1. 1Spirent Communications PROPRIETARY AND CONFIDENTIAL Securing your wearable tech brand Rahul Gupta Market segment manager 30th March 2016 Making IoT adoption Simple, Safe & Secure
2. 2Spirent Communications PROPRIETARY AND CONFIDENTIAL Internet Of Things (IoT) Challenges Management & control of remote devices in the field for 10+ years New security threats, vulnerabilities & attack surfaces Multiple standards initiatives which lack unification & ratification Volume/Variety of devices requiring different Testing, Qualification & Quality New developers who lack expertise in network coms, IP/IT security etc. Chrysler Jeep hacked over internet (July 2015) Explosion in number of connections & diverse call models to the Network
4. 4Spirent Communications Wearable drone control Source : Postscapes.com
5. 5Spirent Communications Wearable controlled cars Volvo owners will be able to talk to their car via their Microsoft Band 2, allowing them to instruct their vehicle to perform tasks including, setting the navigation, starting the heater, locking the doors, flashing the lights or sounding the horn via Volvos mobile app Volvo on Call and the connected wearable device Source : Trafficsafe.org Jan16
6. 6Spirent Communications
7. 7Spirent Communications Fitbit user accounts attacked Source : CNBC Jan16 The hackers also gained access to Fitbit users' GPS history, "which shows where a person regularly runs or cycles, as well as data showing what time a person usually goes to sleep,"
8. 8Spirent Communications The smartphone pairing Hackers can use malicious apps do a variety of things from making phone calls without your permission, sending and receiving texts and extracting personal informationall potentially without your knowledge. They can also, with the help of your wearable, track your location through GPS and record any health issues youve entered into your wearable. The point is: once they have permissions to your mobile device, they have a lot of control and a lot of resources. The hacker can then use this data to conduct varying forms of fraud. Need a special prescription from your doctor that happens to sell well on the black market? Well, so does the hacker. Going out for a jog in the morning? Good information for a burglar to know. These personal details just scratch the surface of information available for the taking on your mobile devices.
9. 9Spirent Communications BT & Wi-Fi connections Bluetooth and Wi-Fi communication between wearable devices and paired smartphones is another area of vulnerability for enterprise data. Recently, security firm BitDefender demonstrated that the Bluetooth communication between Android devices and smartphones could be deciphered using brute-force attacks. Rather than focusing in on software vulnerabilities, hackers opt for persistent trial and error, trying username and password combinations until they crack the code and are able to access contents stored on devices.
10. 10Spirent Communications PROPRIETARY AND CONFIDENTIAL Increasing use of GPS receivers in IoT applications Tracking People and Pets (For Health and Safety) For kids and the elderly Real-time accurate positions required Wearable devices required with high-level of accuracy Monitoring environment Sensors positioned to monitor air quality, seismic events, etc May be positioned in GNSS-difficult locations Important to Test location-aware devices integrating GPS receivers GPS chipsets have various levels of quality: Accuracy, Precision, Integrity Errors: Multipath, Atmospheric, RF Interference, System, Timing and more Ensure your devices are fully tested for GNSS vulnerabilities
11. 11Spirent Communications PROPRIETARY AND CONFIDENTIAL Overview of GPSGNSS Vulnerabilities
12. 12Spirent Communications PROPRIETARY AND CONFIDENTIAL common problems Map issues No position Sensor fusion algorithm prioritiesMultipath errors Signal selectionPoor performance in city High errors Wrong time Antenna problems Errors indoors? Position jumps Interference
13. 13Spirent Communications GPS Disruption Real atmospheric events UK June 2015 Reports that some GPS receivers were affected by at least one (of the two) solar weather events experienced in June 2015 (mid-level solar flare) USA December 2006 Solar radio bursts during December 2006 were sufficiently intense to be measurable with GPS receivers. This event was about 10 times larger than any previously reported event. The strength of the event was especially surprising since the solar radio bursts occurred near solar minimum. Civilian dual frequency GPS receivers were the most severely affected
14. 15Spirent Communications Michael Robinson DEFCON 23, August 2015 Demonstrated effect of disrupted (jammed) GPS Signal on a drone Drone reverted to Non-GPS flying mode but before it did. Video feed started to jitter and video feeds were tagged as unstable Video synch required precise timing from GPS GPS jamming unexpected behaviour GPS Interference can cause unexpected behaviour in an unprotected system
15. 16Spirent Communications GPS Spoofing demonstrated at Hackers convention DEFCON 23, Las Vegas Huang and Yang spoof a drones GPS co-ordinates The drone is geo-fenced and cannot fly in a forbidden area. But with spoofed co-ordinates it can!
16. 17Spirent Communications Availability of hacking tools Goo Buy China Feb 2016. Amazon Japan Store Feb 2015 Cheap Jammers now available from mainstream internet stores worldwide Amazon UK Store Dec 2015. Unknown, USA
17. 18Spirent Communications Low-cost Software Defined Radio boards are easy to procure not designed for Reverse Radio Hacking but ideally suited as a platform to do this Used with Open Source Code - readily available on the internet for GPS transmitter (spoofer or repeater) GPS Receiver (legitimate) Previous attempts at GPS spoofing have all used more expensive custom hardware. Generating replica GNSS signals
18. 19Spirent Communications How are GPSGNSS threats evolving? Information Security categories apply to GNSS situation (Source: SANS Institute) Unstructured Hacker Structured Hacker Organised crime/industrial espionage Insider Unfunded terrorist group Funded terrorist group Nation State GNSS threat evolution has strong parallels with evolution of Information Security threats (Theunissen, 2014) Currently no responsible disclosure for GNSS threats and vulnerabilities LikelySeverity ofimpact Low Very High
19. 20Spirent Communications PROPRIETARY AND CONFIDENTIAL IoT GPSGNSS Cyber Security Risk Assessment Test vs threats Implement mitigation strategy Use the most appropriate and cost effective improvement areas.. Detection and characterisation of environment
20. 21Spirent Communications PROPRIETARY AND CONFIDENTIAL IoT Security Testing Compliance level scans (i.e. OWASP, SANS 20) Attack surface and connectivity testing Stack hardening (Fuzzing) Malware testing Penetration (PEN) testing Privacy data testing Blended volumetric attack testing (i.e. multiple DDoS) Load & stress testing Security audits (Ethical Hacking) Horizontal & vertical privilege escalations Static code analysis Spirent Cyber Security Test Services Lab testing Live testing Remote testing Field testing
21. 22Spirent Communications PROPRIETARY AND CONFIDENTIAL Customer Challenges and Our Solutions Develop IoT Devices & Applications Operate & Optimize IoT Networks & Applications Customer Challenges Our Solutions Simple developers test tools Embedded software to speed development Embedded software to facilitate connection & configuration Tests & services to quickly qualify devices & applications Analytics to detect performance & security issues
22. 23Spirent Communications PROPRIETARY AND CONFIDENTIAL IoT Community & IoT SLAM Internet of Things Community: virtual worldwide community (Spirent is founder member & chair) Hosted via social business network LinkedIn Over ~11,500 members Environment for collaboration, sharing & influence Holds virtual & in-person events/forums http://iotslam.com/
23. 24Spirent Communications PROPRIETARY AND CONFIDENTIAL Spirent Communications, Inc. All of the company names and/or brand names and/or product names and/or logos referred to in this document, in particular the name Spirent and its logo device, are either registered trademarks or trademarks pending registration in accordance with relevant national laws. All rights reserved. spirent.com Thank you Join the GNSS Vulnerabilities group on LinkedIn to find out more about GNSS jamming and spoofing and join the discussion