Download - Securing Your Wearable Tech Brand
1 Spirent Communications PROPRIETARY AND CONFIDENTIAL
Securing your wearable tech brand
Rahul Gupta – Market segment manager
30th March 2016
Making IoT adoption Simple, Safe & Secure
2 Spirent Communications PROPRIETARY AND CONFIDENTIAL
Internet Of Things (IoT) Challenges
Management & control of remote devices in the field for 10+ years
New security threats, vulnerabilities & attack surfaces
Multiple standards initiatives which lack unification & ratification
Volume/Variety of devices requiring different Testing, Qualification & Quality
New developers who lack expertise in network coms, IP/IT security etc.
Chrysler Jeep hacked
over internet
(July 2015)
Explosion in number of connections & diverse call models to the Network
3 Spirent Communications PROPRIETARY AND CONFIDENTIAL
IoT connectivity
Source : uBlox
4 Spirent Communications
Wearable drone control
Source : Postscapes.com
5 Spirent Communications
Wearable controlled cars
“Volvo owners will be able to talk to their car via their Microsoft Band 2, allowing
them to instruct their vehicle to perform tasks including, setting the navigation,
starting the heater, locking the doors, flashing the lights or sounding the horn via
Volvo’s mobile app Volvo on Call and the connected wearable device”
Source : Trafficsafe.org Jan’16
6 Spirent Communications
7 Spirent Communications
Fitbit user accounts attacked
Source : CNBC Jan’16
The hackers also gained access to Fitbit users' GPS history, "which shows where a
person regularly runs or cycles, as well as data showing what time a person usually
goes to sleep,"
8 Spirent Communications
The smartphone pairing
Hackers can use malicious apps do a variety of things from making phone calls without your permission, sending and
receiving texts and extracting personal information—all potentially without your knowledge. They can also, with the help of
your wearable, track your location through GPS and record any health issues you’ve entered into your wearable. The point
is: once they have permissions to your mobile device, they have a lot of control and a lot of resources.
The hacker can then use this data to conduct varying forms of fraud. Need a special prescription from your doctor that
happens to sell well on the black market? Well, so does the hacker. Going out for a jog in the morning? Good
information for a burglar to know. These personal details just scratch the surface of information available for the taking
on your mobile devices.
9 Spirent Communications
BT & Wi-Fi connections
Bluetooth and Wi-Fi communication between wearable devices and paired smartphones is another area of vulnerability for
enterprise data.
Recently, security firm BitDefender demonstrated that the Bluetooth communication between Android devices and
smartphones could be deciphered using brute-force attacks.
Rather than focusing in on software vulnerabilities, hackers opt for persistent trial and error, trying username and password
combinations until they crack the code and are able to access contents stored on devices.
10 Spirent Communications PROPRIETARY AND CONFIDENTIAL
Increasing use of GPS receivers in IoT applications
Tracking People and Pets (For Health and Safety)
For kids and the elderly
Real-time accurate positions required
Wearable devices required with high-level of accuracy
Monitoring environment
Sensors positioned to monitor air quality, seismic events, etc
May be positioned in GNSS-difficult locations
Important to Test location-aware devices integrating GPS receivers
GPS chipsets have various levels of quality: Accuracy, Precision, Integrity
Errors: Multipath, Atmospheric, RF Interference, System, Timing and more
Ensure your devices are fully tested for GNSS vulnerabilities
11 Spirent Communications PROPRIETARY AND CONFIDENTIAL
Overview of GPS \ GNSS Vulnerabilities
12 Spirent Communications PROPRIETARY AND CONFIDENTIAL
…common problems
Map issues
No position
Sensor fusion
algorithm priorities Multipath errors
Signal selection Poor performance
in city
High errors
Wrong time
Antenna problems
Errors indoors?
Position jumps Interference
13 Spirent Communications
GPS Disruption – Real atmospheric events
UK June 2015
Reports that some GPS receivers were affected by at least one (of the two) solar weather events experienced in June 2015 (mid-level solar flare)
USA December 2006
Solar radio bursts during December 2006 were sufficiently intense to be measurable with GPS receivers. This event was about 10 times larger than any previously reported event. The strength of the event was especially surprising since the solar radio bursts occurred near solar minimum. Civilian dual frequency GPS receivers were the most severely affected
15 Spirent Communications
• Michael Robinson – DEFCON 23, August 2015
• Demonstrated effect of disrupted (jammed)
GPS Signal on a drone…
• Drone reverted to Non-GPS flying mode but before it did….
• …Video feed started to jitter and video feeds were tagged as “unstable”
• Video synch required precise timing
from GPS
GPS jamming – unexpected behaviour
GPS Interference can cause unexpected behaviour in an unprotected
system
16 Spirent Communications
GPS Spoofing demonstrated at Hacker’s convention
DEFCON 23, Las Vegas…
Huang and Yang spoof a drone’s GPS co-ordinates
The drone is geo-fenced and cannot fly in a forbidden area….
But with spoofed co-ordinates it can!
17 Spirent Communications
Availability of hacking tools
Goo Buy – China
Feb 2016….
Amazon Japan
Store Feb 2015… Cheap Jammers now available from
mainstream internet stores worldwide
Amazon UK Store
Dec 2015….
Unknown, USA
18 Spirent Communications
• Low-cost Software Defined Radio boards are easy to
procure – not designed for “Reverse Radio Hacking” but
ideally suited as a platform to do this
• Used with Open Source Code - readily available on the
internet for–
• GPS transmitter (spoofer or repeater)
• GPS Receiver (legitimate)
• Previous attempts at GPS spoofing have all used more
expensive custom hardware.
Generating replica GNSS signals
19 Spirent Communications
How are GPS \ GNSS threats evolving?
Information Security categories apply to GNSS situation (Source: SANS Institute)
Unstructured Hacker
Structured Hacker
Organised crime/industrial espionage
Insider
Unfunded terrorist group
Funded terrorist group
Nation State
GNSS threat evolution has strong parallels with evolution of Information Security threats (Theunissen, 2014)
Currently no “responsible disclosure” for GNSS threats and vulnerabilities
Lik
ely
Severi
ty
of
impact
Low
Very High
20 Spirent Communications PROPRIETARY AND CONFIDENTIAL
IoT GPS \ GNSS Cyber Security
Risk Assessment
Test vs threats
Implement mitigation strategy
Use the most appropriate and cost
effective improvement areas…..
Detection and
characterisation of
environment
21 Spirent Communications PROPRIETARY AND CONFIDENTIAL
IoT Security Testing
• Compliance level scans (i.e. OWASP, SANS 20)
• Attack surface and connectivity testing
• Stack hardening (Fuzzing)
• Malware testing
• Penetration (PEN) testing
• Privacy data testing
• Blended volumetric attack testing (i.e. multiple
DDoS)
• Load & stress testing
• Security audits (Ethical Hacking)
• Horizontal & vertical privilege escalations
• Static code analysis
Spirent Cyber Security Test Services
Lab testing
Live testing
Remote testing
Field testing
22 Spirent Communications PROPRIETARY AND CONFIDENTIAL
Customer Challenges and Our Solutions
Develop
IoT Devices & Applications
Operate & Optimize
IoT Networks & Applications Customer
Challenges
Our
Solutions
Simple
developers
test tools
Embedded
software to
speed
development
Embedded
software to
facilitate
connection &
configuration
Tests &
services to
quickly
qualify
devices &
applications
Analytics to
detect
performance
& security
issues
23 Spirent Communications PROPRIETARY AND CONFIDENTIAL
IoT Community & IoT SLAM
Internet of Things Community: virtual worldwide community (Spirent is founder member & chair)
• Hosted via social business network “LinkedIn”
• Over ~11,500 members
• Environment for collaboration, sharing & influence
• Holds virtual & in-person events/forums
http://iotslam.com/
24 Spirent Communications PROPRIETARY AND CONFIDENTIAL
© Spirent Communications, Inc. All of the company names and/or brand names and/or product names and/or logos referred to in this document, in particular the name
“Spirent” and its logo device, are either registered trademarks or trademarks pending registration in accordance with relevant national laws. All rights reserved.
Specifications subject to change without notice.
spirent.com
Thank you
• Join the GNSS Vulnerabilities group on LinkedIn to find out
more about GNSS jamming and spoofing and join the discussion