Embed Size (px)
Citation preview
Internet věcí a jeho potenciální bezpečnostní rizika
By the end of the decade, everyone on Earth will be connected.
Google chairman Eric Schmidt
What are those things?
Obvious ones
– Mobiles, Tablets, Laptops, Watches, cameras, Hi-Fi, TV, Cars etc
Ones which people don't think of
– Servers, routers, gadgets, different type of sensors etc
M2M
And now what about a security?
Everything that can be connected to the Internet can be hacked.
Poorly designed or implemented systems could expose serious vulnerabilities that attackers can exploit.
Obvious ones
Mobiles, Tablets, Laptops, Watches, Cars etc
- Lack of privacy policies
- Unintentional data leakage
- Transmission of tracking and personal data in clear text
Ones which people don't think of
Routers, servers, sensors, gadgets etc
- Tons of known vulnerabilities
- People dont care about security of third parties
Self tracking phenomenon
The self-tracking craze is causing an explosion of personal data to be generated, transmitted, and stored about ourselves.
Issues? Sensitive data even though you think they are not.
Why those data are interested for attackers?
Monetization
- Direct marketing
- Social statistics
- Thefts
Blackmailing
Three main problems
On the device (storage)
- Lost of device, Poor apps
In transit (transmission)
- Wifi, BT, Internet, Protocols, traffic
In the cloud (storage)
- Data breaches
On-device risks
Scope of risk: One user affected
Lost of device
Poor Apps
Social Engineering
What can I do about?
As user:
AntiTheft, Encryption, Passwords
As developer:
Dont use other apps to login in my own app. eg. Facebook, G+ etc
Transmission risks
Scope of risk: One user or limited number
Wi-Fi, BT, NFC
Private data
Low level encryption
Traffic sniffing
Man-in-the-middle and redirection attacks
Common router problems
- Remote management over the Internet
- Default IP range
- Forget to log out
- WPS
- (Wi-Fi Protected Setup)
- Password
- Up-To-Date
DNS Hijack
What can I do about?
As user:
VPN, user trusted connection only
As developer:
Encryption standards, Own services
Cloud storage risks
Scope of risk: Data about all users
Whole ecosystem can be compromised
- SQL injection
- Bruteforce attack
- Vulnerability attacks
What can I do about?
As user:
Not much maybe Passwords
As developer:
Ownership, Authentication, authorization, and access control
