006 were sufficiently intense to be measurable with GPS receivers. This event was about 10 times larger than any previously reported event. The strength of the event was especially surprising since the solar radio bursts occurred near solar minimum. Civilian dual frequency GPS receivers were the most severely affected
  • 14. 15Spirent Communications • Michael Robinson – DEFCON 23, August 2015 • Demonstrated effect of disrupted (jammed) GPS Signal on a drone… • Drone reverted to Non-GPS flying mode but before it did…. • …Video feed started to jitter and video feeds were tagged as “unstable” • Video synch required precise timing from GPS GPS jamming – unexpected behaviour GPS Interference can cause unexpected behaviour in an unprotected system
  • 15. 16Spirent Communications GPS Spoofing demonstrated at Hacker’s convention  DEFCON 23, Las Vegas…  Huang and Yang spoof a drone’s GPS co-ordinates  The drone is geo-fenced and cannot fly in a forbidden area….  But with spoofed co-ordinates it can!
  • 16. 17Spirent Communications Availability of hacking tools Goo Buy – China Feb 2016…. Amazon Japan Store Feb 2015… Cheap Jammers now available from mainstream internet stores worldwide Amazon UK Store Dec 2015…. Unknown, USA
  • 17. 18Spirent Communications • Low-cost Software Defined Radio boards are easy to procure – not designed for “Reverse Radio Hacking” but ideally suited as a platform to do this • Used with Open Source Code - readily available on the internet for– • GPS transmitter (spoofer or repeater) • GPS Receiver (legitimate) • Previous attempts at GPS spoofing have all used more expensive custom hardware. Generating replica GNSS signals
  • 18. 19Spirent Communications How are GPS GNSS threats evolving?  Information Security categories apply to GNSS situation (Source: SANS Institute)  Unstructured Hacker  Structured Hacker  Organised crime/industrial espionage  Insider  Unfunded terrorist group  Funded terrorist group  Nation State  GNSS threat evolution has strong parallels with evolution of Information Security threats (Theunissen, 2014)  Currently no “responsible disclosure” for GNSS threats and vulnerabilities LikelySeverity ofimpact Low Very High
  • 19. 20Spirent Communications PROPRIETARY AND CONFIDENTIAL IoT GPS GNSS Cyber Security Risk Assessment Test vs threats Implement mitigation strategy Use the most appropriate and cost effective improvement areas….. Detection and characterisation of environment
  • 20. 21Spirent Communications PROPRIETARY AND CONFIDENTIAL IoT Security Testing • Compliance level scans (i.e. OWASP, SANS 20) • Attack surface and connectivity testing • Stack hardening (Fuzzing) • Malware testing • Penetration (PEN) testing • Privacy data testing • Blended volumetric attack testing (i.e. multiple DDoS) • Load & stress testing • Security audits (Ethical Hacking) • Horizontal & vertical privilege escalations • Static code analysis Spirent Cyber Security Test Services Lab testing Live testing Remote testing Field testing
  • 21. 22Spirent Communications PROPRIETARY AND CONFIDENTIAL Customer Challenges and Our Solutions Develop IoT Devices & Applications Operate & Optimize IoT Networks & Applications Customer Challenges Our Solutions Simple developers test tools Embedded software to speed development Embedded software to facilitate connection & configuration Tests & services to quickly qualify devices & applications Analytics to detect performance & security issues
  • 22. 23Spirent Communications PROPRIETARY AND CONFIDENTIAL IoT Community & IoT SLAM Internet of Things Community: virtual worldwide community (Spirent is founder member & chair) • Hosted via social business network “LinkedIn” • Over ~11,500 members • Environment for collaboration, sharing & influence • Holds virtual & in-person events/forums http://iotslam.com/
  • 23. 24Spirent Communications PROPRIETARY AND CONFIDENTIAL © Spirent Communications, Inc. All of the company names and/or brand names and/or product names and/or logos referred to in this document, in particular the name “Spirent” and its logo device, are either registered trademarks or trademarks pending registration in accordance with relevant national laws. All rights reserved. spirent.com Thank you • Join the GNSS Vulnerabilities group on LinkedIn to find out more about GNSS jamming and spoofing and join the discussion