iot devices today & security concerns
TRANSCRIPT
![Page 1: IoT devices today & security concerns](https://reader035.vdocuments.mx/reader035/viewer/2022062523/5875d9941a28ab8f438b70f7/html5/thumbnails/1.jpg)
Bogdan Hruban
IoT devices today & security concerns
![Page 2: IoT devices today & security concerns](https://reader035.vdocuments.mx/reader035/viewer/2022062523/5875d9941a28ab8f438b70f7/html5/thumbnails/2.jpg)
Agenda
1 Where/what is IoT?2 What’s happening behind the scenes?3 Example of IoT and security problem
4 How were the devices infected?5 Solutions
6 A&Q
![Page 3: IoT devices today & security concerns](https://reader035.vdocuments.mx/reader035/viewer/2022062523/5875d9941a28ab8f438b70f7/html5/thumbnails/3.jpg)
Where/what is IoT?
IoT (Internet of Things) = "the infrastructure of the information society."
(wikipedia)
![Page 4: IoT devices today & security concerns](https://reader035.vdocuments.mx/reader035/viewer/2022062523/5875d9941a28ab8f438b70f7/html5/thumbnails/4.jpg)
What’s happening behind the scenes?
● Record data from environment
● Store data locally
● Push the data to “The Cloud” #security
● Update behavior based on “The Could’s” indications #security
![Page 5: IoT devices today & security concerns](https://reader035.vdocuments.mx/reader035/viewer/2022062523/5875d9941a28ab8f438b70f7/html5/thumbnails/5.jpg)
Example of IoT and security problem
● DDoS attack of over 650Gb/s on a France datacenter
● Used devices: routers, DVRs, videocams
● Recently focused on Sierra gateways (source)
Infected devices are (most of the time) used as Proxies (source).
![Page 6: IoT devices today & security concerns](https://reader035.vdocuments.mx/reader035/viewer/2022062523/5875d9941a28ab8f438b70f7/html5/thumbnails/6.jpg)
How were the devices infected?
● The devices were using firmware dating prior to January 2015.
● The devices were using the default user name and password (see
next slide).
● The devices were exposed to the internet without the protection of
an effective network firewall.
● From Yahoo DB (latest example) - 500 mil accounts
![Page 7: IoT devices today & security concerns](https://reader035.vdocuments.mx/reader035/viewer/2022062523/5875d9941a28ab8f438b70f7/html5/thumbnails/7.jpg)
How were the devices infected?
![Page 8: IoT devices today & security concerns](https://reader035.vdocuments.mx/reader035/viewer/2022062523/5875d9941a28ab8f438b70f7/html5/thumbnails/8.jpg)
How we end up here?
● IoT doesn't have an IT department
● Updates are hard
● Energy-constrained chips = poor encryption
![Page 9: IoT devices today & security concerns](https://reader035.vdocuments.mx/reader035/viewer/2022062523/5875d9941a28ab8f438b70f7/html5/thumbnails/9.jpg)
Solutions?
● Quarantine contact with IoT
● VPN - for encryption ?
● Monitoring the network
● Regulations are catching up
![Page 10: IoT devices today & security concerns](https://reader035.vdocuments.mx/reader035/viewer/2022062523/5875d9941a28ab8f438b70f7/html5/thumbnails/10.jpg)
Summary
● IoT is GOOD if used properly● IoT is BAD if security issues are not addressed● The “best” is yet to come
Check & update your home router firmware (and username + password)! (personal use now - DD-WRT)
![Page 11: IoT devices today & security concerns](https://reader035.vdocuments.mx/reader035/viewer/2022062523/5875d9941a28ab8f438b70f7/html5/thumbnails/11.jpg)
Questions?