Internet of Things(IoT):The Next Cyber Security Target By Praveen Kumar Gandi Head Information Security Services ClicTest firstname.lastname@example.org Disclaimer: The images used in this presentation belong to their respective copyright holders and are used for educational purposes only. All other rights are reserved.
Evolution of Internet of Things “MACHINE TO MACHINE” “HUMAN TO HUMAN” “SOCIAL MEDIA” “WWW” “WEB 2.0” • Identification, tracking, monitoring, metering …. • Semantically structured and shared data … • Fixed & • mobile telephony • SMS • E-mail • Information • Entertainment • E-productivity • E-commerce • … • Skype • Facebook • YouTube • Twitter • …. + Smart networks + Smart IT platforms & services + Smart Phones & applications + Smart Devices, objects & tags + Smart Data & ambient context
Importance of Internet of Things • According to Gartner's analysis, there will be nearly 26 billion devices on the Internet of Things by 2020. • As per ABI Research, an estimation of more than 30 billion devices will be wirelessly connected to Internet of Things. • And as per the MarketsandMarkets Analysis, the estimated revenue generated on these smart product sales by 2016 will be $1 Trillion. Source: Cisco
Internet of Things(IoT) • Originally, The Internet of Things (IoT) refers to “the interconnection of uniquely identifiable embedded computing devices within the existing Internet infrastructure”. • As the technology advances, the term Internet of Things(IoT) denotes to “Advanced connectivity of devices, systems, and services that goes beyond machine-to-machine communications (M2M) and covers a variety of protocols, domains, and applications”. Source: http://en.wikipedia.org/wiki/Internet_of_Things
Internet of Things(IoT) • The IoT represents an evolution of future as many physical devices communicate with each other everyday through internet and identify themselves with other devices. • The other technologies like RFID, Sensor technologies, Wireless technologies, etc. will also be used as method of communication.
IPV6 • Inexpensive and Powerful Hardware • Inexpensive and High Speed Connection Internet Evolution • Big Data and Cloud
Do you know? • The First IOT device is Internet Coke Machine at Carnegie Mellon University introduced in the year 1982”.
How IoT works? Source: Securing the IoT World by Aaron Guzman
Smart Lights can be Hacked • Unsecure communication between bridge and application • Vulnerability in smart bulb makes home black out by security researcher • Fixed in Latest Version
Vulnerabilities in IoT Devices • Due to improper security model implementation and unsecure communication between the device and application. • Any device on the same Wi-Fi network can command or control these devices.
How far IoT can be hacked? Remember “Fire Sale” in Die Hard 4.0
Hurdles Securing the IoT • There is no consistent or official software update process or mechanism • There is little or no understanding of the cyber threats embedded in their systems • There is lack of accountability for device security • Improper configuration or purpose-built features that equate to security flaws • Data privacy
Securing the IoT • Keep your Software/firmware Updated • Ensure that connectivity is Secure. eg: Two Factor Authentication
Securing the IoT • Secure the location of the data being reported by IoT-linked devices. • Encrypt the System. eg: Two-Person Controls
Securing the IoT • Ensure Supply Chain Security. Prevention of counterfeit hardware by procedures to certify manufacturers’ supply chain processes to prevent the introduction of malicious code. • Support IoT security. We must support regulation that requires that IoT devices meet security standards, just as we require standards for our electrical devices with UL approval requirements.
Securing the IoT • Use out of band (OOB) systems – closed systems (intranets) that are not open to the public. The Defence Department uses IoT linked devices, but they are mainly out of reach from hackers because they are OOB. Defence weapons systems and even sensor-wearing soldiers report critical status information to centralized control centres that feed decision makers. While less vulnerable to being hacked, these OOB systems are subject to insider attacks.
Securing the IoT • Support Standardization. Eg: OWASP Source: IoT-Attack-Surfaces-Defcon-2015
Securing the IoT • Stay informed. National Institute of Standards and Technology and Federal Guidance such as Federal Information Processing Standards (FIPS) address critical steps that are needed to secure and protect information and critical systems.
Thank You ! Praveen Kumar G Head Information Security Services |ClicTest E-mail: email@example.com