Bogdan Hruban

IoT devices today & security concerns

Agenda

1 Where/what is IoT?2 What’s happening behind the scenes?3 Example of IoT and security problem

4 How were the devices infected?5 Solutions

6 A&Q

Where/what is IoT?

IoT (Internet of Things) = "the infrastructure of the information society."

(wikipedia)

What’s happening behind the scenes?

● Record data from environment

● Store data locally

● Push the data to “The Cloud” #security

● Update behavior based on “The Could’s” indications #security

Example of IoT and security problem

● DDoS attack of over 650Gb/s on a France datacenter

● Used devices: routers, DVRs, videocams

● Recently focused on Sierra gateways (source)

Infected devices are (most of the time) used as Proxies (source).

How were the devices infected?

● The devices were using firmware dating prior to January 2015.

● The devices were using the default user name and password (see

next slide).

● The devices were exposed to the internet without the protection of

an effective network firewall.

● From Yahoo DB (latest example) - 500 mil accounts

How were the devices infected?

How we end up here?

● IoT doesn't have an IT department

● Updates are hard

● Energy-constrained chips = poor encryption

Solutions?

● Quarantine contact with IoT

● VPN - for encryption ?

● Monitoring the network

● Regulations are catching up

Summary

● IoT is GOOD if used properly● IoT is BAD if security issues are not addressed● The “best” is yet to come

Check & update your home router firmware (and username + password)! (personal use now - DD-WRT)

Questions?