internet of things a hacker perspective ieee cyber science ... · internet of things a hacker...
TRANSCRIPT
![Page 1: INTERNET OF THINGS A HACKER PERSPECTIVE IEEE CYBER SCIENCE ... · internet of things a hacker perspective ieee cyber science 2018 jens myrup pedersen, jens@es.aau.dk associate professor,](https://reader035.vdocuments.net/reader035/viewer/2022070805/5f03dc447e708231d40b1f7d/html5/thumbnails/1.jpg)
INTERNET OF THINGS
A HACKER PERSPECTIVE
IEEE CYBER SCIENCE 2018
JENS MYRUP PEDERSEN, [email protected]
ASSOCIATE PROFESSOR, AALBORG UNIVERSITY
![Page 2: INTERNET OF THINGS A HACKER PERSPECTIVE IEEE CYBER SCIENCE ... · internet of things a hacker perspective ieee cyber science 2018 jens myrup pedersen, jens@es.aau.dk associate professor,](https://reader035.vdocuments.net/reader035/viewer/2022070805/5f03dc447e708231d40b1f7d/html5/thumbnails/2.jpg)
Internet of Things is here!
Smart city, smart transport, smart industry, smart grid…
![Page 3: INTERNET OF THINGS A HACKER PERSPECTIVE IEEE CYBER SCIENCE ... · internet of things a hacker perspective ieee cyber science 2018 jens myrup pedersen, jens@es.aau.dk associate professor,](https://reader035.vdocuments.net/reader035/viewer/2022070805/5f03dc447e708231d40b1f7d/html5/thumbnails/3.jpg)
“Life can only be understood backwards, but it must be
lived forwards”• But can we learn anything from Mirai?
![Page 4: INTERNET OF THINGS A HACKER PERSPECTIVE IEEE CYBER SCIENCE ... · internet of things a hacker perspective ieee cyber science 2018 jens myrup pedersen, jens@es.aau.dk associate professor,](https://reader035.vdocuments.net/reader035/viewer/2022070805/5f03dc447e708231d40b1f7d/html5/thumbnails/4.jpg)
IoT is today an easy target…
![Page 5: INTERNET OF THINGS A HACKER PERSPECTIVE IEEE CYBER SCIENCE ... · internet of things a hacker perspective ieee cyber science 2018 jens myrup pedersen, jens@es.aau.dk associate professor,](https://reader035.vdocuments.net/reader035/viewer/2022070805/5f03dc447e708231d40b1f7d/html5/thumbnails/5.jpg)
And even professional systems are largely unsecure
![Page 6: INTERNET OF THINGS A HACKER PERSPECTIVE IEEE CYBER SCIENCE ... · internet of things a hacker perspective ieee cyber science 2018 jens myrup pedersen, jens@es.aau.dk associate professor,](https://reader035.vdocuments.net/reader035/viewer/2022070805/5f03dc447e708231d40b1f7d/html5/thumbnails/6.jpg)
The threat from cyber does not stand alone
• A successful attack requires motivation, knowledge, resources.
• Crucial to understand the attackers: Different attackers, different goals.
![Page 7: INTERNET OF THINGS A HACKER PERSPECTIVE IEEE CYBER SCIENCE ... · internet of things a hacker perspective ieee cyber science 2018 jens myrup pedersen, jens@es.aau.dk associate professor,](https://reader035.vdocuments.net/reader035/viewer/2022070805/5f03dc447e708231d40b1f7d/html5/thumbnails/7.jpg)
Nation states: Strategic goals
![Page 8: INTERNET OF THINGS A HACKER PERSPECTIVE IEEE CYBER SCIENCE ... · internet of things a hacker perspective ieee cyber science 2018 jens myrup pedersen, jens@es.aau.dk associate professor,](https://reader035.vdocuments.net/reader035/viewer/2022070805/5f03dc447e708231d40b1f7d/html5/thumbnails/8.jpg)
Nation states: Strategic goals
![Page 9: INTERNET OF THINGS A HACKER PERSPECTIVE IEEE CYBER SCIENCE ... · internet of things a hacker perspective ieee cyber science 2018 jens myrup pedersen, jens@es.aau.dk associate professor,](https://reader035.vdocuments.net/reader035/viewer/2022070805/5f03dc447e708231d40b1f7d/html5/thumbnails/9.jpg)
Cyber criminals: For profit…
• Ransomware.
• Information theft (identities, credit cards, financial records, pictures).
• Other kinds of blackmail (e.g. using private or confidential information).
• Crypto currency mining.
![Page 10: INTERNET OF THINGS A HACKER PERSPECTIVE IEEE CYBER SCIENCE ... · internet of things a hacker perspective ieee cyber science 2018 jens myrup pedersen, jens@es.aau.dk associate professor,](https://reader035.vdocuments.net/reader035/viewer/2022070805/5f03dc447e708231d40b1f7d/html5/thumbnails/10.jpg)
Cyber criminals – for profit…
![Page 11: INTERNET OF THINGS A HACKER PERSPECTIVE IEEE CYBER SCIENCE ... · internet of things a hacker perspective ieee cyber science 2018 jens myrup pedersen, jens@es.aau.dk associate professor,](https://reader035.vdocuments.net/reader035/viewer/2022070805/5f03dc447e708231d40b1f7d/html5/thumbnails/11.jpg)
What can we expect in the future?
• People LOVE their cheap IoT devices. Also tomorrow.
• Increasing dependencies on IoT.
• Increased capabilities of IoT devices (weaponization).
• Many more devices and more mobility. Bring your own …
• Better opportunities for attackers (both cyber criminals and nation states).
• Certain sectors obvious goals – but not the only ones…
• Even when the obvious holes are closed, there will be a huge market for
zero-days among both cyber criminals and nation states.
• Legislation and risk assessments will push towards more secure solutions,
but this is going to take time…
![Page 12: INTERNET OF THINGS A HACKER PERSPECTIVE IEEE CYBER SCIENCE ... · internet of things a hacker perspective ieee cyber science 2018 jens myrup pedersen, jens@es.aau.dk associate professor,](https://reader035.vdocuments.net/reader035/viewer/2022070805/5f03dc447e708231d40b1f7d/html5/thumbnails/12.jpg)
Is there anything we can do?
• Risk vs. benefits.
• Security by Design (think about security from the beginning).
• Fail safe.
• Encryption and authentication.
• Users are often the weak link (and their influence should be eliminated).
• Processes for patches and updates.
• No silver bullets – segmentation and high walls.
• Attacks can not always be prevented:• Prevent -> Monitor -> Detect -> Mitigate -> Recover
![Page 13: INTERNET OF THINGS A HACKER PERSPECTIVE IEEE CYBER SCIENCE ... · internet of things a hacker perspective ieee cyber science 2018 jens myrup pedersen, jens@es.aau.dk associate professor,](https://reader035.vdocuments.net/reader035/viewer/2022070805/5f03dc447e708231d40b1f7d/html5/thumbnails/13.jpg)
Thank you for your attention