iot security and privacy – sleep-walking into a living nightmare?

Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved. 1

IoT Security and Privacy – Sleep-Walking into a Living Nightmare?

David Rogers, Copper Horse@drogersukIoTEdinburgh

24th March 2016

http://www.mobilephonesecurity.org

Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved.

Who is Connected to the Future Internet?

2

Source: http://cheezburger.com/8068370944

Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved.

Who is Connected to the Future Internet? (2)

3

Source: http://spectrum.ieee.org/computing/embedded-systems/on-the-internet-of-things-nobody-knows-youre-a-dog

Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved.

What is Home Security?

4

Copyright © 2015 Copper Horse Solutions Ltd. All rights reserved. 5

Opening up Access to Who?

From: http://www.independent.co.uk/news/world/americas/hacker-takes-control-of-ohio-couples-baby-monitor-and-screams-bad-things-9296986.html Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved. 6

Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved.

Connected Lightbulbs

7

WiFi password can be extracted – pivot attack

Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved.

Connected Doorbell

8

WiFi password can be extracted – pivot attack / physical access

Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved.

Wireless Burglar Alarm

9

Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved.

Wireless Burglar Alarm Attack

10

Easily subverted by just removing batteries Solution was to reduce alarm alert time to 0 seconds!

– Home owner forced to use key-fob.

https://www.youtube.com/watch?v=WfSDUOBYUFE

Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved.

Samsung SmartThings Vulnerabilities

11

February 2016 – ZigBee flaws highlighted– Open locks by decrypting signals– Jamming– “Insecure rejoin”

There are other issues!

http://www.forbes.com/sites/thomasbrewster/2016/02/17/samsung-smartthings-vulnerabilities/#ed6d54a4e59d

Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved.

Smart TV Vulnerabilities

12

Privacy – voice control Webcams Software update issued

Connected Pets

War Kitteh Denial of Service Dog

Copyright © 2015 Copper Horse Solutions Ltd. All rights reserved. 13

Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved.

Smart Meters

14

ZigBee, GSM – meter reading Profiling

Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved.

Other Devices

15

Radiator and home thermostats Kettles and kitchen appliances Garage door openers / detectors Garden, plant sensors and food dispensers White goods (e.g. washing machines) Etc!

Copyright © 2013 Copper Horse Solutions Ltd. All rights reserved. 16

Counterfeit / Substandard Devices

Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved.

Near Future Devices

17

Amazon Echo - Alexa

Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved. 18

Connected Home Updates?

Samsung Smart TV Privacy Policy

Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved.

221 pages! Plus other Terms, Nuance privacy policy etc.

Plant / Critical Infrastructure

Copyright © 2015 Copper Horse Solutions Ltd. All rights reserved. 20

Automotive (not just cars!)

Copyright © 2015 Copper Horse Solutions Ltd. All rights reserved. 21

Copyright © 2013 Copper Horse Solutions Ltd. All rights reserved. 22

Make it Safe to Connect

https://iotsecurityfoundation.org/

Thanks!

david.rogers [@] copperhorse.co.uk@drogersuk

@copperhorseuk

Copyright © 2016 Copper Horse Solutions Ltd. All rights reserved. 23