Presentation is loading. Please wait.

Presentation is loading. Please wait.

The security and vulnerabilities of IoT devices

Published byἩσίοδος Ανδρεάδης Modified over 6 years ago

Similar presentations

Presentation on theme: "The security and vulnerabilities of IoT devices"— Presentation transcript:

1 The security and vulnerabilities of IoT devices
By Marc Seyfang Supervisor: Ben Martini

2 Internet of Things (IoT)
What is IoT? IoT is the name for the inter-connection of devices to networks and the internet, allowing devices to send and receive information from one another. [1]

3 Need For IoT Security IoT devices can contain a lot of sensitive user information Security measures can’t provide complete protection New attack methods can arise that the devices are not protected from

4 The Growth of IoT a

5 Challenges with IoT Security
No standards for IoT hardware and software Manufacturers are relied on for upgraded security and can stop supporting security updates IoT devices can be small, inexpensive Minimum functionality can result in security being a 2nd priority

6 Research Questions/Goals
What are the main cybersecurity vulnerabilities of IoT devices? How can the vulnerabilities of IoT devices be exploited to retrieve sensitive data from the device? What types of sensitive data can be retrieved from IoT devices and how can this information be used when stolen? What are the best ways to improve the security of IoT devices to reduce vulnerabilities in future devices?

7 Similar Research Smart TVs Smart Watches Smart Cars 3D Printers
Read HTTP packets, Access microphone and webcam Smart Watches Access messages, biodata Smart Cars Effect visual displays, Apply the breaks 3D Printers Print jobs sent over network

8 Data Retrieval Methods
Fuzzing Iterative testing to cause errors Spoofing Faking credentials have access permission Editing the devices Firmware/OS Bypass the default software

9 Home Automation Devices in a Home Automation system can include;
smart switches, lights, alarms, door locks, sensors, air conditioners, security cameras Many possible security risks; Remote disable of security cameras or alarm system. Detecting when the user is not home Unlocking electronic locks

10 IoT Security Framework
Provides recommendations for how to secure IoT devices Provides a method to find flaws in devices where they do not meet the frameworks recommendations Generalised security framework could help create standards Must consider all possible IoT network connections

11 IoT Network Connections
IoT devices can have connections to; The Cloud Remote Storage Core Network Standard Routers, Switches Fog Network Local, External Processing

12 Cisco Suggested Framework
Authentication Authorisation Network Enforced Policy Secure Analytics

13 Embedded Security Framework and architecture
Encryption Low power, minimum memory and processing Physical Security Tamper Detection Secure OS Secure Storage

14 Expanding on the Framework
Event Reporting Security Management and Updates Anti-DOS Firewalls

15 Finding Devices Attack Vectors: Wi-Fi, Ethernet, Bluetooth
Difficult to know whether or not a device will be useful to the research Devices containing sensitive information and possible vulnerabilities

16 TP-Link Smart LED Bulb and Smart Plug
Important Feature: Wi-Fi remote control Possible Information: When the devices are on/off When the owner is present

17 TP-Link Wireless Network Camera
Important Features: Wi-Fi remote control Camera Microphone Possible Information: Still images, video and audio files When the owner is present

18 Quicklock Smart Door Lock
Important Feature: Bluetooth remote control Proven Vulnerabilities Possible Outcomes: Obtains Password Can unlock the door

19 Arp Spoofing (Man in the Middle Attack)
Bypass default communication Data first goes to attacker before its destination Attacker records data Using Wireshark

20 Bluetooth Sniffing Pick up and record Bluetooth signals
Transmits Bluetooth signals Replicate the signal sent from the phone to the door lock to unlock it

21 Questions

22 References [1] R. Piyare, “Internet of Things: Ubiquitous Home Control and Monitoring System using Android based Smart Phone”, in International Journal of Internet of Things, Vol. 2 No. 1, 2013, pp Images: Ubertooth/dp/B007R9UPHA 23/references?part=undefined%7Cfig5#fig5 proposed-framework.html b1a85eb67f3df59f3eaf3a3697c03b10 content/uploads/2015/05/originaliot.png

Download ppt "The security and vulnerabilities of IoT devices"

Similar presentations

1 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall.

1 Copyright © 2011 Pearson Education, Inc. Publishing as Prentice Hall.
1 Computer Networks Course: CIS 3003 Fundamental of Information Technology.

1 Computer Networks Course: CIS 3003 Fundamental of Information Technology.
New Data Regulation Law 201 CMR 17.00. TJX Video.

New Data Regulation Law 201 CMR TJX Video.
Android 5.0 “Lollipop” Eric Moore Computer Users Group of Greeley February 14, 2015.

Android 5.0 “Lollipop” Eric Moore Computer Users Group of Greeley February 14, 2015.
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.

1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
Sensors and Actuator Network Based Architectures and Protocols for Smart Homes Bluetooth enabled Smart Home Mark Shaw Giorgio Politano Supervisor: Mieso.

Sensors and Actuator Network Based Architectures and Protocols for Smart Homes Bluetooth enabled Smart Home Mark Shaw Giorgio Politano Supervisor: Mieso.
VPN AND SECURITY FLAWS Rajesh Perumal Clemson University.

VPN AND SECURITY FLAWS Rajesh Perumal Clemson University.
Security Squad Keeping your Equipment and Information Safe Security Squad Keeping your Equipment and Information Safe Security Squad Video Series, Part.

Security Squad Keeping your Equipment and Information Safe Security Squad Keeping your Equipment and Information Safe Security Squad Video Series, Part.
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.

Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.

G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
Computers Are Your Future Tenth Edition Spotlight 3: Home Network Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall1.

Computers Are Your Future Tenth Edition Spotlight 3: Home Network Copyright © 2009 Pearson Education, Inc. Publishing as Prentice Hall1.
CSCI 1033 Computer Hardware Course Overview. Go to www.labsimonline.com, enter 14- 232TA in the “Enter Promotion Code” box on the bottom right corner.

CSCI 1033 Computer Hardware Course Overview. Go to enter TA in the “Enter Promotion Code” box on the bottom right corner.
1 REMOTE CONTROL SYSTEM V7 www.hackingteam.it. 2 Introduction.

1 REMOTE CONTROL SYSTEM V7 2 Introduction.
Engineering Secure Software. Agenda  What is IoT?  Security implications of IoT  IoT Attack Surface Areas  IoT Testing Guidelines  Top IoT Vulnerabilities.

Engineering Secure Software. Agenda  What is IoT?  Security implications of IoT  IoT Attack Surface Areas  IoT Testing Guidelines  Top IoT Vulnerabilities.
https://www.khanacademy.org/computing/computer- science/internet-intro

science/internet-intro
Don’t Log in!. Recap on the previous units I’ve tried to make it as concise as possible but there is a bit of writing, to ensure that you have some notes.

Don’t Log in!. Recap on the previous units I’ve tried to make it as concise as possible but there is a bit of writing, to ensure that you have some notes.
Introduction to Networking. What is a Network? Discuss in groups.

Introduction to Networking. What is a Network? Discuss in groups.
Enw / Name. Advantages and Disadvantages of this type of network Draw / insert a drawing of a RING network What type of network would you recommend a.

Enw / Name. Advantages and Disadvantages of this type of network Draw / insert a drawing of a RING network What type of network would you recommend a.
AUTOMATING HOME SECURITY RYAN C. KRAUSE. BACKGROUND: HOME SECURITY Many providers including, self-building kits ADT, Gaurdian, Xfinity, LifeShield, Protection.

AUTOMATING HOME SECURITY RYAN C. KRAUSE. BACKGROUND: HOME SECURITY Many providers including, self-building kits ADT, Gaurdian, Xfinity, LifeShield, Protection.
Various Features and Services Provided By the SpotCam.

Various Features and Services Provided By the SpotCam.

Similar presentations

Ads by Google