SlideShare ist ein Scribd-Unternehmen logo

Transforming Smart Building Cybersecurity Strategy for the Age of IoT

Forescout Technologies Inc
Forescout Technologies Inc

Using a smart building as their case study, Forescout Research Labs investigated how IoT devices can be leveraged as an entry point to a building’s network, where legacy OT assets, IT systems and IoT devices all intersect. Key findings from our research include: • How the IoT is impacting the organizational threat landscape • The additional risks that IoT devices introduce • How to evolve your cybersecurity strategy for the age of IoT

Technologie
1 von 24
Downloaden Sie, um offline zu lesen
RISE OF THE MACHINES Transforming Cybersecurity Strategy for the Age of IoT This report from the Forescout Research Team explores how IoT devices can be leveraged by attackers in a building’s network, where legacy OT assets, IT systems and IoT devices all intersect. 
2 [1] ABI Research, Internet of Everything Market Tracker, QTR 3, 2018 [2] M. Hung, “Leading the IoT: Gartner Insights on How to Lead in a Connected World,” Gartner, 2017. [Online]. Available: https://www.gartner.com/imagesrv/books/iot/iotEbook_ digital.pdf 2 New Risks from IoT Devices The number of IoT devices in organizational networks is rapidly increasing. These devices are mostly unmanaged, come from a multitude of vendors, use non-standard operating systems, support a diversity of (often insecure) protocols and may dynamically connect to other devices inside or outside the organization’s network. The IoT has already experienced significant growth in the past decade and is expected to reach more than 30 billion connected devices by 2022[1] BY 2020, more than 25% of identified attacks in enterprises will involve the IoT [2]
3 The Internet of Things (IoT) in a Smart Building Consumer-grade IoT devices are entering, and reshaping, the building automation industry. Below is an illustration of IoT devices found within a typical smart building network and how these systems communicate with one another. Workstations IoT Platform Building Management Workstations VIDEO SURVEILLANCE SYSTEM ACCESS CONTROL SYSTEM SMART LIGHTING SYSTEMIoT SYSTEM HVAC SYSTEM IP Camera Building Controller Building Controller Lighting Bridge Smart TV IoT Gateway IoT Gateway NVR Wearable Medical Device Smart Plug Sensor Display Badge Reader Door Lock Thermostat Fan Smart Light Motion Sensor Network Switch TYPICAL SMART BUILDING NETWORK
4 Smart Buildings: Where OT, IT and IoT All Intersect To better understand the current risk landscape for smart buildings and its implications, the Forescout Research Team investigated how video surveillance systems (VSS), smart lighting systems, and other IoT devices could be used by cyber criminals to infiltrate a building network. Video Surveillance System (VSS) Smart Lighting System IoT System
Key Findings How the IoT impacts the cybersecurity landscape for today’s organizations, focusing on the interplay between IoT and legacy OT devices The abuse of a smart building network by exploiting vulnerabilities in a VSS, Philips Hue and the MQTT protocol in a lab setting Specific security challenges from the vulnerabilities in devices like video surveillance systems (VSS), smart lighting systems and IoT systems What organizations can do to reduce risk and better protect their enterprise networks in the age of IoT 5
6 Security Challenges of IoT Devices​ IoT systems, including devices, gateways, and platforms, are notoriously vulnerable to cyberattacks. Attacks against these systems could include: • Exploitation of default or weak credentials: This is notoriously common and simple way for a hacker to gain access to a device or network.​ • Web application and API attacks: This category encompasses methods like database and command injections, directory traversal, and cross-site scripting. These represent the low-hanging fruit for an attacker targeting an IoT device and can be performed in a semi- automatic fashion using available open source tools. ​ • Lower-level exploits: This method targets firmware using tactics like a buffer overflow or memory corruption issues to disable the device or allow arbitrary code execution. ​ • Protocol-based attacks: Attackers can use these to exploit vulnerabilities like the lack of authentication, encryption, and integrity validation to sniff and exfiltrate or tamper with sensitive data. [1]​ [1] Forescout, Rise of the Machines: Transforming Cybersecurity Strategy for the Age of IoT, 2019: https://www.forescout.com/places-in-network/building-automation-system-bas/trans- forming-cybersecurity-strategy-for-the-iot/
7 3 Simple Strategies to Tear Down a Building Network​ To demonstrate how an attacker would exploit vulnerabilities to enter a smart building network using IoT devices, the Forescout team’s lab setup included three systems, video surveillance, smart lighting, and an IoT system. ​ Network Switch AttackerInternet SMART LIGHTING SYSTEMIoT SYSTEM VIDEO SURVEILLANCE SYSTEM IP Camera IP Camera IP Camera IoT Gateway Lighting Bridge Smart Light Motion Sensor Smart Light LAB SETUP
8 Strategy 1: Video Surveillance Systems The precursors of modern video surveillance systems (VSS) were closed-circuit television (CCTV) systems that use analog signals and coax cables to communicate in a closed network. As technology advanced, digital cameras supporting IP communication were integrated into VSSs. Today, many buildings have a hybrid VSS architecture that is quite complex, containing a variety of legacy and new systems.​ Switches / Routers Analog CameraI P Camera (with VMS) Video Encoder DVR NVR IP Camera (with VMS) Analog Camera Analog Camera Analog Camera Analog Camera IP Camera IP Camera IP CameraVideo Decoder MonitorL ocal Server Local Monitoring PC Remote Monitoring PC Remote Server Internet
9 Video Surveillance Systems: The Protocols​ RTSP RTP 9 • Real-time Transport Protocol, usually over UDP​ • Designed for real-time transfer of audio and video data​ • Unidirectional from server (camera) to client (NVR)​ • Secure version SRTP available, but rarely used​ • Real Time Streaming Protocol, usually over TCP​ • Very similar to HTTP​ • Designed to control stream parameters, not deliver the data​ • RTSP communication mandatory before starting to stream​
1010 Video Surveillance Systems: The Vulnerabilities​ Some of the vulnerabilities found in many VSS commonly used in large organizations were:​ Use of unencrypted video streams via RTP/RTSP​ Unwanted communication links between the IT network and the VSS caused by firewall misconfiguration​ Unwanted services and insecure protocols enabled, including FTP and UPnP Weak passwords to access IP cameras Vulnerable cameras [1]​ [1] Forescout, Rise of the Machines: Transforming Cybersecurity Strategy for the Age of IoT, 2019: https://www.forescout.com/places-in-network/building-automation-system-bas/ transforming-cybersecurity-strategy-for-the-iot/
11 Video Surveillance Systems: The Attacks​ Assuming a man-in-the-middle attacker (an attacker inside the network that can sniff and, when necessary, modify packets), the Forescout team successfully carried out two attacks: denial of service and footage replay.​ Denial of service Footage replayLAB
12 Anatomy of the Footage Replay Attack ​ 1. Establish a man in the middle 2. Eavesdrop the traffic and record the video footage 3. Replace RTSP command <get param> with <teardown> 4. Replay the pre-captured stream to the NVR
13 Strategy 2: Smart Lighting Smart lighting systems are connected to a network, which allows them to be monitored and controlled from a central system or via the cloud. For this experiment, the Forescout Research Team used a Philips Hue.​ ​ Wi-Fi Network ZigBee Network Philip Hue System Wi-Fi Router Hue Bridge Smart Light Motion SensorSmart Light
14 Smart Lighting: The Vulnerabilities​ • The Philips Hue uses a dedicated bridge device that connects all lights on its own network. ​ • In order to work with remote systems, the bridge must be connected to a Wi-Fi router, providing a potential network entry point for a malicious actor.​ Wi-Fi Network ZigBee Network Philip Hue System Wi-Fi Router Hue Bridge Smart Light Motion SensorSmart Light
15 Attacking The Philips Hue​ The Philips Hue supports an API that allows a user to interact with a bridge, and therefore the lights, using RESTful HTTP requests. [1]​ Using this API, the Forescout team devised and implemented two types of attacks with a physical consequence: denial of service by switching off the lights and a platform reconfiguration. [1] PenTestPartners, “Hijacking Philips Hue,” [Online]. Available: https://www.pentestpartners.com/security-blog/hijacking-philips-hue/.​ Denial of service Platform reconfiguration LAB
16 Anatomy of the Attacks 1. Sniff a valid API token transmitted in cleartext HTTP 2. Send an HTTP PUT request with the sniffed token and the “off” command:​ PUT http://<bridge_addr>/api/<token>/lights/<number>/state {“on”:false} 3. Automate the request above via script for lights continuously off 4. Optional: use the same valid token to reconfigure the platform and use it as an entry point into the network:​ PUT http://<bridge_addr>/api/<token>/config {“ipaddress”:<ip_addr>, “dhcp”:false, “netmask”:<netmask>, “gateway”:<gtw>} ​
17 Strategy 3: IoT System​ When planning their attack on the IoT system, the Forescout Research Team decided to focus on the messaging (application) layer, specifically on the most widely used protocol in IoT systems, MQTT. [1]​ Publisher Publisher MQTT Broker Subscriber Subscriber MQTT [1] Eclipse IoT Working Group, AGILE IoT, IEEE, and Open Mobile Alliance, “IoT Developer Survey 2018,” 2018. [Online]. Available: https://iot.eclipse.org/resources/iot-developer-survey/ iot-developer-survey-2018.pdf.​
1818 The Vulnerabilities: MQTT​ • MQTT is an M2M connectivity protocol, designed to be lightweight, and is therefore unencrypted.​ • Because of this, it’s highly recommended to use an encrypted transport layer security (TLS) stream on MQTT communications, since unencrypted traffic may disclose sensitive information, including topics, values of data points or even credentials. • However, there are thousands of MQTT servers not using TLS, disclosing sensitive information, as well as allowing remote control, to any client who remotely subscribes to a topic. [1] [2]​ [1] V. Pasknel, “Hacking the IoT with MQTT,” 2017. [Online]. Available: https://morphuslabs.com/hacking-the-iot-with-mqtt-8edaf0d07b9b.​ [2] M. Hron, “Are smart homes vulnerable to hacking?,” Avast, 2018. [Online]. Available: https://blog.avast.com/mqtt-vulnerabilities-hacking-smart-homes.​
19 Exploiting MQTT​ Like the attacks on the video surveillance system, for the case of the IoT system, the Forescout Research Team leveraged a protocol (MQTT), rather than specific devices. Using this method, they devised and implemented two types of attacks: information gathering and denial of service. ​ Information gathering Denial of serviceLAB
20 MQTT: Anatomy of the Attacks​ Information gathering: An attacker can gather information about the IoT network, such as available assets and their ​location, configuration information or even sensitive information like credentials by either passively sniffing traffic or ​ subscribing to interesting topics and receiving published messages. ​ Denial of service: An attacker can flood a broker with connection attempts or heavy payloads, which can be amplified by requiring a higher Quality-of-Service level in the protocol.​
21 CONCLUSION In the age of IoT, legacy security solutions like endpoint agents, antivirus, and traditional IT intrusion detection systems are not enough because either they are unsupported by embedded devices or they are incapable of understanding the network traffic generated by these devices. ​ ​Organizations need to implement solutions that empower them with fully automated visibility and control across their entire enterprise.​ Cybersecurity Strategy Fully automated complete visibility Operational Technology Campus Data Center and Cloud IoT 21
2222 This presentation is a brief summary of an in-depth research report detailing the growth of IoT, possible business risks and cybersecurity strategy planning. ​ ​ Download the “Rise of the Machines: Transforming Cybersecurity Strategy for the Age of IoT” report from the Forescout Research Team to learn more.​ READ THE FULL REPORT Still Curious?
23 About the Researchers Daniel dos Santos holds a PhD in computer science from the University of Trento and has experience in security consulting and research. He is a researcher at Forescout, focusing on vulnerability research and the development of innovative features for SilentDefense.​ Mario Dagrada holds a PhD in computational physics from the University Pierre Marie Curie in Paris and has experience in high performance software development, security and research. He is a researcher at Forescout, focusing on medical device security and the development of innovative features for SilentDefense.​ Michael Yeh holds a joint master’s degree in cybersecurity from the Technical University of Eindhoven and the Radboud University. He worked as an intern at Forescout during the development of this research project.​ Martín Pérez Rodríguez has studied Computer Science & Engineering at the Universidad Politécnica de Madrid and the Technical University of Eindhoven. After his internship, he started working as a DevOps Engineer at Forescout.​ Elisa Costante Elisa Costante holds a PhD in computer science from the Eindhoven University of Technology. She is an expert in IT and OT security and privacy. As director of the Industrial and OT Innovation Technology at Forescout, she drives the execution of pioneering theoretical and experimental work addressing the cyber security challenges posed by the IT/OT convergence. Her tasks include the generation of original content to boost awareness and thought leadership and the identification, building and testing of prototypes for innovative products and services in line with the overall product strategy.
24 About Forescout Connect with us Forescout Technologies is the leader in device visibility and control. Our unified security platform enables enterprises and government agencies to gain complete situational awareness of their extended enterprise environments and orchestrate actions to reduce cyber and operational risk. Forescout products deploy quickly with agentless, real-time discovery and classification, as well as continuous posture assessment. www.forescout.com @Forescout Forescout Technologies

Empfohlen

How Secure Is Your Building Automation System?
How Secure Is Your Building Automation System? How Secure Is Your Building Automation System?
How Secure Is Your Building Automation System?
Forescout Technologies Inc
 
ForeScout IoT Enterprise Risk Report
ForeScout IoT Enterprise Risk ReportForeScout IoT Enterprise Risk Report
ForeScout IoT Enterprise Risk Report
Forescout Technologies Inc
 
Network Access Control (NAC)
Network Access Control (NAC)Network Access Control (NAC)
Network Access Control (NAC)
Forescout Technologies Inc
 
SC Magazine & ForeScout Survey Results
SC Magazine & ForeScout Survey ResultsSC Magazine & ForeScout Survey Results
SC Magazine & ForeScout Survey Results
ForeScout Technologies
 
Symantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionSymantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security Solution
DLT Solutions
 
The Internet of Things Isn't Coming, It's Here
The Internet of Things Isn't Coming, It's HereThe Internet of Things Isn't Coming, It's Here
The Internet of Things Isn't Coming, It's Here
Forescout Technologies Inc
 
Frost & Sullivan Report
Frost & Sullivan ReportFrost & Sullivan Report
Frost & Sullivan Report
Forescout Technologies Inc
 
Physical/Network Access Control
Physical/Network Access ControlPhysical/Network Access Control
Physical/Network Access Control
jwpiccininni
 

Empfohlen

How Secure Is Your Building Automation System?
How Secure Is Your Building Automation System? How Secure Is Your Building Automation System?
How Secure Is Your Building Automation System?
Forescout Technologies Inc
 
ForeScout IoT Enterprise Risk Report
ForeScout IoT Enterprise Risk ReportForeScout IoT Enterprise Risk Report
ForeScout IoT Enterprise Risk Report
Forescout Technologies Inc
 
Network Access Control (NAC)
Network Access Control (NAC)Network Access Control (NAC)
Network Access Control (NAC)
Forescout Technologies Inc
 
SC Magazine & ForeScout Survey Results
SC Magazine & ForeScout Survey ResultsSC Magazine & ForeScout Survey Results
SC Magazine & ForeScout Survey Results
ForeScout Technologies
 
Symantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security SolutionSymantec and ForeScout Delivering a Unified Cyber Security Solution
Symantec and ForeScout Delivering a Unified Cyber Security Solution
DLT Solutions
 
The Internet of Things Isn't Coming, It's Here
The Internet of Things Isn't Coming, It's HereThe Internet of Things Isn't Coming, It's Here
The Internet of Things Isn't Coming, It's Here
Forescout Technologies Inc
 
Frost & Sullivan Report
Frost & Sullivan ReportFrost & Sullivan Report
Frost & Sullivan Report
Forescout Technologies Inc
 
Physical/Network Access Control
Physical/Network Access ControlPhysical/Network Access Control
Physical/Network Access Control
jwpiccininni
 
Throughwave Day 2015 - ForeScout Automated Security Control
Throughwave Day 2015 - ForeScout Automated Security ControlThroughwave Day 2015 - ForeScout Automated Security Control
Throughwave Day 2015 - ForeScout Automated Security Control
Aruj Thirawat
 
DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (Forescout)
DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (Forescout)DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (Forescout)
DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (Forescout)
Andris Soroka
 
Shining a Light on Shadow Devices
Shining a Light on Shadow DevicesShining a Light on Shadow Devices
Shining a Light on Shadow Devices
Forescout Technologies Inc
 
Top 7 Security Measures for IoT Systems
Top 7 Security Measures for IoT Systems Top 7 Security Measures for IoT Systems
Top 7 Security Measures for IoT Systems
Zoe Gilbert
 
Next-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space AgeNext-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space Age
Block Armour
 
Zero Trust Cybersecurity for Microsoft Azure Cloud
Zero Trust Cybersecurity for Microsoft Azure Cloud Zero Trust Cybersecurity for Microsoft Azure Cloud
Zero Trust Cybersecurity for Microsoft Azure Cloud
Block Armour
 
NAC Solution Taarak
NAC Solution TaarakNAC Solution Taarak
NAC Solution Taarak
Mohit8780
 
Solution: Block Armour Secure Remote Access for WFH
Solution: Block Armour Secure Remote Access for WFHSolution: Block Armour Secure Remote Access for WFH
Solution: Block Armour Secure Remote Access for WFH
Block Armour
 
Block Armour Unified Secure Access Solution (based on Zero Trust principles)
Block Armour Unified Secure Access Solution (based on Zero Trust principles)Block Armour Unified Secure Access Solution (based on Zero Trust principles)
Block Armour Unified Secure Access Solution (based on Zero Trust principles)
Block Armour
 
Network Access Control Market Trends, Technological Analysis and Forecast Rep...
Network Access Control Market Trends, Technological Analysis and Forecast Rep...Network Access Control Market Trends, Technological Analysis and Forecast Rep...
Network Access Control Market Trends, Technological Analysis and Forecast Rep...
natjordan6
 
Iot(security)
Iot(security)Iot(security)
Iot(security)
Shreya Pohekar
 
LIFT OFF 2017: Transforming Security
LIFT OFF 2017: Transforming SecurityLIFT OFF 2017: Transforming Security
LIFT OFF 2017: Transforming Security
Robert Herjavec
 
CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...
CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...
CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...
Block Armour
 
IOT Security
IOT SecurityIOT Security
IOT Security
Sylvain Martinez
 
Securing Smart Cities with Blockchain-enabled Zero Trust Cybersecuity
Securing Smart Cities with Blockchain-enabled Zero Trust CybersecuitySecuring Smart Cities with Blockchain-enabled Zero Trust Cybersecuity
Securing Smart Cities with Blockchain-enabled Zero Trust Cybersecuity
Block Armour
 
IoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalIoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 final
Frank Siepmann
 
Nozomi networks-solution brief
Nozomi networks-solution briefNozomi networks-solution brief
Nozomi networks-solution brief
Nozomi Networks
 
Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18
Nozomi Networks
 
CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2
David Spinks
 
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks
 
Development of web-based surveillance system for Internet of Things (IoT) app...
Development of web-based surveillance system for Internet of Things (IoT) app...Development of web-based surveillance system for Internet of Things (IoT) app...
Development of web-based surveillance system for Internet of Things (IoT) app...
journalBEEI
 
IoT Vulnerability Analysis and IOT In security Controls
IoT Vulnerability Analysis and IOT In security ControlsIoT Vulnerability Analysis and IOT In security Controls
IoT Vulnerability Analysis and IOT In security Controls
Jay Nagar
 

Weitere ähnliche Inhalte

Was ist angesagt?

NAC Solution Taarak
NAC Solution TaarakNAC Solution Taarak
NAC Solution Taarak
Mohit8780
 
Solution: Block Armour Secure Remote Access for WFH
Solution: Block Armour Secure Remote Access for WFHSolution: Block Armour Secure Remote Access for WFH
Solution: Block Armour Secure Remote Access for WFH
Block Armour
 
Block Armour Unified Secure Access Solution (based on Zero Trust principles)
Block Armour Unified Secure Access Solution (based on Zero Trust principles)Block Armour Unified Secure Access Solution (based on Zero Trust principles)
Block Armour Unified Secure Access Solution (based on Zero Trust principles)
Block Armour
 
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks
 

Was ist angesagt? (20)

Throughwave Day 2015 - ForeScout Automated Security Control
Throughwave Day 2015 - ForeScout Automated Security ControlThroughwave Day 2015 - ForeScout Automated Security Control
Throughwave Day 2015 - ForeScout Automated Security Control
 
DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (Forescout)
DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (Forescout)DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (Forescout)
DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (Forescout)
 
Shining a Light on Shadow Devices
Shining a Light on Shadow DevicesShining a Light on Shadow Devices
Shining a Light on Shadow Devices
 
Top 7 Security Measures for IoT Systems
Top 7 Security Measures for IoT Systems Top 7 Security Measures for IoT Systems
Top 7 Security Measures for IoT Systems
 
Next-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space AgeNext-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space Age
 
Zero Trust Cybersecurity for Microsoft Azure Cloud
Zero Trust Cybersecurity for Microsoft Azure Cloud Zero Trust Cybersecurity for Microsoft Azure Cloud
Zero Trust Cybersecurity for Microsoft Azure Cloud
 
NAC Solution Taarak
NAC Solution TaarakNAC Solution Taarak
NAC Solution Taarak
 
Solution: Block Armour Secure Remote Access for WFH
Solution: Block Armour Secure Remote Access for WFHSolution: Block Armour Secure Remote Access for WFH
Solution: Block Armour Secure Remote Access for WFH
 
Block Armour Unified Secure Access Solution (based on Zero Trust principles)
Block Armour Unified Secure Access Solution (based on Zero Trust principles)Block Armour Unified Secure Access Solution (based on Zero Trust principles)
Block Armour Unified Secure Access Solution (based on Zero Trust principles)
 
Network Access Control Market Trends, Technological Analysis and Forecast Rep...
Network Access Control Market Trends, Technological Analysis and Forecast Rep...Network Access Control Market Trends, Technological Analysis and Forecast Rep...
Network Access Control Market Trends, Technological Analysis and Forecast Rep...
 
Iot(security)
Iot(security)Iot(security)
Iot(security)
 
LIFT OFF 2017: Transforming Security
LIFT OFF 2017: Transforming SecurityLIFT OFF 2017: Transforming Security
LIFT OFF 2017: Transforming Security
 
CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...
CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...
CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...
 
IOT Security
IOT SecurityIOT Security
IOT Security
 
Securing Smart Cities with Blockchain-enabled Zero Trust Cybersecuity
Securing Smart Cities with Blockchain-enabled Zero Trust CybersecuitySecuring Smart Cities with Blockchain-enabled Zero Trust Cybersecuity
Securing Smart Cities with Blockchain-enabled Zero Trust Cybersecuity
 
IoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalIoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 final
 
Nozomi networks-solution brief
Nozomi networks-solution briefNozomi networks-solution brief
Nozomi networks-solution brief
 
Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18
 
CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2
 
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company Introduction
 

Ähnlich wie Transforming Smart Building Cybersecurity Strategy for the Age of IoT

Development of web-based surveillance system for Internet of Things (IoT) app...
Development of web-based surveillance system for Internet of Things (IoT) app...Development of web-based surveillance system for Internet of Things (IoT) app...
Development of web-based surveillance system for Internet of Things (IoT) app...
journalBEEI
 
IoT Vulnerability Analysis and IOT In security Controls
IoT Vulnerability Analysis and IOT In security ControlsIoT Vulnerability Analysis and IOT In security Controls
IoT Vulnerability Analysis and IOT In security Controls
Jay Nagar
 
Survey of Operating Systems for the IoT Environment
Survey of Operating Systems for the IoT EnvironmentSurvey of Operating Systems for the IoT Environment
Survey of Operating Systems for the IoT Environment
Eswar Publications
 
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
IJCSIS Research Publications
 
What is an IoT Gateway Device & Why It's Important?
What is an IoT Gateway Device & Why It's Important?What is an IoT Gateway Device & Why It's Important?
What is an IoT Gateway Device & Why It's Important?
Embitel Technologies (I) PVT LTD
 
Review of Home Automation Systems and Network Security using IoT
Review of Home Automation Systems and Network Security using IoTReview of Home Automation Systems and Network Security using IoT
Review of Home Automation Systems and Network Security using IoT
ijtsrd
 
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdfNXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
ssuser57b3e5
 
UBIQUITOUS NETWORK TECHNICAL ROOM MONITORING SYSTEM MODEL USING WEB SERVICE
UBIQUITOUS NETWORK TECHNICAL ROOM MONITORING SYSTEM MODEL USING WEB SERVICE UBIQUITOUS NETWORK TECHNICAL ROOM MONITORING SYSTEM MODEL USING WEB SERVICE
UBIQUITOUS NETWORK TECHNICAL ROOM MONITORING SYSTEM MODEL USING WEB SERVICE
cscpconf
 
Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices
IJECEIAES
 

Ähnlich wie Transforming Smart Building Cybersecurity Strategy for the Age of IoT (20)

Development of web-based surveillance system for Internet of Things (IoT) app...
Development of web-based surveillance system for Internet of Things (IoT) app...Development of web-based surveillance system for Internet of Things (IoT) app...
Development of web-based surveillance system for Internet of Things (IoT) app...
 
IoT Vulnerability Analysis and IOT In security Controls
IoT Vulnerability Analysis and IOT In security ControlsIoT Vulnerability Analysis and IOT In security Controls
IoT Vulnerability Analysis and IOT In security Controls
 
Survey of Operating Systems for the IoT Environment
Survey of Operating Systems for the IoT EnvironmentSurvey of Operating Systems for the IoT Environment
Survey of Operating Systems for the IoT Environment
 
Io t first(1)
Io t first(1)Io t first(1)
Io t first(1)
 
Unauthorized Access Detection in IoT using Canary Token Algorithm
Unauthorized Access Detection in IoT using Canary Token AlgorithmUnauthorized Access Detection in IoT using Canary Token Algorithm
Unauthorized Access Detection in IoT using Canary Token Algorithm
 
IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...
IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...
IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...
 
Backdoor Entry to a Windows Computer
Backdoor Entry to a Windows ComputerBackdoor Entry to a Windows Computer
Backdoor Entry to a Windows Computer
 
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
 
What is an IoT Gateway Device & Why It's Important?
What is an IoT Gateway Device & Why It's Important?What is an IoT Gateway Device & Why It's Important?
What is an IoT Gateway Device & Why It's Important?
 
Review of Home Automation Systems and Network Security using IoT
Review of Home Automation Systems and Network Security using IoTReview of Home Automation Systems and Network Security using IoT
Review of Home Automation Systems and Network Security using IoT
 
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdfNXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
 
UBIQUITOUS NETWORK TECHNICAL ROOM MONITORING SYSTEM MODEL USING WEB SERVICE
UBIQUITOUS NETWORK TECHNICAL ROOM MONITORING SYSTEM MODEL USING WEB SERVICE UBIQUITOUS NETWORK TECHNICAL ROOM MONITORING SYSTEM MODEL USING WEB SERVICE
UBIQUITOUS NETWORK TECHNICAL ROOM MONITORING SYSTEM MODEL USING WEB SERVICE
 
Supply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoTSupply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoT
 
Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices
 
Showcase poster
Showcase posterShowcase poster
Showcase poster
 
Karsten Held: Internet Of Things (IOT), SmartBuilding & SmartHome Research (J...
Karsten Held: Internet Of Things (IOT), SmartBuilding & SmartHome Research (J...Karsten Held: Internet Of Things (IOT), SmartBuilding & SmartHome Research (J...
Karsten Held: Internet Of Things (IOT), SmartBuilding & SmartHome Research (J...
 
IoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIoT Security Challenges and Solutions
IoT Security Challenges and Solutions
 
Drobics trustworthy io-t-for-industrial-applications
Drobics trustworthy io-t-for-industrial-applicationsDrobics trustworthy io-t-for-industrial-applications
Drobics trustworthy io-t-for-industrial-applications
 
Aca presentation arm_
Aca presentation arm_Aca presentation arm_
Aca presentation arm_
 
IRJET- Home Automation using IoT: Review
IRJET- Home Automation using IoT: ReviewIRJET- Home Automation using IoT: Review
IRJET- Home Automation using IoT: Review
 

Kürzlich hochgeladen

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Kürzlich hochgeladen (20)

Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 

Transforming Smart Building Cybersecurity Strategy for the Age of IoT

  • 1. RISE OF THE MACHINES Transforming Cybersecurity Strategy for the Age of IoT This report from the Forescout Research Team explores how IoT devices can be leveraged by attackers in a building’s network, where legacy OT assets, IT systems and IoT devices all intersect. 
  • 2. 2 [1] ABI Research, Internet of Everything Market Tracker, QTR 3, 2018 [2] M. Hung, “Leading the IoT: Gartner Insights on How to Lead in a Connected World,” Gartner, 2017. [Online]. Available: https://www.gartner.com/imagesrv/books/iot/iotEbook_ digital.pdf 2 New Risks from IoT Devices The number of IoT devices in organizational networks is rapidly increasing. These devices are mostly unmanaged, come from a multitude of vendors, use non-standard operating systems, support a diversity of (often insecure) protocols and may dynamically connect to other devices inside or outside the organization’s network. The IoT has already experienced significant growth in the past decade and is expected to reach more than 30 billion connected devices by 2022[1] BY 2020, more than 25% of identified attacks in enterprises will involve the IoT [2]
  • 3. 3 The Internet of Things (IoT) in a Smart Building Consumer-grade IoT devices are entering, and reshaping, the building automation industry. Below is an illustration of IoT devices found within a typical smart building network and how these systems communicate with one another. Workstations IoT Platform Building Management Workstations VIDEO SURVEILLANCE SYSTEM ACCESS CONTROL SYSTEM SMART LIGHTING SYSTEMIoT SYSTEM HVAC SYSTEM IP Camera Building Controller Building Controller Lighting Bridge Smart TV IoT Gateway IoT Gateway NVR Wearable Medical Device Smart Plug Sensor Display Badge Reader Door Lock Thermostat Fan Smart Light Motion Sensor Network Switch TYPICAL SMART BUILDING NETWORK
  • 4. 4 Smart Buildings: Where OT, IT and IoT All Intersect To better understand the current risk landscape for smart buildings and its implications, the Forescout Research Team investigated how video surveillance systems (VSS), smart lighting systems, and other IoT devices could be used by cyber criminals to infiltrate a building network. Video Surveillance System (VSS) Smart Lighting System IoT System
  • 5. Key Findings How the IoT impacts the cybersecurity landscape for today’s organizations, focusing on the interplay between IoT and legacy OT devices The abuse of a smart building network by exploiting vulnerabilities in a VSS, Philips Hue and the MQTT protocol in a lab setting Specific security challenges from the vulnerabilities in devices like video surveillance systems (VSS), smart lighting systems and IoT systems What organizations can do to reduce risk and better protect their enterprise networks in the age of IoT 5
  • 6. 6 Security Challenges of IoT Devices​ IoT systems, including devices, gateways, and platforms, are notoriously vulnerable to cyberattacks. Attacks against these systems could include: • Exploitation of default or weak credentials: This is notoriously common and simple way for a hacker to gain access to a device or network.​ • Web application and API attacks: This category encompasses methods like database and command injections, directory traversal, and cross-site scripting. These represent the low-hanging fruit for an attacker targeting an IoT device and can be performed in a semi- automatic fashion using available open source tools. ​ • Lower-level exploits: This method targets firmware using tactics like a buffer overflow or memory corruption issues to disable the device or allow arbitrary code execution. ​ • Protocol-based attacks: Attackers can use these to exploit vulnerabilities like the lack of authentication, encryption, and integrity validation to sniff and exfiltrate or tamper with sensitive data. [1]​ [1] Forescout, Rise of the Machines: Transforming Cybersecurity Strategy for the Age of IoT, 2019: https://www.forescout.com/places-in-network/building-automation-system-bas/trans- forming-cybersecurity-strategy-for-the-iot/
  • 7. 7 3 Simple Strategies to Tear Down a Building Network​ To demonstrate how an attacker would exploit vulnerabilities to enter a smart building network using IoT devices, the Forescout team’s lab setup included three systems, video surveillance, smart lighting, and an IoT system. ​ Network Switch AttackerInternet SMART LIGHTING SYSTEMIoT SYSTEM VIDEO SURVEILLANCE SYSTEM IP Camera IP Camera IP Camera IoT Gateway Lighting Bridge Smart Light Motion Sensor Smart Light LAB SETUP
  • 8. 8 Strategy 1: Video Surveillance Systems The precursors of modern video surveillance systems (VSS) were closed-circuit television (CCTV) systems that use analog signals and coax cables to communicate in a closed network. As technology advanced, digital cameras supporting IP communication were integrated into VSSs. Today, many buildings have a hybrid VSS architecture that is quite complex, containing a variety of legacy and new systems.​ Switches / Routers Analog CameraI P Camera (with VMS) Video Encoder DVR NVR IP Camera (with VMS) Analog Camera Analog Camera Analog Camera Analog Camera IP Camera IP Camera IP CameraVideo Decoder MonitorL ocal Server Local Monitoring PC Remote Monitoring PC Remote Server Internet
  • 9. 9 Video Surveillance Systems: The Protocols​ RTSP RTP 9 • Real-time Transport Protocol, usually over UDP​ • Designed for real-time transfer of audio and video data​ • Unidirectional from server (camera) to client (NVR)​ • Secure version SRTP available, but rarely used​ • Real Time Streaming Protocol, usually over TCP​ • Very similar to HTTP​ • Designed to control stream parameters, not deliver the data​ • RTSP communication mandatory before starting to stream​
  • 10. 1010 Video Surveillance Systems: The Vulnerabilities​ Some of the vulnerabilities found in many VSS commonly used in large organizations were:​ Use of unencrypted video streams via RTP/RTSP​ Unwanted communication links between the IT network and the VSS caused by firewall misconfiguration​ Unwanted services and insecure protocols enabled, including FTP and UPnP Weak passwords to access IP cameras Vulnerable cameras [1]​ [1] Forescout, Rise of the Machines: Transforming Cybersecurity Strategy for the Age of IoT, 2019: https://www.forescout.com/places-in-network/building-automation-system-bas/ transforming-cybersecurity-strategy-for-the-iot/
  • 11. 11 Video Surveillance Systems: The Attacks​ Assuming a man-in-the-middle attacker (an attacker inside the network that can sniff and, when necessary, modify packets), the Forescout team successfully carried out two attacks: denial of service and footage replay.​ Denial of service Footage replayLAB
  • 12. 12 Anatomy of the Footage Replay Attack ​ 1. Establish a man in the middle 2. Eavesdrop the traffic and record the video footage 3. Replace RTSP command <get param> with <teardown> 4. Replay the pre-captured stream to the NVR
  • 13. 13 Strategy 2: Smart Lighting Smart lighting systems are connected to a network, which allows them to be monitored and controlled from a central system or via the cloud. For this experiment, the Forescout Research Team used a Philips Hue.​ ​ Wi-Fi Network ZigBee Network Philip Hue System Wi-Fi Router Hue Bridge Smart Light Motion SensorSmart Light
  • 14. 14 Smart Lighting: The Vulnerabilities​ • The Philips Hue uses a dedicated bridge device that connects all lights on its own network. ​ • In order to work with remote systems, the bridge must be connected to a Wi-Fi router, providing a potential network entry point for a malicious actor.​ Wi-Fi Network ZigBee Network Philip Hue System Wi-Fi Router Hue Bridge Smart Light Motion SensorSmart Light
  • 15. 15 Attacking The Philips Hue​ The Philips Hue supports an API that allows a user to interact with a bridge, and therefore the lights, using RESTful HTTP requests. [1]​ Using this API, the Forescout team devised and implemented two types of attacks with a physical consequence: denial of service by switching off the lights and a platform reconfiguration. [1] PenTestPartners, “Hijacking Philips Hue,” [Online]. Available: https://www.pentestpartners.com/security-blog/hijacking-philips-hue/.​ Denial of service Platform reconfiguration LAB
  • 16. 16 Anatomy of the Attacks 1. Sniff a valid API token transmitted in cleartext HTTP 2. Send an HTTP PUT request with the sniffed token and the “off” command:​ PUT http://<bridge_addr>/api/<token>/lights/<number>/state {“on”:false} 3. Automate the request above via script for lights continuously off 4. Optional: use the same valid token to reconfigure the platform and use it as an entry point into the network:​ PUT http://<bridge_addr>/api/<token>/config {“ipaddress”:<ip_addr>, “dhcp”:false, “netmask”:<netmask>, “gateway”:<gtw>} ​
  • 17. 17 Strategy 3: IoT System​ When planning their attack on the IoT system, the Forescout Research Team decided to focus on the messaging (application) layer, specifically on the most widely used protocol in IoT systems, MQTT. [1]​ Publisher Publisher MQTT Broker Subscriber Subscriber MQTT [1] Eclipse IoT Working Group, AGILE IoT, IEEE, and Open Mobile Alliance, “IoT Developer Survey 2018,” 2018. [Online]. Available: https://iot.eclipse.org/resources/iot-developer-survey/ iot-developer-survey-2018.pdf.​
  • 18. 1818 The Vulnerabilities: MQTT​ • MQTT is an M2M connectivity protocol, designed to be lightweight, and is therefore unencrypted.​ • Because of this, it’s highly recommended to use an encrypted transport layer security (TLS) stream on MQTT communications, since unencrypted traffic may disclose sensitive information, including topics, values of data points or even credentials. • However, there are thousands of MQTT servers not using TLS, disclosing sensitive information, as well as allowing remote control, to any client who remotely subscribes to a topic. [1] [2]​ [1] V. Pasknel, “Hacking the IoT with MQTT,” 2017. [Online]. Available: https://morphuslabs.com/hacking-the-iot-with-mqtt-8edaf0d07b9b.​ [2] M. Hron, “Are smart homes vulnerable to hacking?,” Avast, 2018. [Online]. Available: https://blog.avast.com/mqtt-vulnerabilities-hacking-smart-homes.​
  • 19. 19 Exploiting MQTT​ Like the attacks on the video surveillance system, for the case of the IoT system, the Forescout Research Team leveraged a protocol (MQTT), rather than specific devices. Using this method, they devised and implemented two types of attacks: information gathering and denial of service. ​ Information gathering Denial of serviceLAB
  • 20. 20 MQTT: Anatomy of the Attacks​ Information gathering: An attacker can gather information about the IoT network, such as available assets and their ​location, configuration information or even sensitive information like credentials by either passively sniffing traffic or ​ subscribing to interesting topics and receiving published messages. ​ Denial of service: An attacker can flood a broker with connection attempts or heavy payloads, which can be amplified by requiring a higher Quality-of-Service level in the protocol.​
  • 21. 21 CONCLUSION In the age of IoT, legacy security solutions like endpoint agents, antivirus, and traditional IT intrusion detection systems are not enough because either they are unsupported by embedded devices or they are incapable of understanding the network traffic generated by these devices. ​ ​Organizations need to implement solutions that empower them with fully automated visibility and control across their entire enterprise.​ Cybersecurity Strategy Fully automated complete visibility Operational Technology Campus Data Center and Cloud IoT 21
  • 22. 2222 This presentation is a brief summary of an in-depth research report detailing the growth of IoT, possible business risks and cybersecurity strategy planning. ​ ​ Download the “Rise of the Machines: Transforming Cybersecurity Strategy for the Age of IoT” report from the Forescout Research Team to learn more.​ READ THE FULL REPORT Still Curious?
  • 23. 23 About the Researchers Daniel dos Santos holds a PhD in computer science from the University of Trento and has experience in security consulting and research. He is a researcher at Forescout, focusing on vulnerability research and the development of innovative features for SilentDefense.​ Mario Dagrada holds a PhD in computational physics from the University Pierre Marie Curie in Paris and has experience in high performance software development, security and research. He is a researcher at Forescout, focusing on medical device security and the development of innovative features for SilentDefense.​ Michael Yeh holds a joint master’s degree in cybersecurity from the Technical University of Eindhoven and the Radboud University. He worked as an intern at Forescout during the development of this research project.​ Martín Pérez Rodríguez has studied Computer Science & Engineering at the Universidad Politécnica de Madrid and the Technical University of Eindhoven. After his internship, he started working as a DevOps Engineer at Forescout.​ Elisa Costante Elisa Costante holds a PhD in computer science from the Eindhoven University of Technology. She is an expert in IT and OT security and privacy. As director of the Industrial and OT Innovation Technology at Forescout, she drives the execution of pioneering theoretical and experimental work addressing the cyber security challenges posed by the IT/OT convergence. Her tasks include the generation of original content to boost awareness and thought leadership and the identification, building and testing of prototypes for innovative products and services in line with the overall product strategy.
  • 24. 24 About Forescout Connect with us Forescout Technologies is the leader in device visibility and control. Our unified security platform enables enterprises and government agencies to gain complete situational awareness of their extended enterprise environments and orchestrate actions to reduce cyber and operational risk. Forescout products deploy quickly with agentless, real-time discovery and classification, as well as continuous posture assessment. www.forescout.com @Forescout Forescout Technologies