iot security and privacy – sleep-walking into a living nightmare?
TRANSCRIPT
Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved. 1
IoT Security and Privacy – Sleep-Walking into a Living Nightmare?
David Rogers, Copper Horse@drogersukIoTEdinburgh
24th March 2016
http://www.mobilephonesecurity.org
Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved.
Who is Connected to the Future Internet?
2
Source: http://cheezburger.com/8068370944
Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved.
Who is Connected to the Future Internet? (2)
3
Source: http://spectrum.ieee.org/computing/embedded-systems/on-the-internet-of-things-nobody-knows-youre-a-dog
Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved.
What is Home Security?
4
Copyright © 2015 Copper Horse Solutions Ltd. All rights reserved. 5
Opening up Access to Who?
From: http://www.independent.co.uk/news/world/americas/hacker-takes-control-of-ohio-couples-baby-monitor-and-screams-bad-things-9296986.html Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved. 6
Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved.
Connected Lightbulbs
7
WiFi password can be extracted – pivot attack
Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved.
Connected Doorbell
8
WiFi password can be extracted – pivot attack / physical access
Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved.
Wireless Burglar Alarm
9
Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved.
Wireless Burglar Alarm Attack
10
Easily subverted by just removing batteries Solution was to reduce alarm alert time to 0 seconds!
– Home owner forced to use key-fob.
https://www.youtube.com/watch?v=WfSDUOBYUFE
Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved.
Samsung SmartThings Vulnerabilities
11
February 2016 – ZigBee flaws highlighted– Open locks by decrypting signals– Jamming– “Insecure rejoin”
There are other issues!
http://www.forbes.com/sites/thomasbrewster/2016/02/17/samsung-smartthings-vulnerabilities/#ed6d54a4e59d
Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved.
Smart TV Vulnerabilities
12
Privacy – voice control Webcams Software update issued
Connected Pets
War Kitteh Denial of Service Dog
Copyright © 2015 Copper Horse Solutions Ltd. All rights reserved. 13
Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved.
Smart Meters
14
ZigBee, GSM – meter reading Profiling
Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved.
Other Devices
15
Radiator and home thermostats Kettles and kitchen appliances Garage door openers / detectors Garden, plant sensors and food dispensers White goods (e.g. washing machines) Etc!
Copyright © 2013 Copper Horse Solutions Ltd. All rights reserved. 16
Counterfeit / Substandard Devices
Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved.
Near Future Devices
17
Amazon Echo - Alexa
Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved. 18
Connected Home Updates?
Samsung Smart TV Privacy Policy
Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved.
221 pages! Plus other Terms, Nuance privacy policy etc.
Plant / Critical Infrastructure
Copyright © 2015 Copper Horse Solutions Ltd. All rights reserved. 20
Automotive (not just cars!)
Copyright © 2015 Copper Horse Solutions Ltd. All rights reserved. 21
Copyright © 2013 Copper Horse Solutions Ltd. All rights reserved. 22
Make it Safe to Connect
https://iotsecurityfoundation.org/
Thanks!
david.rogers [@] copperhorse.co.uk@drogersuk
@copperhorseuk
Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved. 23