The security and vulnerabilities of IoT devices

Slides:

Advertisements

Similar presentations

1 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall.

Advertisements

1 Computer Networks Course: CIS 3003 Fundamental of Information Technology.

New Data Regulation Law 201 CMR TJX Video.

Android 5.0 “Lollipop” Eric Moore Computer Users Group of Greeley February 14, 2015.

1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.

Sensors and Actuator Network Based Architectures and Protocols for Smart Homes Bluetooth enabled Smart Home Mark Shaw Giorgio Politano Supervisor: Mieso.

VPN AND SECURITY FLAWS Rajesh Perumal Clemson University.

Security Squad Keeping your Equipment and Information Safe Security Squad Keeping your Equipment and Information Safe Security Squad Video Series, Part.

Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.

G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.

Computers Are Your Future Tenth Edition Spotlight 3: Home Network Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall1.

CSCI 1033 Computer Hardware Course Overview. Go to enter TA in the “Enter Promotion Code” box on the bottom right corner.

1 REMOTE CONTROL SYSTEM V7 2 Introduction.

Engineering Secure Software. Agenda  What is IoT?  Security implications of IoT  IoT Attack Surface Areas  IoT Testing Guidelines  Top IoT Vulnerabilities.

science/internet-intro

Don’t Log in!. Recap on the previous units I’ve tried to make it as concise as possible but there is a bit of writing, to ensure that you have some notes.

Introduction to Networking. What is a Network? Discuss in groups.

Enw / Name. Advantages and Disadvantages of this type of network Draw / insert a drawing of a RING network What type of network would you recommend a.

AUTOMATING HOME SECURITY RYAN C. KRAUSE. BACKGROUND: HOME SECURITY Many providers including, self-building kits ADT, Gaurdian, Xfinity, LifeShield, Protection.

Various Features and Services Provided By the SpotCam.

1.4 wired and wireless networks lesson 1

THE DIGITAL JOURNEY What IP means for technology enabled care

chownIoT Secure Handling of Smart Home IoT Devices Ownership Change

IP Camera and Doorbell Camera

Koji Nakao, Dai Arisue NICT, Japan

Networks and Communication

Internet of Things (IoT)

Smart Retail Digital Store.

Networks and effects of using them

Configure Instruction

Networking and Health Information Exchange

Security and Smart Home Devices: How Safe Is Your Home?

Internet-of-somewhat-dubious-Things

Wireless Network Security

OTA & IoT A Shared & Collaborative Responsibility 24 October 2017

Security of Mobile Operating Systems

GCSE ICT Revision Topic 2: Connectivity.

Answer the questions to reveal the blocks and guess the picture.

Chapter 2: Basic Switching Concepts and Configuration

Chapter 1: Exploring the Network

The Making of a Smart Home

SMART BUILDING WITH INDOOR NAVIGATION SYSTEM -using iot

Operating Systems What are they and why do we need them?

Wireless Fidelity (15881A0515).

Internet of Things

Cybersecurity Concepts for Engineers

Internet of Things (IoT)

Internet of Things Vulnerabilities

Smart University utilising the concept of the Internet of Things (IoT) Simon Downes BSc MBCS Carlene Campbell March 2018.

Topic 5: Communication and the Internet

Chapter 6 Networks Communicating and Sharing Resources

NETWORK RESILIENCE WORKGROUP

The Internet of Unsecure Things

Computer networking In this section of notes you will learn the rudiments of networking, the components of a network and how to secure a network.

Securing the Internet of Things: Key Insights and Best Practices Across the Industry Theresa Bui Revon IoT Cloud Strategy.

Data integrity and security

Unit 11- Computer Networks

Chapter 3: Protecting Your Data and Privacy

Lecture 3: Secure Network Architecture

Protocols 2 Key Revision Points.

Network and security trends in connected cars

Protocol Application TCP/IP Layer Model

Security in mobile technologies

Computer Networks Lesson 2.

G061 - Network Security.

Computer Security Damian Gordon.

IoT: Privacy and Security

Introduction to Networking Security

Villas, appartments, residence

Presentation transcript:

The security and vulnerabilities of IoT devices By Marc Seyfang Supervisor: Ben Martini

Internet of Things (IoT) What is IoT? IoT is the name for the inter-connection of devices to networks and the internet, allowing devices to send and receive information from one another. [1]

Need For IoT Security IoT devices can contain a lot of sensitive user information Security measures can’t provide complete protection New attack methods can arise that the devices are not protected from

The Growth of IoT a

Challenges with IoT Security No standards for IoT hardware and software Manufacturers are relied on for upgraded security and can stop supporting security updates IoT devices can be small, inexpensive Minimum functionality can result in security being a 2nd priority

Research Questions/Goals What are the main cybersecurity vulnerabilities of IoT devices? How can the vulnerabilities of IoT devices be exploited to retrieve sensitive data from the device? What types of sensitive data can be retrieved from IoT devices and how can this information be used when stolen? What are the best ways to improve the security of IoT devices to reduce vulnerabilities in future devices?

Similar Research Smart TVs Smart Watches Smart Cars 3D Printers Read HTTP packets, Access microphone and webcam Smart Watches Access messages, biodata Smart Cars Effect visual displays, Apply the breaks 3D Printers Print jobs sent over network

Data Retrieval Methods Fuzzing Iterative testing to cause errors Spoofing Faking credentials have access permission Editing the devices Firmware/OS Bypass the default software

Home Automation Devices in a Home Automation system can include; smart switches, lights, alarms, door locks, sensors, air conditioners, security cameras Many possible security risks; Remote disable of security cameras or alarm system. Detecting when the user is not home Unlocking electronic locks

IoT Security Framework Provides recommendations for how to secure IoT devices Provides a method to find flaws in devices where they do not meet the frameworks recommendations Generalised security framework could help create standards Must consider all possible IoT network connections

IoT Network Connections IoT devices can have connections to; The Cloud Remote Storage Core Network Standard Routers, Switches Fog Network Local, External Processing

Cisco Suggested Framework Authentication Authorisation Network Enforced Policy Secure Analytics

Embedded Security Framework and architecture Encryption Low power, minimum memory and processing Physical Security Tamper Detection Secure OS Secure Storage

Expanding on the Framework Event Reporting Security Management and Updates Anti-DOS Firewalls

Finding Devices Attack Vectors: Wi-Fi, Ethernet, Bluetooth Difficult to know whether or not a device will be useful to the research Devices containing sensitive information and possible vulnerabilities

TP-Link Smart LED Bulb and Smart Plug Important Feature: Wi-Fi remote control Possible Information: When the devices are on/off When the owner is present

TP-Link Wireless Network Camera Important Features: Wi-Fi remote control Camera Microphone Possible Information: Still images, video and audio files When the owner is present

Quicklock Smart Door Lock Important Feature: Bluetooth remote control Proven Vulnerabilities Possible Outcomes: Obtains Password Can unlock the door

Arp Spoofing (Man in the Middle Attack) Bypass default communication Data first goes to attacker before its destination Attacker records data Using Wireshark

Bluetooth Sniffing Pick up and record Bluetooth signals Transmits Bluetooth signals Replicate the signal sent from the phone to the door lock to unlock it

Questions

References [1] R. Piyare, “Internet of Things: Ubiquitous Home Control and Monitoring System using Android based Smart Phone”, in International Journal of Internet of Things, Vol. 2 No. 1, 2013, pp. 5-11. Images: https://www.amazon.com/Great-Scott-Gadgets-WRL-10573- Ubertooth/dp/B007R9UPHA http://ieeexplore.ieee.org.access.library.unisa.edu.au/document/59409 23/references?part=undefined%7Cfig5#fig5 https://www.cisco.com/c/en/us/about/security-center/secure-iot- proposed-framework.html https://pixabay.com/en/question-mark-question-response-1019820/ http://www.tp-link.com.au/products/details/cat-19_NC200.html http://www.tp-link.com.au/products/details/cat-5258_HS100.html http://www.tp-link.com.au/products/details/cat-5609_LB100.html https://qph.ec.quoracdn.net/main-qimg- b1a85eb67f3df59f3eaf3a3697c03b10 https://www.thequicklock.com/gallery-doorlock.php http://electronicsofthings.com/wp- content/uploads/2015/05/originaliot.png