Presentation is loading. Please wait.

Presentation is loading. Please wait.

Weaponizing IoT Ted Harrington Executive Partner

Published byBernard Daniels Modified over 5 years ago

Similar presentations

Presentation on theme: "Weaponizing IoT Ted Harrington Executive Partner"— Presentation transcript:

1 Weaponizing IoT Ted Harrington Executive Partner
SBX2-W2 Weaponizing IoT Ted Harrington Executive Partner Independent Security Evaluators (ISE) @ISESecurity

2 Weaponize wep-uh-nahyz
1) To convert to use as a weapon 2) To supply or equip with weapons Purpose of this slide is to define the key title term and overall presentation theme. Set the groundwork for the disucssion about how IoT can and is weaponized. Rest of the presentation ties back to this concept.

3 Agenda Overview Common IoT exploits Case Study Victim Chain Prophecies
Recommendations

4 Overview Purpose of this slide is to establish credibility and set context. Very briefly introduce ISE’s research contributions, in particular as it pertains to IoT via IoT Village

5 Overview Purpose of this slide is to introduce IoT Village, from which data and other themes are extracted in support of the argument made during the rest of this presentation. Mention here that IoT Village is why RSA has asked us to organize IoT Sandbox

6 Trends & Data

7 IoT Security Trends August 2015 – Present: 113 new 0-days
50 device types 39 manufacturers Discuss metrics in order to analyze an quantify the scope of the IoT security problem

8 Common IoT Security Flaws
2016 2017 Denial of Service Lack of Encryption Key Exposure Privilege Escalation Remote Code Execution Backdoors Runs as Root All of the previous!! PLUS: Buffer Overflow Command Injection Session Management Etc etc etc Describe that things are trending worse, not better. Outline the types of issues relevant to IoT, setting up for a deeper dive into some of the more significant items

9 Exploit Analysis

10 Key Exposure Define what this vulnerability means, how it generally works in the context of IoT, and extrapolate the significance.

11 Remote Code Execution Define what this vulnerability means, how it generally works in the context of IoT, and extrapolate the significance.

12 Command Injection Define what this vulnerability means, how it generally works in the context of IoT, and extrapolate the significance.

13 Case Study: Mirai Botnet
Advance the talk now from the generalized concepts discussed previously to a real-world, high profile incident

14 Mirai Botnet Give context and background, for those who might be unfamiliar with the Mirai botnet story

15 Mirai Botnet Break down the attack anatomy

16 Mirai Botnet Break down the attack anatomy

17 WHO CARES?! Score some cheap laughs, then really ask the question. Set up for a discussion of who the victims are and why they might (or might not) care, and how that motivation would dictate whether the problem gets solved

18 Victim Chain Discuss each victim type, what they care about, and how that impacts the ultimate victim

19 Where do we go from here?

20 Recommendations Threat Modeling Secure Design Principles
Adversarial Perspective Self-regulate Talk through each recommendation, one by one

21 Prophecies It will get worse before it gets better
The 10/16/16 event was covering something larger A person(s) will get hurt physically

22 Apply Consider motivation Think like the attacker
Adhere to secure design principles

23 Thank You!

Download ppt "Weaponizing IoT Ted Harrington Executive Partner"

Similar presentations

Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,

Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,
Literature Review and Parts of Proposal

Literature Review and Parts of Proposal
Advanced Business Communication Spring 2012. Advanced Business Communication Spring 2012 Introduction Our last project for the class is a recommendation.

Advanced Business Communication Spring Advanced Business Communication Spring 2012 Introduction Our last project for the class is a recommendation.
A Framework for Automated Web Application Security Evaluation

A Framework for Automated Web Application Security Evaluation
1 How to 0wn the Internet in Your Spare Time Authors: Stuart Staniford, Vern Paxson, Nicholas Weaver Publication: Usenix Security Symposium, 2002 Presenter:

1 How to 0wn the Internet in Your Spare Time Authors: Stuart Staniford, Vern Paxson, Nicholas Weaver Publication: Usenix Security Symposium, 2002 Presenter:
MOD 6050 PROJECT MANAGEMENT AND FUND RAISING TOPIC – PROPOSAL WRITING AND FUNDRAISING (WK 6 &8) LECTURER: DR. G. O. K’AOL.

MOD 6050 PROJECT MANAGEMENT AND FUND RAISING TOPIC – PROPOSAL WRITING AND FUNDRAISING (WK 6 &8) LECTURER: DR. G. O. K’AOL.
What is exactly Exploit writing?  Writing a piece of code which is capable of exploit the vulnerability in the target software.

What is exactly Exploit writing?  Writing a piece of code which is capable of exploit the vulnerability in the target software.
FFIEC Cyber Security Assessment Tool

FFIEC Cyber Security Assessment Tool
Introductions and Conclusions CSCI102 - Systems ITCS905 - Systems MCS9102 - Systems.

Introductions and Conclusions CSCI102 - Systems ITCS905 - Systems MCS Systems.
Information Security - 2. A Stack Frame. Pushed to stack on function CALL The return address is copied to the CPU Instruction Pointer when the function.

Information Security - 2. A Stack Frame. Pushed to stack on function CALL The return address is copied to the CPU Instruction Pointer when the function.
VISUAL ANALYTICS SYSTEMS IN THE WILD Presented by: SDS235: Visual Analytics – Fall 2015.

VISUAL ANALYTICS SYSTEMS IN THE WILD Presented by: SDS235: Visual Analytics – Fall 2015.
IS3220 Information Technology Infrastructure Security

IS3220 Information Technology Infrastructure Security
Academic Writing Fatima AlShaikh. A duty that you are assigned to perform or a task that is assigned or undertaken. For example: Research papers (most.

Academic Writing Fatima AlShaikh. A duty that you are assigned to perform or a task that is assigned or undertaken. For example: Research papers (most.
Objective: Today we will describe consequences of war. 8.10.6 Describe critical developments and events in the war, including the major battles,geographical.

Objective: Today we will describe consequences of war Describe critical developments and events in the war, including the major battles,geographical.
Lecture 14 Page 1 CS 236 Online Secure Programming CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Lecture 14 Page 1 CS 236 Online Secure Programming CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Writing up your thesis - when writing up your thesis you should keep in mind at all times that a good thesis: 1. has question(s) underpinning the whole.

Writing up your thesis - when writing up your thesis you should keep in mind at all times that a good thesis: 1. has question(s) underpinning the whole.
How to Write a Book Review. Before You Begin Remember, there is no right way to write a book review. Book reviews are highly personal and reflect the.

How to Write a Book Review. Before You Begin Remember, there is no right way to write a book review. Book reviews are highly personal and reflect the.
WP2: Security aware low power IoT Processor

WP2: Security aware low power IoT Processor
New Employee Orientation

New Employee Orientation
Thinking through initial ideas

Thinking through initial ideas

Similar presentations

Ads by Google