SlideShare ist ein Scribd-Unternehmen logo

IoT Fofoqueiro

Als PPTX, PDF herunterladen
Anchises Moraes
Anchises Moraes

IoT Fofoqueiro Nossos dispositivos IoT não sabem guardar um segredo! Nesta palestra vamos rever vários casos recentes sobre dispositivos de Internet das Coisas que, deliberadamente ou não, revelavam dados pessoais de seus usuários. A Internet das Coisas (do inglês Internet of Things, ou IoT) está cada vez mais presente em nosso dia-a-dia em dispositivos pessoais, computação vestível, automação residencial, carros inteligentes e muito mais. Conforme eles se proliferam, crescem tambem os casos de exposição de dados pessoais. Nessa apresentação vamos rever alguns casos interessantes de dispositivos IoT que não tinham os devidos cuidados com privacidade. Palestra apresentada em 04/05/2018 na CryptoRave #CR2018

Technologie
1 von 39
5/5/2018 Apresenta…
IoF Internet of Fofoca (IoTs Fofoqueiros) @anchisesbr @RSAFraud @Garoahc @BSidesSP @CSAbr
Imagem: giphy iot fofoqueiro?
IoT Fofoqueiro: s.m. Dispositivo IoT que tem acesso não autorizado a dados pessoais de seu usuário, permitindo o compartilhamentou indevido e/ou acesso por terceiros. Imagem: giphy
objetivo • Popularização da Internet das Coisas (IoT) Imagem: xkcd
objetivo • Problemas de segurança no mundo IoT Imagem: xkcd
Foco • Casos de mau uso • Compartilhamento de dados pessoais Imagem: giphy
Risco • Privacidade Imagem: giphy
motivação Tempo INsegurança Lançamento Padrões de segurança Popularização Problemas!!! Patches Imagens: xkcd
Imagem: giphy casos
“LIFX mesh network protocol was largely unencrypted”
https://thehackernews.com/2013/11/your-tv-now-watching-you-too-lg-smart.html
https://doctorbeet.blogspot.com.br/2013/11/lg-smart-tvs-logging-usb-filenames-and.html Opção escondida
https://thehackernews.com/2017/07/irobot-roomba-vacuums.html
Imagem: giphy “CEO of iRobot has revealed that the robotic vacuum cleaner builds a map of your home while cleaning”
https://thehackernews.com/2017/10/smart-iot-device-hacking.html
Fonte: The Hacker News, Checkpoint https://www.youtube.com/watch?v=BnAHfZWPaCs
https://www.theguardian.com/technology/2015/nov/26/hackers-can-hijack-wi-fi-hello-barbie-to-spy-on-your-children
“When connected to Wi-Fi the doll was vulnerable to hacking, allowing him easy access to the doll’s system information, account information, stored audio files and direct access to the microphone.”
https://thehackernews.com/2016/12/amazon-echo-murder.html
“The police said they were able to extract data from Echo, though it's uncertain what they were able to uncover and how useful that data would be in their investigation.” Imagem: Amazon
“According to court records, Bates' smart water meter shows that his home ran 140 gallons of water between 1 AM and 3 AM the night Collins was found dead in Bates' hot tub. The prosecution claims that the water was used to wash away evidence after he killed Collins. ”
https://thehackernews.com/2017/01/cartapping-connected-cars.html
“In 2014, satellite radio and telematics provider SiriusXM provided location information of a Toyota 4- Runner following a warrant by New York police (…). The warrant asked SiriusXM "to activate and monitor as a tracking device the SIRIUS XM Satellite Radio installed on the Target Vehicle" for ten days, and the company admitted to Forbes that it complied with the order. (…) The company simply turned on the stolen vehicle recovery feature of its Connected Vehicle Services technology on the target vehicle, (…).” ” The Hacker News
“In 2007, OnStar was ordered to provide audio data from a Chevrolet Tahoe belonging to Gareth Wilson in Ohio. An emergency button in Wilson's car was automatically pushed without his knowledge, which allowed an officer from the Office of the Fairfield County Sheriff to listen to the conversation about a possible drug deal (…). After that, when the feds located and searched the car, they found marijuana. (…).” ” The Hacker News
Samsung F8000 Weeping Angel
https://www.youtube.com/watch?v=P2_ZWKwM5Bw “Alexa Are You Connected to the CIA?”
https://www.theguardian.com/world/2018/jan/28/fitness-tracking-app-gives-away-location-of-secret-us-army-bases
Imagem: Strava, The Guardian
E agora !?
Privacidade x Conveniência Imagem: giphy
Cuidados básicos Imagem: Facebook
Cuidados básicos • Altere as senhas padrão • Desativar o recurso Universal Plug-and- Play (UPnP) • Revisar restrições de Gerenciamento Remoto • Verifique as atualizações de software Fonte: The Hacker News
Online scan http://iotscanner.bullguard.com
Para saber mais... Artigo - Notícias sobre ameaças em IoT https://anchisesbr.blogspot.com/2018/02/seguranca-noticias-sobre-ameacas-em-iot.html Artigo – IoT Espião https://anchisesbr.blogspot.com.br/2017/03/seguranca-iot-espiao.html Security Guidance for Early Adopters of the IoT” https://cloudsecurityalliance.org/download/new-security-guidance-for-early-adopters-of- the-iot/ "Future-proofing the Connected World: 13 Steps to Developing Secure IoT Products“ https://cloudsecurityalliance.org/download/future-proofing-the-connected-world/ @Internet of Shit https://twitter.com/internetofshit
5/5/2018 Obrigado garoa.net.br @anchisesbr @garoahc
Participe! http://sp15.securitybsides.com.br 19 e 20 / Maio / 2018

Empfohlen

Catching imsi catchers
Catching imsi catchersCatching imsi catchers
Catching imsi catchers
Geoffrey Vaughan
 
The Dark Web
The Dark WebThe Dark Web
The Dark Web
jamiecornista
 
Dark web markets: from the silk road to alphabay, trends and developments
Dark web markets: from the silk road to alphabay, trends and developmentsDark web markets: from the silk road to alphabay, trends and developments
Dark web markets: from the silk road to alphabay, trends and developments
Andres Baravalle
 
ANDROID SECURITY
ANDROID SECURITYANDROID SECURITY
ANDROID SECURITY
yogeshraut090
 
Guide to dark web
Guide to dark webGuide to dark web
Guide to dark web
Jspider - Noida
 
Dark and Deep web
Dark and Deep webDark and Deep web
Dark and Deep web
Khaled Sany
 
Dark net
Dark netDark net
Dark net
Mudasser Afzal
 
Deep web
Deep webDeep web
Deep web
JANNAULIT
 

Empfohlen

Catching imsi catchers
Catching imsi catchersCatching imsi catchers
Catching imsi catchers
Geoffrey Vaughan
 
The Dark Web
The Dark WebThe Dark Web
The Dark Web
jamiecornista
 
Dark web markets: from the silk road to alphabay, trends and developments
Dark web markets: from the silk road to alphabay, trends and developmentsDark web markets: from the silk road to alphabay, trends and developments
Dark web markets: from the silk road to alphabay, trends and developments
Andres Baravalle
 
ANDROID SECURITY
ANDROID SECURITYANDROID SECURITY
ANDROID SECURITY
yogeshraut090
 
Guide to dark web
Guide to dark webGuide to dark web
Guide to dark web
Jspider - Noida
 
Dark and Deep web
Dark and Deep webDark and Deep web
Dark and Deep web
Khaled Sany
 
Dark net
Dark netDark net
Dark net
Mudasser Afzal
 
Deep web
Deep webDeep web
Deep web
JANNAULIT
 
10 Signs data privacy is the new Wild West
10 Signs data privacy is the new Wild West 10 Signs data privacy is the new Wild West
10 Signs data privacy is the new Wild West
Entefy
 
Stealth Mango and the Prevalence of Mobile Surveillanceware
Stealth Mango and the Prevalence of Mobile SurveillancewareStealth Mango and the Prevalence of Mobile Surveillanceware
Stealth Mango and the Prevalence of Mobile Surveillanceware
Priyanka Aash
 
News bytes-July 2013
News bytes-July 2013News bytes-July 2013
News bytes-July 2013
n|u - The Open Security Community
 
Security News Bytes Null Dec Meet Bangalore
Security News Bytes Null Dec Meet BangaloreSecurity News Bytes Null Dec Meet Bangalore
Security News Bytes Null Dec Meet Bangalore
InMobi Technology
 
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"
CloudCamp Chicago
 
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Duo Security
 
Attack on Sony
Attack on SonyAttack on Sony
Attack on Sony
Kirti Ahirrao
 
9 Alarming developments in the fight for digital privacy
9 Alarming developments in the fight for digital privacy9 Alarming developments in the fight for digital privacy
9 Alarming developments in the fight for digital privacy
Entefy
 
Privacy Exposed: Ramifications of Social Media and Mobile Technology
Privacy Exposed: Ramifications of Social Media and Mobile TechnologyPrivacy Exposed: Ramifications of Social Media and Mobile Technology
Privacy Exposed: Ramifications of Social Media and Mobile Technology
Tom Eston
 
Collected, bundled, and sold: your sensitive private data
Collected, bundled, and sold: your sensitive private dataCollected, bundled, and sold: your sensitive private data
Collected, bundled, and sold: your sensitive private data
Entefy
 
C|EH Introduction
C|EH IntroductionC|EH Introduction
C|EH Introduction
sunnysmith
 
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Alisha Deboer
 
Software Backdoors, Chiaravalle
Software Backdoors, ChiaravalleSoftware Backdoors, Chiaravalle
Software Backdoors, Chiaravalle
Adam Chiaravalle
 
Newsbytes_NULLHYD_Dec
Newsbytes_NULLHYD_DecNewsbytes_NULLHYD_Dec
Newsbytes_NULLHYD_Dec
Raghunath G
 
SEC 573 Project 1 2.22.15
SEC 573 Project 1 2.22.15SEC 573 Project 1 2.22.15
SEC 573 Project 1 2.22.15
haney888
 
Fbi Ppt Que Vazou Cisco Falsificado Omb Briefing 2008 01 11 A
Fbi Ppt Que Vazou Cisco Falsificado Omb Briefing 2008 01 11 AFbi Ppt Que Vazou Cisco Falsificado Omb Briefing 2008 01 11 A
Fbi Ppt Que Vazou Cisco Falsificado Omb Briefing 2008 01 11 A
Carlos Alberto Teixeira
 
On April 19, 2011, system administrators at Sonys On April 22, Sony .pdf
On April 19, 2011, system administrators at Sonys On April 22, Sony .pdf On April 19, 2011, system administrators at Sonys On April 22, Sony .pdf
On April 19, 2011, system administrators at Sonys On April 22, Sony .pdf
amcointernationaljam
 
Mobile Security
Mobile SecurityMobile Security
Mobile Security
Patrick Vogel
 
US Foreign Corrupt Practices Act and the Economics of Bribery by @EricPesik
US Foreign Corrupt Practices Act and the Economics of Bribery by @EricPesikUS Foreign Corrupt Practices Act and the Economics of Bribery by @EricPesik
US Foreign Corrupt Practices Act and the Economics of Bribery by @EricPesik
Eric Pesik
 
Forged authenticity: the case of deepfakes
Forged authenticity: the case of deepfakesForged authenticity: the case of deepfakes
Forged authenticity: the case of deepfakes
Anca Georgiana Rusu
 
Post pandemics threat scenario
Post pandemics threat scenarioPost pandemics threat scenario
Post pandemics threat scenario
Anchises Moraes
 
Como se proteger na internet
Como se proteger na internetComo se proteger na internet
Como se proteger na internet
Anchises Moraes
 

Weitere ähnliche Inhalte

Ähnlich wie IoT Fofoqueiro

Stealth Mango and the Prevalence of Mobile Surveillanceware
Stealth Mango and the Prevalence of Mobile SurveillancewareStealth Mango and the Prevalence of Mobile Surveillanceware
Stealth Mango and the Prevalence of Mobile Surveillanceware
Priyanka Aash
 
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Duo Security
 
9 Alarming developments in the fight for digital privacy
9 Alarming developments in the fight for digital privacy9 Alarming developments in the fight for digital privacy
9 Alarming developments in the fight for digital privacy
Entefy
 
Privacy Exposed: Ramifications of Social Media and Mobile Technology
Privacy Exposed: Ramifications of Social Media and Mobile TechnologyPrivacy Exposed: Ramifications of Social Media and Mobile Technology
Privacy Exposed: Ramifications of Social Media and Mobile Technology
Tom Eston
 
C|EH Introduction
C|EH IntroductionC|EH Introduction
C|EH Introduction
sunnysmith
 
SEC 573 Project 1 2.22.15
SEC 573 Project 1 2.22.15SEC 573 Project 1 2.22.15
SEC 573 Project 1 2.22.15
haney888
 
On April 19, 2011, system administrators at Sonys On April 22, Sony .pdf
On April 19, 2011, system administrators at Sonys On April 22, Sony .pdf On April 19, 2011, system administrators at Sonys On April 22, Sony .pdf
On April 19, 2011, system administrators at Sonys On April 22, Sony .pdf
amcointernationaljam
 

Ähnlich wie IoT Fofoqueiro (20)

10 Signs data privacy is the new Wild West
10 Signs data privacy is the new Wild West 10 Signs data privacy is the new Wild West
10 Signs data privacy is the new Wild West
 
Stealth Mango and the Prevalence of Mobile Surveillanceware
Stealth Mango and the Prevalence of Mobile SurveillancewareStealth Mango and the Prevalence of Mobile Surveillanceware
Stealth Mango and the Prevalence of Mobile Surveillanceware
 
News bytes-July 2013
News bytes-July 2013News bytes-July 2013
News bytes-July 2013
 
Security News Bytes Null Dec Meet Bangalore
Security News Bytes Null Dec Meet BangaloreSecurity News Bytes Null Dec Meet Bangalore
Security News Bytes Null Dec Meet Bangalore
 
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"
 
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
 
Attack on Sony
Attack on SonyAttack on Sony
Attack on Sony
 
9 Alarming developments in the fight for digital privacy
9 Alarming developments in the fight for digital privacy9 Alarming developments in the fight for digital privacy
9 Alarming developments in the fight for digital privacy
 
Privacy Exposed: Ramifications of Social Media and Mobile Technology
Privacy Exposed: Ramifications of Social Media and Mobile TechnologyPrivacy Exposed: Ramifications of Social Media and Mobile Technology
Privacy Exposed: Ramifications of Social Media and Mobile Technology
 
Collected, bundled, and sold: your sensitive private data
Collected, bundled, and sold: your sensitive private dataCollected, bundled, and sold: your sensitive private data
Collected, bundled, and sold: your sensitive private data
 
C|EH Introduction
C|EH IntroductionC|EH Introduction
C|EH Introduction
 
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
 
Software Backdoors, Chiaravalle
Software Backdoors, ChiaravalleSoftware Backdoors, Chiaravalle
Software Backdoors, Chiaravalle
 
Newsbytes_NULLHYD_Dec
Newsbytes_NULLHYD_DecNewsbytes_NULLHYD_Dec
Newsbytes_NULLHYD_Dec
 
SEC 573 Project 1 2.22.15
SEC 573 Project 1 2.22.15SEC 573 Project 1 2.22.15
SEC 573 Project 1 2.22.15
 
Fbi Ppt Que Vazou Cisco Falsificado Omb Briefing 2008 01 11 A
Fbi Ppt Que Vazou Cisco Falsificado Omb Briefing 2008 01 11 AFbi Ppt Que Vazou Cisco Falsificado Omb Briefing 2008 01 11 A
Fbi Ppt Que Vazou Cisco Falsificado Omb Briefing 2008 01 11 A
 
On April 19, 2011, system administrators at Sonys On April 22, Sony .pdf
On April 19, 2011, system administrators at Sonys On April 22, Sony .pdf On April 19, 2011, system administrators at Sonys On April 22, Sony .pdf
On April 19, 2011, system administrators at Sonys On April 22, Sony .pdf
 
Mobile Security
Mobile SecurityMobile Security
Mobile Security
 
US Foreign Corrupt Practices Act and the Economics of Bribery by @EricPesik
US Foreign Corrupt Practices Act and the Economics of Bribery by @EricPesikUS Foreign Corrupt Practices Act and the Economics of Bribery by @EricPesik
US Foreign Corrupt Practices Act and the Economics of Bribery by @EricPesik
 
Forged authenticity: the case of deepfakes
Forged authenticity: the case of deepfakesForged authenticity: the case of deepfakes
Forged authenticity: the case of deepfakes
 

Mehr von Anchises Moraes

Fatos, mitos e palpites do cenário de segurança pós-pandemia
Fatos, mitos e palpites do cenário de segurança pós-pandemiaFatos, mitos e palpites do cenário de segurança pós-pandemia
Fatos, mitos e palpites do cenário de segurança pós-pandemia
Anchises Moraes
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data Breach
Anchises Moraes
 
Hunting bugs - C0r0n4con
Hunting bugs - C0r0n4conHunting bugs - C0r0n4con
Hunting bugs - C0r0n4con
Anchises Moraes
 
Segurança além do Pentest
Segurança além do PentestSegurança além do Pentest
Segurança além do Pentest
Anchises Moraes
 

Mehr von Anchises Moraes (20)

Post pandemics threat scenario
Post pandemics threat scenarioPost pandemics threat scenario
Post pandemics threat scenario
 
Como se proteger na internet
Como se proteger na internetComo se proteger na internet
Como se proteger na internet
 
Fatos, mitos e palpites do cenário de segurança pós-pandemia
Fatos, mitos e palpites do cenário de segurança pós-pandemiaFatos, mitos e palpites do cenário de segurança pós-pandemia
Fatos, mitos e palpites do cenário de segurança pós-pandemia
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data Breach
 
Vamos caçar bugs!?
Vamos caçar bugs!?Vamos caçar bugs!?
Vamos caçar bugs!?
 
Praticas de gestão de segurança
Praticas de gestão de segurançaPraticas de gestão de segurança
Praticas de gestão de segurança
 
Ciber crime e desafios de segurança durante uma pandemia e home office
Ciber crime e desafios de segurança durante uma pandemia e home officeCiber crime e desafios de segurança durante uma pandemia e home office
Ciber crime e desafios de segurança durante uma pandemia e home office
 
Cyber Cultura em tempos de Coronavírus
Cyber Cultura em tempos de CoronavírusCyber Cultura em tempos de Coronavírus
Cyber Cultura em tempos de Coronavírus
 
Hunting bugs - C0r0n4con
Hunting bugs - C0r0n4conHunting bugs - C0r0n4con
Hunting bugs - C0r0n4con
 
Fintechs e os desafios de segurança
Fintechs e os desafios de segurançaFintechs e os desafios de segurança
Fintechs e os desafios de segurança
 
5 passos para a Lei Geral de Proteção de Dados (LGPD) - CryptoRave 2019
5 passos para a Lei Geral de Proteção de Dados (LGPD) - CryptoRave 20195 passos para a Lei Geral de Proteção de Dados (LGPD) - CryptoRave 2019
5 passos para a Lei Geral de Proteção de Dados (LGPD) - CryptoRave 2019
 
Segurança além do Pentest
Segurança além do PentestSegurança além do Pentest
Segurança além do Pentest
 
Só o Pentest não resolve!
Só o Pentest não resolve!Só o Pentest não resolve!
Só o Pentest não resolve!
 
Carreira em Segurança da Informação
Carreira em Segurança da InformaçãoCarreira em Segurança da Informação
Carreira em Segurança da Informação
 
Carta de oposição ao Sindpd 2018
Carta de oposição ao Sindpd 2018Carta de oposição ao Sindpd 2018
Carta de oposição ao Sindpd 2018
 
Segurança na Internet
Segurança na InternetSegurança na Internet
Segurança na Internet
 
Como se tornar um Jedi na área de Segurança
Como se tornar um Jedi na área de SegurançaComo se tornar um Jedi na área de Segurança
Como se tornar um Jedi na área de Segurança
 
Deep Web e Ciber Crime
Deep Web e Ciber CrimeDeep Web e Ciber Crime
Deep Web e Ciber Crime
 
É possível existir segurança para IoT?
É possível existir segurança para IoT?É possível existir segurança para IoT?
É possível existir segurança para IoT?
 
Hacker Passport Brazil
Hacker Passport BrazilHacker Passport Brazil
Hacker Passport Brazil
 

Kürzlich hochgeladen

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Kürzlich hochgeladen (20)

Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 

IoT Fofoqueiro

Hinweis der Redaktion

  1. Licença: http://creativecommons.org/licenses/by-sa/3.0/
  2. Licença: http://creativecommons.org/licenses/by-sa/3.0/ IoT Fofoqueiro Nossos dispositivos IoT não sabem guardar um segredo! Nesta palestra vamos rever vários casos recentes sobre dispositivos de Internet das Coisas que, deliberadamente ou não, revelavam dados pessoais de seus usuários. A Internet das Coisas (do inglês Internet of Things, ou IoT) está cada vez mais presente em nosso dia-a-dia em dispositivos pessoais, computação vestível, automação residencial, carros inteligentes e muito mais. Conforme eles se proliferam, crescem tambem os casos de exposição de dados pessoais. Nessa apresentaçao vamos rever alguns casos interessantes de dispositivos IoT que não tinham os devidos cuidados com privacidade.
  3. Pic source: https://giphy.com/gifs/iot-V5DdDPEPCd4wo
  4. Pic source: https://giphy.com/gifs/yevbel-1AIhcW1oFvt3TsG2kp
  5. Pic source: https://xkcd.com/1912/
  6. Pic source: https://xkcd.com/1966/
  7. Pic source: https://giphy.com/gifs/seal-mJJczeZNee3uw
  8. Pic source:
  9. Pic sources: https://xkcd.com/54/ https://xkcd.com/987/ https://xkcd.com/1989/ https://xkcd.com/927/ http://mitadmissions.org/blogs/entry/what-if-randall-munroe
  10. https://giphy.com/gifs/alcrego-loop-eternal-yoJC2jbP1b6zgZ63zq
  11. https://www.forbes.com/sites/leoking/2014/07/09/smart-home-these-connected-led-light-bulbs-could-leak-your-wi-fi-password/#2a6554c934d0
  12. Context Information Security found that the LIFX mesh network protocol was largely unencrypted, allowing it to "easily dissect the protocol, crop messages to control the light bulbs and replay arbitrary packet payloads". By monitoring packets from the mesh network when adding new bulbs, it was able to identify those which contained Wi-Fi network credentials: when any new bulbs are added, messages are transmitted from the master bulb containing Wi-Fi details. PIC: https://www.lifx.com
  13. Your TV now watching you too! LG Smart TV caught collecting owners' Habits and USB file names https://thehackernews.com/2013/11/your-tv-now-watching-you-too-lg-smart.html https://doctorbeet.blogspot.com.br/2013/11/lg-smart-tvs-logging-usb-filenames-and.html A UK blogger, developer and Linux enthusiast, known only as DoctorBeet has discovered that LG's smart TVs are sending personal information back to the company's servers about what channels you watch and viewing habits. Actually, LG conducts the data collection for its Smart Ad function, which advertisers can use to see when it is best to target their products at the most suitable audience.
  14. Smart Vacuum Cleaners Making Map Of Your Home — And Wants to Sell It https://thehackernews.com/2017/07/irobot-roomba-vacuums.html
  15. https://giphy.com/gifs/roomba-floof-floofin-hmGQKkNaUIgHS During an interview with Reuters, the CEO of iRobot, the company which manufactured Roomba device, has revealed that the robotic vacuum cleaner also builds a map of your home while cleaning — and is now planning to sell this data to third-party companies.
  16. Hackers Could Turn LG Smart Appliances Into Remote-Controlled Spy Robot https://thehackernews.com/2017/10/smart-iot-device-hacking.html Check Point researchers discovered a security vulnerability in LG SmartThinQ smart home devices that allowed them to hijack internet-connected devices like refrigerators, ovens, dishwashers, air conditioners, dryers, and washing machines manufactured by LG. Hackers could even remotely take control of LG's Hom-Bot, a camera-equipped robotic vacuum cleaner, and access the live video feed to spy on anything in the device's vicinity.
  17. https://www.youtube.com/watch?v=BnAHfZWPaCs
  18. Hackers can hijack Wi-Fi Hello Barbie to spy on your children https://www.theguardian.com/technology/2015/nov/26/hackers-can-hijack-wi-fi-hello-barbie-to-spy-on-your-children Security researcher warns hackers could steal personal information and turn the microphone of the doll into a surveillance device It connects to the internet via Wi-Fi and has a microphone to record children and send that information off to third-parties for processing before responding with natural language responses. But US security researcher Matt Jakubowski discovered that when connected to Wi-Fi the doll was vulnerable to hacking, allowing him easy access to the doll’s system information, account information, stored audio files and direct access to the microphone.
  19. https://www.ebay.com/itm/Hello-Barbie-Doll-/322821871976
  20. Police Ask for Amazon Echo Data to Help Solve a Murder Case https://thehackernews.com/2016/12/amazon-echo-murder.html
  21. Collins died on November 21 last year while visiting the house of Bates, his friend from work, in Bentonville, Arkansas. The next morning, Collins' dead body was discovered in a hot tub, and Bates was charged with first-degree murder. As part of the investigation, authorities seized an Amazon Echo device belonging to Bates, among other internet-connected devices in his home, including a water meter, a Nest thermostat, and a Honeywell alarm system. However, due to its always-on feature, it's usual for The police said they were able to extract data from Echo, though it's uncertain what they were able to uncover and how useful that data would be in their investigation.the Echo to activate by mistake and grab snippets of audio that users may not have known was being recorded. Picture: https://www.amazon.co.uk/Amazon-Echo-2nd-Generation-Charcoal-Fabric/dp/B06Y5ZW72J
  22. Collins died on November 21 last year while visiting the house of Bates, his friend from work, in Bentonville, Arkansas. The next morning, Collins' dead body was discovered in a hot tub, and Bates was charged with first-degree murder. As part of the investigation, authorities seized an Amazon Echo device belonging to Bates, among other internet-connected devices in his home, including a water meter, a Nest thermostat, and a Honeywell alarm system. However, due to its always-on feature, it's usual for The police said they were able to extract data from Echo, though it's uncertain what they were able to uncover and how useful that data would be in their investigation.the Echo to activate by mistake and grab snippets of audio that users may not have known was being recorded.
  23. Court Documents Reveal How Feds Spied On Connected Cars For 15 Years https://thehackernews.com/2017/01/cartapping-connected-cars.html
  24. https://thehackernews.com/2017/01/cartapping-connected-cars.html
  25. https://thehackernews.com/2017/01/cartapping-connected-cars.html
  26. WikiLeaks: The CIA is using popular TVs, smartphones and cars to spy on their owners https://www.washingtonpost.com/news/the-switch/wp/2017/03/07/why-the-cia-is-using-your-tvs-smartphones-and-cars-for-spying/
  27. http://www.wired.co.uk/article/cia-files-wikileaks-vault-7 https://www.nytimes.com/2017/03/07/world/europe/wikileaks-cia-hacking.html
  28. https://www.youtube.com/watch?v=P2_ZWKwM5Bw Published on Mar 9, 2017
  29. Fitness tracking app Strava gives away locate https://www.theguardian.com/world/2018/jan/28/fitness-tracking-app-gives-away-location-of-secret-us-army-baseson of secret US army bases
  30. Sensitive information about the location and staffing of military bases and spy outposts around the world has been revealed by a fitness tracking company. The details were released by Strava in a data visualisation map that shows all the activity tracked by users of its app, which allows people to record their exercise and share it with others. The map, released in November 2017, shows every single activity ever uploaded to Strava – more than 3 trillion individual GPS data points, according to the company. The app can be used on various devices including smartphones and fitness trackers like Fitbit to see popular running routes in major cities, or spot individuals in more remote areas who have unusual exercise patterns.
  31. E aí, eu pergunto....
  32. Fonte: http://giphy.com/gifs/design-tech-dogs-cXJ24Lb6zdk1G
  33. https://www.facebook.com/photo.php?fbid=10102910644965951&set=a.612287952871.2204760.4&type=3&theater https://anchisesbr.blogspot.com.br/2016/06/seguranca-tampem-suas-cameras-e-seus.html https://pt.aliexpress.com/item/Nova-Webcam-Capa-Ultra-Fina-Slide-Tampa-Da-C-mera-Protetor-de-Privacidade-Para-O-Port/32842031705.html https://www.amazon.com/dp/B01LPQJGA2/?coliid=I3IJ8L3Y9LF7N&colid=21MF02T3NN81A&ref_=lv_ov_lig_dp_it&th=1
  34. Fonte: https://thehackernews.com/2016/10/ddos-attack-mirai-iot.html