Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data security in iot devices

Published byNicholas Abreu Palmeira Modified over 6 years ago

Similar presentations

Presentation on theme: "Data security in iot devices"— Presentation transcript:

1 Data security in iot devices
Aj DeTorrice

2 What is an “iot” device? An IoT device refers to the vastly expanding network of internet connected devices other than laptops, desktops, and smartphones. Researchers estimate that by 2020 there will be more than 26 times more connected IoT devices than people on Earth.

3 Why is security an issue?
Security costs money Many IoT device manufacturers are willing to cut corners on security to meet budget requirements for a project Many of these devices are constrained in terms of memory, storage, and processing – making encryption-heavy security approaches harder to implement These devices often control critical devices such as smoke detectors and door locks

4 A real issue: smart cars
In 2015, security researchers successfully hacked into a 2014 Jeep Cherokee and were able to turn the steering wheel, disable the breaks, and shut down the engine. Used Uconnect as an attack vector

5 Why are IOT devices targeted?
Always on – IoT devices are rarely turned off Many manufacturers shy away from security in favor of usability IoT devices aren’t checked on by users – “setup and forget” There are millions of them – this allows for a significant amount of DDoS traffic from these devices Users don’t interact with their devices actively – less likely to notice a hijacker

6 Mirai botnet In 2016, Mirai was used to take down Dyn, a dns provider for several hours – blocking many popular sites such as Twitter, Netflix, and Reddit from end users – over 1Tbps Simple to gain access to these IoT devices – many have default username/password combinations

7 Mirai botnet overview Brute forces its way into poorly configured IoT devices Upon gaining a shell, forwards to the report server Via the C&C server, the controller can authorize a download of the malicious binary After executing the malware, the controller can use the C&C server to attack a target server

8 Vulnerabilities extend to “home security” devices
Opticam i5 – had hardcoded passwords for both the web UI and the built in FTP server ASL-01 smartlocks – guest access can be used to get irrevocable admin access If someone bought a used smartlock, the previous owner or guest of a previous owner can unlock it “75% (of the locks tested) could be hacked relatively easily, and one reported to have great security could actually be broken into with a screwdriver”

9 Replay attacks Many IoT devices do use encryption, but fail to discard keys. When an encrypted signal is sent to the device, an attacker can listen in and record said signal, then replay it back to the device to gain access.

10

11 How can users secure their own devices?
If possible, change passwords from their default Don’t allow these devices on a network with important systems/files Don’t use these devices

Download ppt "Data security in iot devices"

Similar presentations

Securing A Wireless Home Network. Wireless Facts Range about 50 - 200 feet from access point Security anyone can eavesdrop on an unsecured wireless network.

Securing A Wireless Home Network. Wireless Facts Range about feet from access point Security anyone can eavesdrop on an unsecured wireless network.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Secure SharePoint mobile connectivity

Secure SharePoint mobile connectivity
Guanjong High School Group 2. Physical Network Access Security Getting into a network closet could easily allow someone to disable computers and connect.

Guanjong High School Group 2. Physical Network Access Security Getting into a network closet could easily allow someone to disable computers and connect.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Wireless Security Focus on Encryption Steps to secure a Wi-Fi Network.

Wireless Security Focus on Encryption Steps to secure a Wi-Fi Network.
Securing a Wireless Network

Securing a Wireless Network
Threats to I.T Internet security By Cameron Mundy.

Threats to I.T Internet security By Cameron Mundy.
CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.

CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
 Security and Smartphones By Parker Moore. The Smartphone Takeover  Half of mobile phone subscribers in the United States have a smartphone.  An estimated.

 Security and Smartphones By Parker Moore. The Smartphone Takeover  Half of mobile phone subscribers in the United States have a smartphone.  An estimated.
CTSP TRAINING Router 101 And Networking Basics. You Don’t Need Internet Access to Run or Connect your devices to an Ethernet switch or Router Enable DHCP.

CTSP TRAINING Router 101 And Networking Basics. You Don’t Need Internet Access to Run or Connect your devices to an Ethernet switch or Router Enable DHCP.
1 Chapter Overview Configuring Account Policies Configuring User Rights Configuring Security Options Configuring Internet Options.

1 Chapter Overview Configuring Account Policies Configuring User Rights Configuring Security Options Configuring Internet Options.
Malicious Attacks By: Albert, Alex, Andon, Ben, Robert.

Malicious Attacks By: Albert, Alex, Andon, Ben, Robert.
Convenience product security Collin Busch. What is a convenience product? A convenience product is a device or application that makes your life easier.

Convenience product security Collin Busch. What is a convenience product? A convenience product is a device or application that makes your life easier.
Engineering Secure Software. Agenda  What is IoT?  Security implications of IoT  IoT Attack Surface Areas  IoT Testing Guidelines  Top IoT Vulnerabilities.

Engineering Secure Software. Agenda  What is IoT?  Security implications of IoT  IoT Attack Surface Areas  IoT Testing Guidelines  Top IoT Vulnerabilities.
Computer Security By Duncan Hall.

Computer Security By Duncan Hall.
Securing A Wireless Home Network. Simple home wired LAN.

Securing A Wireless Home Network. Simple home wired LAN.
Databases Kevin Wright Ben Bruckner Group 40. Outline Background Vulnerabilities Log File Cleaning This Lab.

Databases Kevin Wright Ben Bruckner Group 40. Outline Background Vulnerabilities Log File Cleaning This Lab.
Cybersecurity Test Review Introduction to Digital Technology.

Cybersecurity Test Review Introduction to Digital Technology.

Similar presentations

Ads by Google