the internet of things (iot) what does it have to do with ......feb 01, 2017 · should we be...
Post on 07-Aug-2020
0 Views
Preview:
TRANSCRIPT
The Internet of Things (IoT)What Does It Have To Do With Transit?
Abraham KololliUtah Transit Authority
1
DefenseInDepth
2
NetworkDefenseSystem
3
6,535 57916,537
69,164
33,444
130,124
14,665
88,371
159,560
143,388112,000
189,085
114,4372,615,730
2,331,591
2,133,881
5,127,047
3,142,792
6,413,998
4,788,055
5,908,155
7,328,903
13,136,336
8,492,025
17,315,17715,584,168
279,753 265,132 256,430 290,483 292,164 312,773 302,588 308,170 320,222 308,353 296,470 287,397 287,666
0
20,000
40,000
60,000
80,000
100,000
120,000
140,000
160,000
180,000
200,000
10,000
100,000
1,000,000
10,000,000
100,000,000
Dec-15 Jan-16 Feb-16 Mar-16 Apr-16 May-16 Jun-16 Jul-16 Aug-16 Sep-16 Oct-16 Nov-16 Dec-16
Num
berofVira
lEmailsBlocked
Num
bero
fMessages
InboundEmailfromProofpointTrendDecember2016
MsgswithViruses SpamMsgs TotalForwardedMsgs4
MaliciousWebSites/Links/iFrames, 10,717
SuspiciousContent, 4,078
ProxyAvoidance, 221
PhishingandOtherFrauds, 56
Peer-to-PeerFileSharing, 3
UnauthorizedMobileMarketplaces, 3
BotNetworks, 2
MaliciousActivityHitsBlocked
December2016
5
6
7
8
9
10
11
TheIOTisgoingtobebig(Howbig?Nobodyknows…)
28.1BILLION“UNITS”IN2020
$7.1TRILLIONGLOBALSOLUTIONREVENUESBY2020
Source:IDC,May2014
26BILLION“UNITS”BY2020
$300BILLIONSERVICESREVENUES
IN2020
$1.9TRILLIONGLOBALECONOMIC
VALUEIN2020Source:Gartner,March2014
25BILLIONM2M“CONNECTIONS”
BY2022
$1.2TRILLIONGLOBALOPPORTUNIY
BY2022
OFWHICH
2.6BILLIONARECELLULAR
Source:MachinaResearch,January2013
12
WhereisIoT?It’sEverywhere!
Smart Appliances
Healthcare
Wearable Tech
13
TheConnectedWorldofIoT
SmartschoolsSmartvehicles Smarthomes
SmarthealthcareSmartwearablesSmartphones
14
DoWeHaveIoT inTransit?
FuelingSystemBuildingManagementSystemHVAC&TemperatureSensorsSurveillanceCamerasSignalSystemPassengerSignsSprinklerSystemsSnowMeltSystemsElectronicFareReadersTicketVendingMachinesAndMANYMore!
15
ShouldWeBeConcernedAboutIoT?
• It’s just another desktop/laptop/computer, right?
• Imagine your network with many more computers that you
don’t manage or even know they exist.
• All of the same issues we have with access control, vulnerability
management, patching, monitoring, etc.
• Any compromised device is an attack vector on the network
16
Why Attack IoT? Easy Target? (Naahhh!)
• Default, weak, and hardcoded credentials
• Difficult to update firmware and OS• Lack of vendor support for repairing vulnerabilities
• Vulnerable web interfaces (SQL injection, XSS)
• Coding errors (buffer overflow)
• Clear text protocols and unnecessary open ports• DoS / DDoS
• Physical theft and tampering17
IoT GetAttacked,DoWeCare?
• SendSpam(InternalUsersorEvenWorse,toExternalUsers).
• ServeaMalware• CoordinateanAttackAgainstaCriticalInfrastructure
• WorkasanEntryPointtoLaunchAnotherAttack
18
ThereGoesTheGoodOleDays!
19
SoftwareDefinedRadios– SDR(Hacker’sHeaven)
• UsesanIntegratedCircuittocontroltheradio• Controlsaverywiderangeoffreqs• Runsonacomputerusingopensourcesoftware(GNU-Radio,WINSDR,HackRF,RTLSDRandmanymore)
• SoftwaredecodesRFmessagesonthefly(wealthofinformation)• UsesreadilyavailableLayer1hardwaretoTX&RXinmanyfreqs• Capture,modify,rebroadcast,analyze,impersonate,jam
20
AvailableonAmazonandeBay($20-$350)
21
IoT Networks(Wired&Wireless)
InsteonYardStick One(RFCat)Shipley’sInsteonrf
SamsungSmartThingsSimplySafeUsesHomeID &NodeIDYardStick One(RFCat)Scapy-Radio and EZWave
Z-WaveDeveloperKit
22
References
23
TraditionalInteractionBetweenITandControlSystems
CoreIT
Zone
IoTControlZone
24
CoreIT
Zone
IoTControlZone
ITtoIotManagementZone
DesignaFrameworkwithInteractionandCommunicationinMind
Finalthoughts
• Securityismorethanjustbunchofeventsthathappen
• Securityfailuresareseldomtheresultofoneerror,theyareacollectionoferrorsovertime
• Mostofthetimeswehavegooddays,butforgettonoticethecloudsonthehorizon
• Enoughcloudspileup,andyouhaveabadday….26
Questions?
27
top related