Internet of Things(IoT):The Next Cyber Security Target

Praveen Kumar GandiHead Information Security ServicesClicTestpraveen.g@clictest.com

By

Disclaimer: The images used in this presentation belong to their respective copyright holders and are used for educational purposes only. All other rights are reserved.

Pre-Internet

Internet of CONTENT

Internet of SERVICES

Internet of PEOPLE

Internet of THINGS

“HUMAN TO

HUMAN”“WWW” “WEB 2.0” “SOCIAL

MEDIA”

“MACHINE TO MACHINE”

• Fixed & mobile telephony• SMS

• E-mail• Information• Entertainment

• E-productivity• E-commerce• …

• Skype• Facebook• YouTube• Twitter• ….

• Identification, tracking, monitoring, metering ….• Semantically structured and shared data …

+ Smartnetworks

+ SmartIT platforms & services

+ SmartPhones & applications

+ SmartDevices, objects & tags

+ SmartData & ambient context

Evolution of Internet of Things

• According to Gartner's analysis, there will be nearly 26 billion devices on the Internet of Things by 2020.

• As per ABI Research, an estimation of more than 30 billion devices will be wirelessly connected to Internet of Things.

• And as per the MarketsandMarkets Analysis, the estimated revenue generated on these smart product sales by 2016 will be $1 Trillion.

Importance of Internet of Things

Source: Cisco

Internet of Things(IoT)• Originally, The Internet of Things (IoT) refers

to “the interconnection of uniquely identifiable embedded computing devices within the existing Internet infrastructure”.

• As the technology advances, the term Internet of Things(IoT) denotes to “Advanced connectivity of devices, systems, and services that goes beyond machine-to-machine communications (M2M) and covers a variety of protocols, domains, and applications”.

Source: http://en.wikipedia.org/wiki/Internet_of_Things

Internet of Things(IoT)

• The IoT represents an evolution of future as many physical devices communicate with each other everyday through internet and identify themselves with other devices.

• The other technologies like RFID, Sensor technologies, Wireless technologies, etc. will also be used as method of communication.

IPV6

Inexpensive and High Speed Connection

Big Data and

Cloud

Inexpensive and Powerful Hardware

Internet Evolution

Source:Cisco

Types of Internet of Things

Information Technology

• PCs• Servers• Virtualization• Routers• Switches

Personal Technology

• Tablets• Smart phones• Smart watches• Home energy• Home entertainment• Home control• Medical implants• Medical wearables

Operational Technology

• Industrial Control Systems(ICS)

• Supervisory control and data acquisition

• Medical machines• Kiosks• Manufacturing• Cloud service

infrastructure• Environmental

Monitoring

Do you know?

• The First IOT device is Internet Coke Machine at Carnegie Mellon University introduced in the year 1982”.

Internet of Things In Everyday Life

Internet of Things in Homes(Smart Homes)

How IoT works?

Source: Securing the IoT World by Aaron Guzman

Are Internet of Things Secure?

Smart Cars got pwned!!

Smart Lights can be Hacked

• Unsecure communication between bridge and application

•Vulnerability in smart bulb makes home black out by security researcher

•Fixed in Latest Version

Vulnerabilities in IoT Devices• Due to improper security model implementation and unsecure communication between the device and application. • Any device on the same Wi-Fi network can command or control these devices.

How far IoT can be hacked?

Remember “Fire Sale” in Die Hard 4.0

Hurdles Securing the IoT• There is no consistent or

official software update process or mechanism

• There is little or no understanding of the cyber threats embedded in their systems

• There is lack of accountability for device security

• Improper configuration or purpose-built features that equate to security flaws

• Data privacy

Securing the IoT

• Keep your Software/firmware Updated

• Ensure that connectivity is Secure. eg: Two Factor Authentication

• Secure the location of the data being reported by IoT-linked devices.

• Encrypt the System.eg: Two-Person Controls

Securing the IoT

• Ensure Supply Chain Security. Prevention of counterfeit hardware by procedures to certify manufacturers’ supply chain processes to prevent the introduction of malicious code.

• Support IoT security. We must support regulation that requires that IoT devices meet security standards, just as we require standards for our electrical devices with UL approval requirements.

Securing the IoT

• Use out of band (OOB) systems – closed systems (intranets) that are not open to the public.

The Defence Department uses IoT linked devices, but they are mainly out of reach from hackers because they are OOB. Defence weapons systems and even sensor-wearing soldiers report critical status information to centralized control centres that feed decision makers. While less vulnerable to being hacked, these OOB systems are subject to insider attacks.

Securing the IoT

• Support Standardization. Eg: OWASP

Securing the IoT

Source: IoT-Attack-Surfaces-Defcon-2015

Securing the IoT

• Stay informed. National Institute of Standards and Technology and Federal Guidance such as Federal Information Processing Standards (FIPS) address critical steps that are needed to secure and protect information and critical systems.

Thank You !

Praveen Kumar G

Head Information Security Services |ClicTest

E-mail: praveen.g@clictest.com