SlideShare ist ein Scribd-Unternehmen logo

IoT Security: How Your TV and Thermostat are Attacking the Internet

N
Nathan Wallace, PhD, PE

-IoT Security is a Safety/Privacy Issue -Consider the devices you bring into your home and to work Video Links: -Hue: https://www.youtube.com/watch?v=7TOsFqqJgj4 -Slow Cooker: https://www.walmart.com/ip/BLACK-DECKER-WiFi-Enabled-6-Quart-Slow-Cooker/128745799 -Smart Toilet: https://www.youtube.com/watch?v=HyZ7S4fE5v4

Ingenieurwesen
1 von 39
Downloaden Sie, um offline zu lesen
IoT Security: How Your TV and Thermostat are A9acking the Internet Nathan Wallace, PhD, CSSA Dir. of Cyber OperaHons, Cybirical, LLC Dec. 05 2016 Computer Science
Outline •  The Internet of Things (Everything) Examples of IoT Devices Power Grid (‘Grid of Things’) •  Security Challenges End-Point Security, Global Issues, 0-Days, No Motivation •  The Mirai Botnet Background (DNS) Oct. 21st Summary •  Tinkering Around Experimenting with an IP Cam What is this ‘thing’ really doing
Source: http://www.comsoc.org/blog/infographic-internet-things-iot By the numbers
By the numbers Source: http://www.comsoc.org/blog/infographic-internet-things-iot
By the numbers Source: http://www.comsoc.org/blog/infographic-internet-things-iot
Internet of Things Examples Video Video
FEATURES Integrated cleansing. Adjustable spray shape, position, water pressure, temperature, pulsate. Self-cleaning Warm-air drying system with adjustable temperature settings. Automatic deodorization system. Heated seat with adjustable temperature settings. Motion-activated LED lighting illuminates the bowl to serve as a night-light. Touchscreen LCD remote control. Plays Music Internet of Things Examples Video
Grid of Things State of Affairs Power Grid “Our expectations is that the modernized electricity grid will be 100 to 1000 times larger than the Internet” – CISCO VP Advanced Metering Electric Vehicles Distributed Generation Grid Modernization Distribution Automation
IoT Security => Safety ICS-CERT
Wait, so what exactly is IoT?
Wait, so what exactly is IoT? Source: IoT European Research Cluster, IERC, 2014
IoT Defined... Now Security... Implementing security with: •  No Incentives (or Consequences) •  Do vendors and consumers even care •  World economy, markets, and conflicts •  Engineering silos •  Engineering ethical barriers •  Limited understanding of complexity and emergent issues
Miria Botnet Source: Level 3 Communications Outage Map October 21 2016
Background Source: Simon Liu, "Surviving Distributed Denial-of-Service Attacks", IT Professional vol. 11, p. 51-53, September/October, 2009
Background How Domain Name Service Works ‘The Phone Book of the Internet’ (1) Where is Google? DNS Server Google (2) Google is at 108.177.8.113 (3) Searching the Web 108.177.8.113/search?q=IEEE
Summary Source: http://dyn.com/blog/dyn-analysis-summary-of-friday-october-21-attack/ Dyn’s Key Findings: •  ‘The Friday October 21, 2016 attack has been analyzed as a complex & sophisticated attack, using maliciously targeted, masked TCP and UDP traffic over port 53.’ •  Dyn confirms Mirai botnet as primary source of malicious attack traffic. •  Attack generated compounding recursive DNS retry traffic, further exacerbating its impact. DNS Server
DYN Attack cont. and IoT Security Hearing ‘Level 3 detected approximately 150,000 IoT devices were used to … generate significant amount of bandwidth use that threatens the fabric of the global internet.’ Source: U.S. House of Representatives Joint Hearing “Understanding the Role of Connected Devices in Recent Cyber Attacks” November 16, 2016 ‘We believe that in the case of Dyn, the relatively unsophisticated’ Summary ‘The distributed denial-of-service attack that caused the outages, and the vulnerabilities that made the attack possible, was as much a failure of market and policy as it was of technology’ Witness Testimonies
Recon... the Internet of Things Power Plants, Refrigerators, …, Buildings, Webcams, … Source: Shodan
Recon... Source: Shodan
Experimenting IP Camera 3.6mm 4MP Full HD IR Mini Dome PoE Network Camera Built-in Mic What is this ‘thing’ really doing…?
Inspiration Source: http://securityaffairs.co/wordpress/53588/malware/mirai-infection- test.html
Experimenting Design 1.  No Router Connection 2.  Internet Connectivity 3.  Port Forwarding (Future) - Network Monitoring - Port Scan - Network Monitoring - Port Scan - Network Monitoring - Port Scan
Experimenting Design 1.  No Router Connection
Experimenting Design 1.  No Router Connection Default Open Ports Web Real Time Streaming Print Services Interface Universal Plug and Play Well Known Ports: 0 through 1023. Registered Ports: 1024 through 49151. Dynamic/Private : 49152 through 65535.
Experimenting Design 1.  No Router Connection Multicasting Who has 192.168.1.1? Tell 192.168.1.108 Simple Service Discovery Protocol 192.168.1.108 239.255.255.250 NOTIFY 192.168.1.108 224.0.0.22 IGMPv360 Report / Join group 239.255.255.250 for any sources
Experimenting Design 2. Internet Connectivity -ROUTER_12:6d:81 e0:50:8b:0a:06:d3 192.168.1.254 is at … target 192.168.1.66 -192.168.1.66 192.168.1.254 DNS 81 Standard query 0x016f A www.dahuap2pcloud.com -192.168.1.254192.168.1.66 DNS 97 Standard query response 0x016f A www.dahuap2pcloud.com A 121.199.3.195 DHGET /online/p2psrv/2J03977PAA00347 HTTP/1.1CSeq: 1927610396Authorization: WSSE profile="UsernameToken"X-WSSE: UsernameToken Username="2J03977PAA00347", PasswordDigest="NanYJZWK4bKmrYW7ngt2EK50AY80", Nonce="-691305717", Created="2000-01-01T02:52:12Z" -192.168.1.66 121.199.3.195 UDP 303 58124 8800 Len=261
ExperimentingDesign 2. Internet Connectivity -192.168.1.254192.168.1.66 DNS 97 Standard query response 0x0173 A www.dahuap2pcloud.com A 120.26.104.240 -192.168.1.66 192.168.1.254 DNS 81 Standard query 0x0173 A www.dahuap2pcloud.com -192.168.1.66 120.26.104.240 UDP 310 46071 8800
Experimenting Design 2. Internet Connectivity - 192.168.1.254 192.168.1.66 DNS 92 Standard query response 0x0170 A www.dahuap2p.com A 223.6.252.231 -192.168.1.66 192.168.1.254 DNS 76 Standard query 0x0170 A www.dahuap2p.com - 192.168.1.66 223.6.252.231 TCP 60 41776 12366 [ACK] Seq=1 Ack=1 Win=14608 Len=0 What are you sending?
Experimenting Design 2. Internet Connectivity What are you sending? 192.168.1.66 -> 223.6.252.231
Experimenting Design 2. Internet Connectivity -192.168.1.66 192.168.1.254 DNS 74 Standard query 0x0171 A rs.lechange.cn -192.168.1.254192.168.1.66 DNS 90 Standard query response 0x0171 A rs.lechange.cn A 114.55.152.165 -192.168.1.66 114.55.152.165 TCP 74 46241 9084 What are you sending?
ExperimentingDesign 2. Internet Connectivity What are you sending? 192.168.1.66 -> 114.55.152.165 Why would it need to send the local IP address?
ExperimentingDesign 2. Internet Connectivity What are you sending? 192.168.1.66 -> 114.55.152.165
ExperimentingDesign 2. Internet Connectivity Same story… Summary: Time Elapsed: 00:03:50 Packets: 3647 Total External IPs: 7 Total UDP: 3 IPs Total TCP: 4 IPs
Experimenting Wireshark I/O Graph Interesting looking spike…
Experimenting
Experimenting Trying to determine exactly what ‘jpeg’ images are being sent… Python Snippet Network Capture File
Experimenting THIS IS BAD‘Plug and Play’? Automatically streams live feed to remote server.
Resources http://iot.ieee.org/ http://standards.ieee.org/innovate/iot/ Final Points 1. IoT Security is a Safety/Privacy Issue 2.  … 3. Consider the devices you bring into your home and to work
Questions? Nathan Wallace, PhD, CSSA nathanwallace@computer.org @NathanSWallace Thoughts?

Empfohlen

Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
David Glover
 
IoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalIoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 final
Frank Siepmann
 
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsMark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Stanford School of Engineering
 
The 5 elements of IoT security
The 5 elements of IoT securityThe 5 elements of IoT security
The 5 elements of IoT security
Julien Vermillard
 
IoT Security: Cases and Methods
IoT Security: Cases and MethodsIoT Security: Cases and Methods
IoT Security: Cases and Methods
Leonardo De Moura Rocha Lima
 
Security Fundamental for IoT Devices; Creating the Internet of Secure Things
Security Fundamental for IoT Devices; Creating the Internet of Secure ThingsSecurity Fundamental for IoT Devices; Creating the Internet of Secure Things
Security Fundamental for IoT Devices; Creating the Internet of Secure Things
Design World
 
Internet of Things Security Patterns
Internet of Things Security PatternsInternet of Things Security Patterns
Internet of Things Security Patterns
Mark Benson
 
IoT Security, Mirai Revisited
IoT Security, Mirai RevisitedIoT Security, Mirai Revisited
IoT Security, Mirai Revisited
Clare Nelson, CISSP, CIPP-E
 

Empfohlen

Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
Microsoft IoT Security @ Xpand:X:ED Meetup Sydney Feb 2016
David Glover
 
IoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalIoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 final
Frank Siepmann
 
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of ThingsMark Horowitz - Stanford Engineering - Securing the Internet of Things
Mark Horowitz - Stanford Engineering - Securing the Internet of Things
Stanford School of Engineering
 
The 5 elements of IoT security
The 5 elements of IoT securityThe 5 elements of IoT security
The 5 elements of IoT security
Julien Vermillard
 
IoT Security: Cases and Methods
IoT Security: Cases and MethodsIoT Security: Cases and Methods
IoT Security: Cases and Methods
Leonardo De Moura Rocha Lima
 
Security Fundamental for IoT Devices; Creating the Internet of Secure Things
Security Fundamental for IoT Devices; Creating the Internet of Secure ThingsSecurity Fundamental for IoT Devices; Creating the Internet of Secure Things
Security Fundamental for IoT Devices; Creating the Internet of Secure Things
Design World
 
Internet of Things Security Patterns
Internet of Things Security PatternsInternet of Things Security Patterns
Internet of Things Security Patterns
Mark Benson
 
IoT Security, Mirai Revisited
IoT Security, Mirai RevisitedIoT Security, Mirai Revisited
IoT Security, Mirai Revisited
Clare Nelson, CISSP, CIPP-E
 
The Future of Embedded and IoT Security: Kaspersky Operating System
The Future of Embedded and IoT Security: Kaspersky Operating SystemThe Future of Embedded and IoT Security: Kaspersky Operating System
The Future of Embedded and IoT Security: Kaspersky Operating System
Kaspersky Lab
 
IoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsIoT Security and Privacy Considerations
IoT Security and Privacy Considerations
Kenny Huang Ph.D.
 
Privacy and security in IoT
Privacy and security in IoTPrivacy and security in IoT
Privacy and security in IoT
Vasco Veloso
 
Enabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health DevicesEnabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health Devices
Charalampos Doukas
 
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security
CableLabs
 
IoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themIoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address them
Radouane Mrabet
 
IoT security fresh thinking 2017 sep 9
IoT security fresh thinking 2017 sep 9IoT security fresh thinking 2017 sep 9
IoT security fresh thinking 2017 sep 9
Arvind Tiwary
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson
 
Practical IoT Security in the Enterprise
Practical IoT Security in the EnterprisePractical IoT Security in the Enterprise
Practical IoT Security in the Enterprise
Daniel Miessler
 
Iot Security
Iot SecurityIot Security
Iot Security
MAITREYA MISRA
 
Technology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityTechnology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT Security
CableLabs
 
IoT Security Imperative: Stop your Fridge from Sending you Spam
IoT Security Imperative: Stop your Fridge from Sending you SpamIoT Security Imperative: Stop your Fridge from Sending you Spam
IoT Security Imperative: Stop your Fridge from Sending you Spam
Amit Rohatgi
 
Internet of Things Security
Internet of Things SecurityInternet of Things Security
Internet of Things Security
Tutun Juhana
 
Security and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSecurity and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of Things
Somasundaram Jambunathan
 
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
CableLabs
 
Iot(security)
Iot(security)Iot(security)
Iot(security)
Shreya Pohekar
 
Introduction to IoT Security
Introduction to IoT SecurityIntroduction to IoT Security
Introduction to IoT Security
CAS
 
Security issues and solutions : IoT
Security issues and solutions : IoTSecurity issues and solutions : IoT
Security issues and solutions : IoT
Jinia Bhowmik
 
IOT Security
IOT SecurityIOT Security
IOT Security
Sylvain Martinez
 
IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]
Leonardo De Moura Rocha Lima
 
When Ransomware Attacks: Emergency Measures to Save Your Business
When Ransomware Attacks: Emergency Measures to Save Your BusinessWhen Ransomware Attacks: Emergency Measures to Save Your Business
When Ransomware Attacks: Emergency Measures to Save Your Business
Kaspersky Lab
 
Friendly Technologies - TR-069, IoT Management, Smart Home Service Delivery
Friendly Technologies - TR-069, IoT Management, Smart Home Service DeliveryFriendly Technologies - TR-069, IoT Management, Smart Home Service Delivery
Friendly Technologies - TR-069, IoT Management, Smart Home Service Delivery
Friendly Technologies
 

Weitere ähnliche Inhalte

Was ist angesagt?

IoT Security Imperative: Stop your Fridge from Sending you Spam
IoT Security Imperative: Stop your Fridge from Sending you SpamIoT Security Imperative: Stop your Fridge from Sending you Spam
IoT Security Imperative: Stop your Fridge from Sending you Spam
Amit Rohatgi
 

Was ist angesagt? (20)

The Future of Embedded and IoT Security: Kaspersky Operating System
The Future of Embedded and IoT Security: Kaspersky Operating SystemThe Future of Embedded and IoT Security: Kaspersky Operating System
The Future of Embedded and IoT Security: Kaspersky Operating System
 
IoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsIoT Security and Privacy Considerations
IoT Security and Privacy Considerations
 
Privacy and security in IoT
Privacy and security in IoTPrivacy and security in IoT
Privacy and security in IoT
 
Enabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health DevicesEnabling Data Protection through PKI encryption in IoT m-Health Devices
Enabling Data Protection through PKI encryption in IoT m-Health Devices
 
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security
"The State of IoT Security" Keynote by Shawn Henry at Inform[ED] IoT Security
 
IoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themIoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address them
 
IoT security fresh thinking 2017 sep 9
IoT security fresh thinking 2017 sep 9IoT security fresh thinking 2017 sep 9
IoT security fresh thinking 2017 sep 9
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT Security
 
Practical IoT Security in the Enterprise
Practical IoT Security in the EnterprisePractical IoT Security in the Enterprise
Practical IoT Security in the Enterprise
 
Iot Security
Iot SecurityIot Security
Iot Security
 
Technology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityTechnology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT Security
 
IoT Security Imperative: Stop your Fridge from Sending you Spam
IoT Security Imperative: Stop your Fridge from Sending you SpamIoT Security Imperative: Stop your Fridge from Sending you Spam
IoT Security Imperative: Stop your Fridge from Sending you Spam
 
Internet of Things Security
Internet of Things SecurityInternet of Things Security
Internet of Things Security
 
Security and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSecurity and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of Things
 
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
Internet of Things (IoT) Security and Privacy Recommendations by Jason Living...
 
Iot(security)
Iot(security)Iot(security)
Iot(security)
 
Introduction to IoT Security
Introduction to IoT SecurityIntroduction to IoT Security
Introduction to IoT Security
 
Security issues and solutions : IoT
Security issues and solutions : IoTSecurity issues and solutions : IoT
Security issues and solutions : IoT
 
IOT Security
IOT SecurityIOT Security
IOT Security
 
IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]
 

Andere mochten auch

Friendly Technologies - TR-069, IoT Management, Smart Home Service Delivery
Friendly Technologies - TR-069, IoT Management, Smart Home Service DeliveryFriendly Technologies - TR-069, IoT Management, Smart Home Service Delivery
Friendly Technologies - TR-069, IoT Management, Smart Home Service Delivery
Friendly Technologies
 
Integrated Cybersecurity and the Internet of Things
Integrated Cybersecurity and the Internet of ThingsIntegrated Cybersecurity and the Internet of Things
Integrated Cybersecurity and the Internet of Things
Dr David Probert
 
Securing the Internet of Things Opportunity: Putting Cybersecurity at the Hea...
Securing the Internet of Things Opportunity: Putting Cybersecurity at the Hea...Securing the Internet of Things Opportunity: Putting Cybersecurity at the Hea...
Securing the Internet of Things Opportunity: Putting Cybersecurity at the Hea...
Capgemini
 
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le..."Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...
Dataconomy Media
 
7 Strategies for Reducing IoT Cyber Risk
7 Strategies for Reducing IoT Cyber Risk 7 Strategies for Reducing IoT Cyber Risk
7 Strategies for Reducing IoT Cyber Risk
Hector Del Castillo, CPM, CPMM
 
CyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoT
Creekside Marketing Group, LLC
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Zoltan Balazs
 
Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...
Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...
Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...
ClicTest
 

Andere mochten auch (20)

When Ransomware Attacks: Emergency Measures to Save Your Business
When Ransomware Attacks: Emergency Measures to Save Your BusinessWhen Ransomware Attacks: Emergency Measures to Save Your Business
When Ransomware Attacks: Emergency Measures to Save Your Business
 
Friendly Technologies - TR-069, IoT Management, Smart Home Service Delivery
Friendly Technologies - TR-069, IoT Management, Smart Home Service DeliveryFriendly Technologies - TR-069, IoT Management, Smart Home Service Delivery
Friendly Technologies - TR-069, IoT Management, Smart Home Service Delivery
 
Deft
DeftDeft
Deft
 
Designing for IoT and Cyber-Physical System
Designing for IoT and Cyber-Physical SystemDesigning for IoT and Cyber-Physical System
Designing for IoT and Cyber-Physical System
 
Will Internet of Things (IoT) be secure enough?
Will Internet of Things (IoT) be secure enough? Will Internet of Things (IoT) be secure enough?
Will Internet of Things (IoT) be secure enough?
 
Track 5 session 1 - st dev con 2016 - need for security for iot
Track 5 session 1 - st dev con 2016 - need for security for iotTrack 5 session 1 - st dev con 2016 - need for security for iot
Track 5 session 1 - st dev con 2016 - need for security for iot
 
Integrated Cybersecurity and the Internet of Things
Integrated Cybersecurity and the Internet of ThingsIntegrated Cybersecurity and the Internet of Things
Integrated Cybersecurity and the Internet of Things
 
Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, India
Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, IndiaGovernance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, India
Governance and IoT Cyber Risks - presented at Defcon-OWASP Lucknow, India
 
IoT based on cyber security in defense industry and critical infrastructures
IoT based on cyber security in defense industry and critical infrastructuresIoT based on cyber security in defense industry and critical infrastructures
IoT based on cyber security in defense industry and critical infrastructures
 
Security in IoT
Security in IoTSecurity in IoT
Security in IoT
 
Securing the Internet of Things Opportunity: Putting Cybersecurity at the Hea...
Securing the Internet of Things Opportunity: Putting Cybersecurity at the Hea...Securing the Internet of Things Opportunity: Putting Cybersecurity at the Hea...
Securing the Internet of Things Opportunity: Putting Cybersecurity at the Hea...
 
Scaling IoT Security
Scaling IoT SecurityScaling IoT Security
Scaling IoT Security
 
Owasp IoT top 10 + IoTGOAT Cyber Security Meeting Brazil 3rd 2015
Owasp IoT top 10 + IoTGOAT Cyber Security Meeting Brazil 3rd 2015Owasp IoT top 10 + IoTGOAT Cyber Security Meeting Brazil 3rd 2015
Owasp IoT top 10 + IoTGOAT Cyber Security Meeting Brazil 3rd 2015
 
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le..."Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...
 
7 Strategies for Reducing IoT Cyber Risk
7 Strategies for Reducing IoT Cyber Risk 7 Strategies for Reducing IoT Cyber Risk
7 Strategies for Reducing IoT Cyber Risk
 
CyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoT
 
Ransomware
RansomwareRansomware
Ransomware
 
Principals of IoT security
Principals of IoT securityPrincipals of IoT security
Principals of IoT security
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
 
Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...
Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...
Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...
 

Ähnlich wie IoT Security: How Your TV and Thermostat are Attacking the Internet

How to prevent cyber terrorism taragana
How to prevent cyber terrorism taraganaHow to prevent cyber terrorism taragana
How to prevent cyber terrorism taragana
Gilles Sgro
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CanSecWest
 
Data Junk VTS Prez - 20150925-3
Data Junk VTS Prez - 20150925-3Data Junk VTS Prez - 20150925-3
Data Junk VTS Prez - 20150925-3
Paul Sitowitz
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber Grief
Lancope, Inc.
 

Ähnlich wie IoT Security: How Your TV and Thermostat are Attacking the Internet (20)

DEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summer
DEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summerDEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summer
DEF CON 27 - D4KRM4TTER MIKE SPICER - I know what you did last summer
 
Disruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptxDisruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptx
 
SIEM
SIEMSIEM
SIEM
 
Incident Response: SIEM
Incident Response: SIEMIncident Response: SIEM
Incident Response: SIEM
 
DDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT DevicesDDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT Devices
 
[CB20] Cleaning up the mess: discovery, monitoring, analysis, and notificatio...
[CB20] Cleaning up the mess: discovery, monitoring, analysis, and notificatio...[CB20] Cleaning up the mess: discovery, monitoring, analysis, and notificatio...
[CB20] Cleaning up the mess: discovery, monitoring, analysis, and notificatio...
 
How to use shodan more powerful
How to use shodan more powerful How to use shodan more powerful
How to use shodan more powerful
 
The Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatThe Internet of Things: We've Got to Chat
The Internet of Things: We've Got to Chat
 
CIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptxCIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptx
 
The evolving threat in the face of increased connectivity
The evolving threat in the face of increased connectivityThe evolving threat in the face of increased connectivity
The evolving threat in the face of increased connectivity
 
How to prevent cyber terrorism taragana
How to prevent cyber terrorism taraganaHow to prevent cyber terrorism taragana
How to prevent cyber terrorism taragana
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber Grief
 
D3SF17- Improving Our China Clients Performance
D3SF17- Improving Our China Clients PerformanceD3SF17- Improving Our China Clients Performance
D3SF17- Improving Our China Clients Performance
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
 
Data Junk VTS Prez - 20150925-3
Data Junk VTS Prez - 20150925-3Data Junk VTS Prez - 20150925-3
Data Junk VTS Prez - 20150925-3
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber Grief
 
Dragos and CyberWire: ICS Ransomware
Dragos and CyberWire: ICS Ransomware Dragos and CyberWire: ICS Ransomware
Dragos and CyberWire: ICS Ransomware
 
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
OWASP Appsec USA 2014 Talk "Pwning the Pawns with Wihawk" Santhosh Kumar
 
A modern approach to safeguarding your ICS and SCADA systems
A modern approach to safeguarding your ICS and SCADA systemsA modern approach to safeguarding your ICS and SCADA systems
A modern approach to safeguarding your ICS and SCADA systems
 
ASERT's DDoS Malware Corral, Volume 1 by Dennis Schwarz and Jason Jones
ASERT's DDoS Malware Corral, Volume 1 by Dennis Schwarz and Jason JonesASERT's DDoS Malware Corral, Volume 1 by Dennis Schwarz and Jason Jones
ASERT's DDoS Malware Corral, Volume 1 by Dennis Schwarz and Jason Jones
 

Mehr von Nathan Wallace, PhD, PE

Automating the Point-to-Point Testing of Hundreds of Substations
Automating the Point-to-Point Testing of Hundreds of Substations Automating the Point-to-Point Testing of Hundreds of Substations
Automating the Point-to-Point Testing of Hundreds of Substations
Nathan Wallace, PhD, PE
 
2018 SEL MSPSC Panel Slides on Creating Inherently Safe Cyber Power Systems
2018 SEL MSPSC Panel Slides on Creating Inherently Safe Cyber Power Systems2018 SEL MSPSC Panel Slides on Creating Inherently Safe Cyber Power Systems
2018 SEL MSPSC Panel Slides on Creating Inherently Safe Cyber Power Systems
Nathan Wallace, PhD, PE
 

Mehr von Nathan Wallace, PhD, PE (6)

Automating the Point-to-Point Testing of Hundreds of Substations
Automating the Point-to-Point Testing of Hundreds of Substations Automating the Point-to-Point Testing of Hundreds of Substations
Automating the Point-to-Point Testing of Hundreds of Substations
 
S4x19 Stage 2 Making Power System Cybersecurity Part of the Engineering Process
S4x19 Stage 2 Making Power System Cybersecurity Part of the Engineering ProcessS4x19 Stage 2 Making Power System Cybersecurity Part of the Engineering Process
S4x19 Stage 2 Making Power System Cybersecurity Part of the Engineering Process
 
2018 SEL MSPSC Panel Slides on Creating Inherently Safe Cyber Power Systems
2018 SEL MSPSC Panel Slides on Creating Inherently Safe Cyber Power Systems2018 SEL MSPSC Panel Slides on Creating Inherently Safe Cyber Power Systems
2018 SEL MSPSC Panel Slides on Creating Inherently Safe Cyber Power Systems
 
Power System Cybersecurity: Barriers and Challenges
Power System Cybersecurity: Barriers and Challenges Power System Cybersecurity: Barriers and Challenges
Power System Cybersecurity: Barriers and Challenges
 
IEEE PES GM 2017 Cybersecurity Panel Talk
IEEE PES GM 2017 Cybersecurity Panel TalkIEEE PES GM 2017 Cybersecurity Panel Talk
IEEE PES GM 2017 Cybersecurity Panel Talk
 
Power System Cybersecurity: Threats, Challenges, and Barriers
Power System Cybersecurity: Threats, Challenges, and Barriers Power System Cybersecurity: Threats, Challenges, and Barriers
Power System Cybersecurity: Threats, Challenges, and Barriers
 

Kürzlich hochgeladen

(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
Asst.prof M.Gokilavani
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 
Call Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night StandCall Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
amitlee9823
 
notes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptnotes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.ppt
MsecMca
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
ssuser89054b
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Call Girls in Nagpur High Profile
 

Kürzlich hochgeladen (20)

Double Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torqueDouble Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torque
 
Design For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the startDesign For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the start
 
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
 
Unit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdfUnit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdf
 
chapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineeringchapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineering
 
Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
 
UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performance
 
Generative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPTGenerative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPT
 
Call Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
 
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night StandCall Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
 
notes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptnotes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.ppt
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
 
data_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfdata_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdf
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
 
Online banking management system project.pdf
Online banking management system project.pdfOnline banking management system project.pdf
Online banking management system project.pdf
 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghly
 
Unleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leapUnleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leap
 

IoT Security: How Your TV and Thermostat are Attacking the Internet