IoT Security - Preparing for the Worst
Download as PPTX, PDF3 likes303 views
This document discusses security issues related to the Internet of Things (IoT). It begins with an introduction to IoT, noting the exponential growth in connected devices. It then outlines common threats to IoT systems, including attacks aimed at devices, networks, and cloud infrastructure. Specific examples like the Mirai botnet and attacks on Ukrainian power grids are examined. The presentation concludes with recommendations for improving IoT security, such as understanding system architectures, implementing policies, and regularly monitoring networks.
More Related Content
What's hot (20)
Similar to IoT Security - Preparing for the Worst (20)
More from Satria Ady Pradana (20)
Recently uploaded (20)
IoT Security - Preparing for the Worst
- 2. FIRSTUP CONSULTANTS 2 ABOUT ME xathrya @xathrya Hi! Satria Ady Pradana • Cyber Security Consultant of Mitra Integrasi Informatika • Penetration Tester, Red Team • IoT / OT Cyber Security Special Interest Group • Community Leader of Reversing.ID • Love Low-Level Stuffs xathrya
- 3. FIRSTUP CONSULTANTS AGENDA IoT Security : Preparing for the Worst • Introduction to IoT • Trends and Forecasting • Threats against IoT • Prepare for Defense 3
- 5. Exponential IoT Growth Source: Gartner IoT, PC and Mobile device forecast 2015 5 PC’s & Mobile Devices IoT Devices Took 25 years to get to 10 Billion devices* Will take only 5 years to get to 30 Billion devices* Reference acronym glossary at the end of presentation
- 6. 6 IoT – Where Are They? Source: Intel
- 7. IoT+ Industry4.0 … and security as integral part of system 7
- 9. FIRSTUP CONSULTANTS UNIFICATION OF TECHNOLOGY 9 • Digitalization and connection of all actors in the value process. • Cyber-physical systems monitor the physical process of the factory and make decentralized decisions. • Cyber-physical systems are intelligent • Logistics units are communicating with each other. • Use data to make predictive, corrective, adaptive decision to improve efficiency. CONNECTIVITY ANALYTICS SECURITY
- 10. • Nodes • Edge Gateway • Cloud Gateway • Data storage • Analytics • User business
- 12. Attackingthe “Invisible” How devices are targeted to gain desired access to organization. 12
- 13. DISASTROUS Cause irreversible damage DISRUPTIVE Disrupt operational processes. DAMAGING Enable information stealing Danger Classification
- 14. Security Issues Authentication: how to prove identities claimed by devices or users? Authorization: what set of actions a user can do? Update: how do we upgrade the system or part of it? communication: ◦ how do we ensure no one can read or modify the messages? ◦ how do we detect and response to disruption the communication channel? Data: how do we ensure the generated data are valid?
- 15. FIRSTUP CONSULTANTS ATTACK ON IOT 15 Things Network Compute
- 16. FIRSTUP CONSULTANTS ATTACK: THE THINGS Get the Machine • Change behavior • Take over • Disable 16 GOAL
- 17. FIRSTUP CONSULTANTS ATTACK: THE THINGS Get the Machine • Exploitation (memory corruption, race condition, etc.) • Injection (command or telemetry) • Code Rewrite (firmware replace or downgrade) • Side-Channel (timing, hardware glitching, power analysis) • Hardcoded secret 17 TECHNIQUE
- 18. FIRSTUP CONSULTANTS 18 ATTACK: THE NETWORK GOAL Disrupt communication Analysis TECHNIQUE • Replay attack • Spoofing • Packet Tampering • Jamming or Flooding • Protocol Specific exploitation
- 19. ATTACK: THE COMPUTE GOAL • Take over • Data Exfiltration • Data Modification TECHNIQUE • Injection (command, query, telemetry) • Broken Session • Data poisoning 19
- 21. FIRSTUP CONSULTANTS If you know the enemy and know yourself, you need not fear the result of a hundred battles… -- Sun Tzu, The Art of War 21 STUDY CASES
- 22. 22 Mirai Botnet Mirai used in DynDNS attack on ~450K devices involved. 2 11/1/2016 Targeting connected devices to launch largest DDoS attack, disrupting internet. 2016
- 23. Cyber Attack on Ukrainian Power Grid 2015 Employing sophisticated malware – BlackEnergy3 Attack on power grid regions: • Intruded and damaged SCADA system hosts and workstations • Seized control at HM level, blindsided system dispatchers • Opened substation breakers cutting power to 225,000 customers • Initiated DDoS attack on call centers to prevent users reporting outages.
- 24. Cyber Attack on Ukrainian Power Grid Attacks launched within 30 minutes of each other More than 50 substations had breakers remotely opened ◦ Step 1 of the 2 steps of Aurora (Step 2 is remotely reclosing the breakers out-of- phase with the grid) Local operators were locked out of their own workstations Attackers changed passwords for key systems Attackers corrupted firmware of serial-to-Ethernet converters requiring replacement RTU with Windows HMI card overwritten by Killdisk UPS devices used to impact restoration
- 26. Checklist • Understand what you have deployed, what is interconnected, and what is connected to the internet • Discover, Classify, and Assess devices on the network • Scan the network periodically and monitor to identify anomalous network behavior. • Review the design, implementation, and maintenance of overall plant architecture. • Implement policies and act accordingly
- 27. THANKYOU Satria Ady Pradana +62 89 774 239 35 [email protected] @xathrya (telegram) Cyber Sec
Editor's Notes
- #9: Features: Get the current condition of machine Detect anomaly of production machine Coordinated goods transporting between warehouse and machine. Results: Predict machine wear off
- #14: Function failure -> can happen to any system. Failure can lead to danger. What if the failure can be intentionally triggered?