the real internet of things: how universal daemonization will change everything
DESCRIPTION
A discussion of what the Internet of Things will really mean for the future.TRANSCRIPT
The Real Internet of ThingsHow universal daemonization will change everything
Daniel Miessler HouSecCon October 2014
Me
- Practice Principal at HP Fortify on Demand- Lead the research and development team - Web and mobile pentesting focus - 15 years in infosec - OWASP project leader (IoT, Mobil…) - danielmiessler.com - @danielmiessler
Common IoT Narrative
Image from navigantresearch.com
- analog things go online - toasters, microwaves, cameras - device to device interaction - your alarm starts your coffee maker - your car opens your garage - a factory floor self-optimizes
Actual IoT
IoT Narrative
Agriculture
Start the press
Industrial
Tubes
IoT
Personal Servers: Julie
Avatars by iconizeme.com
- single - loves coffee - favorite movie: sneakers - went to Aldrin high school - hates sand - dog person - afraid of owls - wishes she was Arya
Everyone will be broadcasting a geo-based daemon
Personal Servers: Chris
Avatars by iconizeme.com
- single - loves coffee - favorite movie: chaos theory - favorite band is Zao - hates sponges - cat person - afraid of owls - has broken 19 bones
Everyone will be broadcasting a geo-based daemon
Personal Servers: Interaction
- single - loves coffee - afraid of owls
The power comes from the continuous interaction between daemons
Personal Assistants
Avatars by iconizeme.com
Siri and Google Now will become integral to our lives
- managing calendar - texting - emailing - finding you movies - picking food for you - filtering mates - parsing daemons
Personal Assistants: Burden--
- single - loves coffee - afraid of owls
We won’t be managing those interactions—our PAs will
Personal Daemons + AssistantsConstant managed interactions between personal daemons
Businesses are people, tooBusinesses will have daemons as well, powerfully extending their functionality
Businesses + RDF = PowerBusinesses will have daemons as well, powerfully extending their functionality
Business Daemon AttributesThink of what a business would want to broadcast in their daemons
Business Daemon AttributesBusinesses will have daemons as well, powerfully extending their functionality
- Menu - Item1 - Item2
- Safety - Allergies - Construction
- Hiring - Openings
- Music - Current - Playlist - Recommend
- Climate - Raise - Lower
- Condiments - Request
Business Daemon InputsEach business will have different types of APIs that are useful for customers
- Menu - Item1 - Item2
- Safety - Allergies - Construction
- Hiring - Openings
- Music - Current - Playlist - Recommend
- Climate - Raise - Lower
- Condiments - Request
Business Daemon APIs Not just read-only
https://stores.bww.api/8941/api/climate
Rich Business API FunctionalityBusinesses will expose powerful functionality that our PAs can manage for us
Sync
1. Personal Daemons broadcast information about us
Sync
1. Personal Daemons broadcast information about us
2. Businesses will have daemons as well
Sync
1. Personal Daemons broadcast information about us
2. Businesses will have daemons as well
3. Our personal assistants will broker on our behalf
Sensors will be on everything…
- Video- Audio- Vibration - Air Quality - Air Pressure - Radiation
- Architect - Built - Materials - Certification - /api/climate - /api/doors - /api/cameras - /api/pool - /api/cameras - /api/windows
House
- Birthday - Gender - Ancestry - Profession - Books - Movies - Education - /api/connect
Human
- Make - Model - VIN - Features - /api/climate - /api/music - /api/voice - /api/video - /api/cameras - /api/sensors
Car
- Brand - Model - Version - Features - /api/battery - /api/video - /api/audio - /api/sensors
Watch
- Type - Age - Planted By - Birthday - /api/status - /api/water - /api/camera
Tree
Baby Clothes
- Video- Audio- Vibration - Air Quality - Air Pressure - Radiation
Furniture
- Video- Audio- Vibration - Air Quality - Air Pressure - Radiation
Park Benches
- Video- Audio- Vibration - Air Quality - Air Pressure - Radiation
- City - Street - Geo - Hours - /api/pay - /api/tickets - /api/camera - /api/sensors
Parking Meter
- Brand - Model - Version - BuildDay - BulbStatus - /api/light - /api/audio - /api/video - /api/air
Lamp
Character Sheet
- Shoes - Pants - Watch - Purse - Total CPU cycles - Total memory - Brands - Year - Season - Gucci - Louboutin
- Owner - Height - Architect - Materials - /api/climate - /api/video - /api/audio - /api/sensors - /api/security
Building
Sensors + Daemon + API
- Video- Audio- Vibration - Air Quality - Air Pressure - Radiation
Ubiquitous Customization
Ubiquitous CustomizationYour business experiences will be customized based on constant PA-to-daemon interaction
/api/purchase
/api/music /api/tv
/api/connect
/api/browse
/api/test
Also, much will be recorded
- Video- Audio- Vibration - Air Quality - Air Pressure - Radiation
“Computer: Show me video of this location between the hours of midnight and 4am.”
Official Investigations
Public access to events
TCP/IP vs. victimUniversal Daemonization
Universal Daemonization
Ubiquitous Customization
Personal AssistantsUniversal
Daemonization
- Everything is an object - Everything has a daemon - Everything has an API
Ok, now what?
Options
What’s the protocol?
- Security? - Privacy?
?
How do we handle auth?
- Owner - Height - Architect - Materials - /api/climate - /api/video - /api/audio - /api/sensors - /api/security
- Google? - Facebook? - Local/State/Federal/Global?
How do we maintain privacy?
- Killswitches? - Do-not-monitor? - Darkzones?
How do we disconnect?
What we're doing
- OWASP Internet of Things Top 10https://www.owasp.org/index.php/OWASP_Internet_of_Things_Top_Ten_Project
- HP FoD Top 10 IoT Device Research Report http://fortifyprotect.com/HP_IoT_Research_Study.pdf
- Offering IoT assessments using the IoT Top 10
What you can do
- Reach out and help on the IoT Top 10 [email protected]
- I am the Cavalry (https://www.iamthecavalry.org)
Wizard Wars
Wizard Warshttp://www.dilbert.com/blog/entry/wizard_wars/
