Upload
bogdan-hruban
View
201
Download
3
Embed Size (px)
Citation preview
Bogdan Hruban
IoT devices today & security concerns
Agenda
1 Where/what is IoT?2 What’s happening behind the scenes?3 Example of IoT and security problem
4 How were the devices infected?5 Solutions
6 A&Q
Where/what is IoT?
IoT (Internet of Things) = "the infrastructure of the information society."
(wikipedia)
What’s happening behind the scenes?
● Record data from environment
● Store data locally
● Push the data to “The Cloud” #security
● Update behavior based on “The Could’s” indications #security
Example of IoT and security problem
● DDoS attack of over 650Gb/s on a France datacenter
● Used devices: routers, DVRs, videocams
● Recently focused on Sierra gateways (source)
Infected devices are (most of the time) used as Proxies (source).
How were the devices infected?
● The devices were using firmware dating prior to January 2015.
● The devices were using the default user name and password (see
next slide).
● The devices were exposed to the internet without the protection of
an effective network firewall.
● From Yahoo DB (latest example) - 500 mil accounts
How were the devices infected?
How we end up here?
● IoT doesn't have an IT department
● Updates are hard
● Energy-constrained chips = poor encryption
Solutions?
● Quarantine contact with IoT
● VPN - for encryption ?
● Monitoring the network
● Regulations are catching up
Summary
● IoT is GOOD if used properly● IoT is BAD if security issues are not addressed● The “best” is yet to come
Check & update your home router firmware (and username + password)! (personal use now - DD-WRT)
Questions?