Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

IoT-Home fails

45 Aufrufe

Veröffentlicht am

In this TECHtalks edition Olaf shows some common pitfalls regarding the security-infrastructure of diverese IoT-devices - ranging from toys up to medical devices.

Veröffentlicht in: Technologie
  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

IoT-Home fails

  1. 1. www.tech-talks.eu OMM Solutions TECHtalks #20 1< OMM Solutions GmbH >
  2. 2. www.tech-talks.eu Einmal im Monat ist TECHtalk Zeit! First come first served! < OMM Solutions GmbH > 2
  3. 3. www.tech-talks.eu Talk: Home IoT Fails - How to NOT secure a device. Or: Why you probably shouldn’t buy just any “smart device” Speaker: Olaf Horstmann 3< OMM Solutions GmbH >
  4. 4. www.tech-talks.eu What is IoT? 4 Quelle: https://www.youtube.com/watch?v=v2kV6pgJxuo
  5. 5. www.tech-talks.eu • 26 bn connected devices (75 bn until 2025) • estimations are, that at least 50-60% can be hacked with simple methods and ready-to-buy tools/hardware … and not very secure IoT is already massive … 5 Quelle: https://www.statista.com/statistics/471264/iot-number- of-connected-devices-worldwide/
  6. 6. www.tech-talks.eu • the doll contains a microphone and a speaker • once the original paired device is out of range or turned off, any other device and pair with Cayla • we’d barely call this “hacking”, more like “insecurely implemented” … is not so loyal once the owner is out of sight My friend Cayla 6 Quelle: https://www.cleankids.de/wp-content/uploads/2017/02/rofu1-17 4x300.jpg
  7. 7. www.tech-talks.eu • Database was hacked in 2017 • userdata of 800.000 customers leaked • including custom voice-messages between parents and their children CloudPets 7 Quelle: https://www.idgcdn.com.au/article/images/740x500/dimg/scree n-shot-2017-02-27-at-43408-pm-100710841-orig.jpg
  8. 8. www.tech-talks.eu Merlin@Home • device is used to wirelessly monitor the pacemaker and transmit data to the physician • attackers could connect to the pacemaker within a 3 meter radius • 465.000 devices affected • can be patched via software, but must be done in the doctors office • even with a chance of only 0.001% risk of complications (hypothetical number) there are 5 people that might suffer consequences Even pacemakers are connected today 8 Quelle: http://professional.sjm.com/~/media/galaxy/hcp/featured-produ cts/crm/merlin-at-home-transmitter/merlin-at-home-1.jpg
  9. 9. www.tech-talks.eu Smart Locks 9 Secure locks are rare • 12 of 16 tested locks insecure • can be “hacked” in 2 seconds with an Android-App • can be opened with a screwdriver • signal can be recorded and replayed at any time (basically a 1990s garage opener insecurity) • there are secure locks, but they are rare Quelle: https://your-smarthome.com/blog/wp-content/uploads/2016/11/ Goji-T%C3%BCrschloss-150x150.jpg
  10. 10. www.tech-talks.eu • the gun was developed to be only usable when wearing the smart wristband • the gun can also be “unlocked”(“hacked”) with a 10€ magnet … outsmarted with a cheap magnet Smart Gun … 10 Quelle: https://static.designboom.com/wp-content/uploads/2014/02/sm artwatch-controlled-pistol-designboom05.jpg https://scr3.golem.de/screenshots/1402/Armatix-iP1/thumb620 /80d17cd287.jpg
  11. 11. www.tech-talks.eu • between 600.000 and 2.5mil infected devices* (mostly CCTV Cameras and DVRs) • used to create DDoS** attacks in 2016 with traffic-spikes of up to 1.2Tbps (~150GB of data or ~25h of 4K video / second) • allegedly created by the owner of a DDoS Mitigation Company to “boost his business” probably the best known quantitative attack Mirai Botnet 11 *https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-antonakakis.pdf, https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mirai-botnet-creates-army-iot-orcs/ **DDoS (Distributed Denial of Service): Many single devices try to connect to a central service (e.g. omm-solutions.de -> that services will go offline due to the high load Quelle: https://www.incapsula.com/blog/wp-content/uploads/2016/10/ mirai-botnet-map.png
  12. 12. www.tech-talks.eu Sadly but true • there has been no device category yet, that has not yet been hacked • children’s toys • appliances • tools • locks • medical devices • cameras • guns • bedroom/adult toys • smart tvs • computers are still not top secured, but IoT devices are way easier to “hack” In essence 12
  13. 13. www.tech-talks.eu • There are tons of unsecured cameras openly accessible on the web • http://www.insecam.org/ Security Cameras 13
  14. 14. www.tech-talks.eu Vielen Dank für Eure Aufmerksamkeit! 14< OMM Solutions GmbH >
  15. 15. www.tech-school.eu OMM Solutions GmbH Vor dem Lauch 19 70567 Stuttgart Germany Fragen oder Interesse? 15< OMM Solutions GmbH > Ihr persönlicher Ansprechpartner Olaf Horstmann Geschäftsführer Technologie OMM Solutions GmbH Vor dem Lauch 19 70567 Stuttgart Germany oh@omm-solutions.de +49 (0)711 995 985-75
  16. 16. www.tech-talks.eu 16< OMM Solutions GmbH > OMM Solutions GmbH Vor dem Lauch 19 70567 Stuttgart Geschäftsführer Martin Allmendinger Malte Horstmann Olaf Horstmann Kontakt Telefon: +49 711 995 985 80 E-Mail: info@omm-solutions.de Umsatzsteuer-ID: DE295716572 Sitz der Gesellschaft: Stuttgart Amtsgericht Stuttgart, HRB 749562 Impressum