-IoT Security is a Safety/Privacy Issue
-Consider the devices you bring into your home and to work
Video Links:
-Hue: https://www.youtube.com/watch?v=7TOsFqqJgj4
-Slow Cooker: https://www.walmart.com/ip/BLACK-DECKER-WiFi-Enabled-6-Quart-Slow-Cooker/128745799
-Smart Toilet: https://www.youtube.com/watch?v=HyZ7S4fE5v4
2. Outline
• The Internet of Things (Everything)
Examples of IoT Devices
Power Grid (‘Grid of Things’)
• Security Challenges
End-Point Security, Global Issues,
0-Days, No Motivation
• The Mirai Botnet
Background (DNS)
Oct. 21st Summary
• Tinkering Around
Experimenting with an IP Cam
What is this ‘thing’ really doing
7. FEATURES
Integrated cleansing.
Adjustable spray shape, position, water pressure, temperature, pulsate.
Self-cleaning
Warm-air drying system with adjustable temperature settings.
Automatic deodorization system.
Heated seat with adjustable temperature settings.
Motion-activated
LED lighting illuminates the bowl to serve as a night-light.
Touchscreen LCD remote control.
Plays Music
Internet of Things
Examples
Video
8. Grid of Things
State of Affairs Power Grid
“Our expectations is that the modernized
electricity grid will be 100 to 1000 times larger
than the Internet”
– CISCO VP
Advanced
Metering
Electric
Vehicles
Distributed
Generation
Grid Modernization
Distribution
Automation
11. Wait, so what exactly is IoT?
Source: IoT European Research Cluster, IERC, 2014
12. IoT Defined... Now Security...
Implementing security with:
• No Incentives (or Consequences)
• Do vendors and consumers even care
• World economy, markets, and conflicts
• Engineering silos
• Engineering ethical barriers
• Limited understanding of complexity and emergent issues
14. Background
Source: Simon Liu, "Surviving Distributed Denial-of-Service Attacks", IT Professional
vol. 11, p. 51-53, September/October, 2009
15. Background
How Domain Name Service Works
‘The Phone Book of the Internet’
(1) Where is Google?
DNS Server
Google
(2) Google is at
108.177.8.113
(3) Searching the Web
108.177.8.113/search?q=IEEE
16. Summary
Source: http://dyn.com/blog/dyn-analysis-summary-of-friday-october-21-attack/
Dyn’s Key Findings:
• ‘The Friday October 21, 2016 attack has been analyzed as a
complex & sophisticated attack, using maliciously targeted,
masked TCP and UDP traffic over port 53.’
• Dyn confirms Mirai botnet as primary source of malicious attack
traffic.
• Attack generated compounding recursive DNS retry traffic,
further exacerbating its impact.
DNS Server
17. DYN Attack cont. and IoT Security Hearing
‘Level 3 detected approximately 150,000 IoT devices were
used to … generate significant amount of bandwidth use that
threatens the fabric of the global internet.’
Source: U.S. House of Representatives Joint Hearing “Understanding the
Role of Connected Devices in Recent Cyber Attacks” November 16, 2016
‘We believe that in the case of Dyn, the relatively unsophisticated’
Summary
‘The distributed denial-of-service attack that caused the
outages, and the vulnerabilities that made the attack possible,
was as much a failure of market and policy as it was of
technology’
Witness Testimonies
18. Recon...
the Internet of Things
Power Plants, Refrigerators,
…, Buildings, Webcams, …
Source: Shodan
24. Experimenting
Design
1. No Router Connection
Default Open Ports Web
Real Time Streaming
Print Services Interface
Universal Plug and Play
Well Known Ports: 0 through 1023.
Registered Ports: 1024 through 49151.
Dynamic/Private : 49152 through 65535.
25. Experimenting
Design
1. No Router Connection
Multicasting
Who has 192.168.1.1? Tell 192.168.1.108
Simple Service Discovery Protocol
192.168.1.108 239.255.255.250 NOTIFY
192.168.1.108 224.0.0.22 IGMPv360
Report / Join group 239.255.255.250 for any sources
26. Experimenting
Design
2. Internet Connectivity
-ROUTER_12:6d:81 e0:50:8b:0a:06:d3 192.168.1.254 is at …
target 192.168.1.66
-192.168.1.66 192.168.1.254 DNS 81 Standard query 0x016f A
www.dahuap2pcloud.com
-192.168.1.254192.168.1.66 DNS 97 Standard query
response 0x016f A www.dahuap2pcloud.com A 121.199.3.195
DHGET /online/p2psrv/2J03977PAA00347 HTTP/1.1CSeq: 1927610396Authorization: WSSE
profile="UsernameToken"X-WSSE: UsernameToken Username="2J03977PAA00347",
PasswordDigest="NanYJZWK4bKmrYW7ngt2EK50AY80", Nonce="-691305717",
Created="2000-01-01T02:52:12Z"
-192.168.1.66 121.199.3.195 UDP 303 58124 8800 Len=261
28. Experimenting
Design
2. Internet Connectivity
- 192.168.1.254 192.168.1.66 DNS 92 Standard query
response 0x0170 A www.dahuap2p.com A 223.6.252.231
-192.168.1.66 192.168.1.254 DNS 76 Standard query 0x0170 A
www.dahuap2p.com
- 192.168.1.66 223.6.252.231 TCP 60 41776 12366 [ACK]
Seq=1 Ack=1 Win=14608 Len=0
What are you sending?
30. Experimenting
Design
2. Internet Connectivity
-192.168.1.66 192.168.1.254 DNS 74 Standard query 0x0171 A
rs.lechange.cn
-192.168.1.254192.168.1.66 DNS 90 Standard query response
0x0171 A rs.lechange.cn A 114.55.152.165
-192.168.1.66 114.55.152.165 TCP 74 46241 9084
What are you sending?