Presentation is loading. Please wait.

Presentation is loading. Please wait.

IoT security is a nightmare. But what is the real risk?

Published byCory O’Brien’ Modified over 7 years ago

Similar presentations

Presentation on theme: "IoT security is a nightmare. But what is the real risk?"— Presentation transcript:

1 IoT security is a nightmare. But what is the real risk?
HWSW 2016 Uring my presentation, I will scare you how vulnerable your home is

2 whoami Zoltán Balázs

3 whoami

4 Examples of terrible home IoT devices
IP Camera Router Baby monitor Smart home NAS Smart cars

5 Mandatory Shodan slide

6 Assumptions For the next ~5-10 years, assume The question is
Your IoT device has horrible security holes It won’t receive any patches, ever The question is Now what????

7 IoT Security Excuses a.k.a #YOLOSEC

8 I am safe, I changed all IoT passwords
12345 ? That's amazing, I have the same combination on my luggage!

9 I am safe, I changed all IoT passwords
Vulnerabilities bypassing password protection Memory corruption issues (BoF, Format string, …) CSRF (later) Backdoor accounts Lack of brute-force protection

10 I am safe, I regularly patch all of my IoT devices

11 I am safe, I regularly patch all of my IoT devices
Patches are late by years Most IoT devices do not get a patch, EVER

12 Problems with direct IPv4 connection
If your IoT device has an Internet routable IPv4 address, without any firewall port filtering Just prepare for apocalypse Seriously, don’t do that CCTV is OCTV today

13 Problems with direct IPv4 connection
“These devices will show up on #Shodan like a hooker on a highway“

14 Mirai Telnet passwords
root xc3511 root vizxv root admin admin admin root root xmhdipc root default root juantech root root support support root (none) admin password root root root 12345 user user admin (none) root pass admin admin1234 root 1111 admin smcadmin admin 1111 root root password root 1234 root klv123 Administrator admin service service supervisor supervisor guest guest guest admin1 password administrator ubnt ubnt root klv1234 root Zte521 root hi3518 root jvbzd root anko root zlxx. root 7ujMko0vizxv root 7ujMko0admin root system root ikwb root dreambox root user root realtek root admin admin 1234 admin admin admin admin 7ujMko0admin admin pass admin meinsm tech tech mother fucker

15 The IoT device is only available in a closed network

16 The IoT device is only available in a closed network
(•_•) <) )╯What / \ \(•_•) ( (> The <) )> fuck were you thinking???

17 The device is only exposed in my area Physically nearby to open WiFi

18 The device is only exposed in my area Physically nearby to open WiFi

19 I am safe, home network, behind NAT

20 I am safe, home network, behind NAT
Think again UPNP IPv6 Teredo Cloud

21 UPnP

22 IPv6

23 Teredo in practice According to a study by Arbor Networks, the 2008 adoption of IPv6 by µTorrent caused a 15-fold increase in IPv6 traffic across the Internet over a ten-month period.

24 IP camera cloud hack

25 IP camera cloud hack This research is work in progress
Lot of stuff to fine-tune, research The camera has an Android/iOS app The app can connect to the IP camera even when it is behind NAT, no port forward But how???

26

27 I am safe, none of these apply, my home network is Sup3rFirewalled
We will build a great wall along the network perimeter and the customer will pay for the wall!

28 I am safe, none of these apply, my home network is Sup3rFirewalled

29 I am safe, I changed the network range from default (192.168.0.0/24)

30 I am safe, I changed the network range from default (192.168.0.0/24)
WebRTC (Web Real-Time Communication) is an API definition … that supports browser-to-browser applications for voice calling, video calling, and P2P file sharing … WebRTC + STUN Natively supported in Chrome (2012) Firefox (2013) Opera 18 (2013) Edge 21 (2015) Blackberry Not in Safari, mobile Chrome, IE

31 References, interesting links
Best IoT Talk ever! 115 batshit stupid things you can put on the internet in as fast as I can go by Dan Tentler

32

33 Hack the planet! One computer at a time …
Twitter Thx to Attila Bartfai for the conversation starter JumpESPJump.blogspot.com

Download ppt "IoT security is a nightmare. But what is the real risk?"

Similar presentations

1 Conference Etiquette 1 Video Attendees: - Please mute your microphones until you are ready to ask a question. On Site Attendees: - Please mute your cell.

1 Conference Etiquette 1 Video Attendees: - Please mute your microphones until you are ready to ask a question. On Site Attendees: - Please mute your cell.
Bring Your Own Device This is a boring PowerPoint, but an exciting new opportunity!

Bring Your Own Device This is a boring PowerPoint, but an exciting new opportunity!
WEB CONNECT FOR EASYNVR : 2015. WEB CONNECT INCREASES YOUR PROFITABILITY BY REDUCING INSTALLATION LABOR COSTS WHILE SIMULTANEOUSLY CREATING NEW REVENUE.

WEB CONNECT FOR EASYNVR : WEB CONNECT INCREASES YOUR PROFITABILITY BY REDUCING INSTALLATION LABOR COSTS WHILE SIMULTANEOUSLY CREATING NEW REVENUE.
Enabling IPv6 in Corporate Intranet Networks

Enabling IPv6 in Corporate Intranet Networks
Chapter 7 Securing your Wireless Network (WIFI). Synopsis What is a wireless home network? What damage can a wireless network snoop do? Who are the snoopers?

Chapter 7 Securing your Wireless Network (WIFI). Synopsis What is a wireless home network? What damage can a wireless network snoop do? Who are the snoopers?
Chapter 6 Network Address Translation (NAT). Network Address Translation  Modification of source or destination IP address  Needed by networks using.

Chapter 6 Network Address Translation (NAT). Network Address Translation  Modification of source or destination IP address  Needed by networks using.
Part of the BRE Trust Protecting People, Property and the Planet Smart Buildings and Security: Developing a unified approach Will Lloyd BRE Global Limited,

Part of the BRE Trust Protecting People, Property and the Planet Smart Buildings and Security: Developing a unified approach Will Lloyd BRE Global Limited,
Www.planet.com.tw View IP camera over NAT network CVPP/CVPL Configuration Internet Surveillance Cam Viewer Plus Copyright © PLANET Technology Corporation.

View IP camera over NAT network CVPP/CVPL Configuration Internet Surveillance Cam Viewer Plus Copyright © PLANET Technology Corporation.
Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.

Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.
Securing a Wireless Network

Securing a Wireless Network
Firewalls CS158B Don Tran. What is a Firewall? A firewall can be a program or a device that controls access to a network.

Firewalls CS158B Don Tran. What is a Firewall? A firewall can be a program or a device that controls access to a network.
Day15 IP Space/Setup. IP Suite of protocols –TCP –UDP –ICMP –GRE… Gives us many benefits –Routing of packets over internet –Fragmentation/Reassembly of.

Day15 IP Space/Setup. IP Suite of protocols –TCP –UDP –ICMP –GRE… Gives us many benefits –Routing of packets over internet –Fragmentation/Reassembly of.
Hafez Barghouthi. Model for Network Access Security (our concern) Patrick BoursAuthentication Course 2007/20082.

Hafez Barghouthi. Model for Network Access Security (our concern) Patrick BoursAuthentication Course 2007/20082.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
AIS, 20141 Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
Network Components: Assignment Three

Network Components: Assignment Three
CTSP TRAINING Router 101 And Networking Basics. You Don’t Need Internet Access to Run or Connect your devices to an Ethernet switch or Router Enable DHCP.

CTSP TRAINING Router 101 And Networking Basics. You Don’t Need Internet Access to Run or Connect your devices to an Ethernet switch or Router Enable DHCP.
WIRELESS IN YOUR LIBRARY The Anatomy of a Library Communications Network.

WIRELESS IN YOUR LIBRARY The Anatomy of a Library Communications Network.
0Gold 11 0Gold 11 LapLink Gold 11 Firewall Service How Connections are Created A Detailed Overview for the IT Manager.

0Gold 11 0Gold 11 LapLink Gold 11 Firewall Service How Connections are Created A Detailed Overview for the IT Manager.
Secure Wireless Home Networks Area 2 SIR Presentation Nov. 18, 2004 Dean Steichen Br. 8.

Secure Wireless Home Networks Area 2 SIR Presentation Nov. 18, 2004 Dean Steichen Br. 8.

Similar presentations

Ads by Google