Security testing the Internet-of-things

Similar documents

VoIP Security How to prevent eavesdropping on VoIP conversa8ons. Dmitry Dessiatnikov

Alexander Polyakov CTO ERPScan

NSA/DHS Centers of Academic Excellence for Information Assurance/Cyber Defense

M2M & Cybersecurity Workshop TIA 2013 M2M Standards and Security. Mihai Voicu CIO/CSO ILS Technology LLC

CHANCES AND RISKS FOR SECURITY IN MULTICORE PROCESSORS

Multi-vendor Penetration Testing in the Advanced Metering Infrastructure: Future Challenges

Automotive Ethernet Security Testing. Alon Regev and Abhijit Lahiri

PCI Security Standards Council

External Supplier Control Requirements

Mobile Applica,on and BYOD (Bring Your Own Device) Security Implica,ons to Your Business. Dmitry Dessiatnikov

Network Security. Computer Security & Forensics. Security in Compu5ng, Chapter 7. l Network Defences. l Firewalls. l Demilitarised Zones

Top 10 most interes.ng SAP vulnerabili.es and a9acks

Discovering passwords in the memory

Securing the Internet of Things: Mapping Attack Surface Areas Using the OWASP IoT Top 10

3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management

Improving SCADA Control Systems Security with Software Vulnerability Analysis

IoT Potential Risks and Challenges

Lecture Embedded System Security A. R. Darmstadt, Introduction Mobile Security

You don t hear me but your phone s voice interface does. José LOPES ESTEVES & Chaouki KASMI

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

The Internet of Things: 4 security dimensions of smart devices

IoT Cloud, All Seen Alliance. Masanari Arai 荒井真成 CEO, Kii Corpora0on

Defending Against Web App A0acks Using ModSecurity. Jason Wood Principal Security Consultant Secure Ideas

IT Change Management Process Training

Broadcasting your attack: Security testing DAB radio in cars

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities

Passing PCI Compliance How to Address the Application Security Mandates

Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars

CMSC 421, Operating Systems. Fall Security. URL: Dr. Kalpakis

Main Research Gaps in Cyber Security

Mobile NFC 101. Presenter: Nick von Dadelszen Date: 31st August 2012 Company: Lateral Security (IT) Services Limited

PERDIX: A FRAMEWORK FOR REALTIME BEHAVIORAL EVALUATION OF SECURITY THREATS IN CLOUD COMPUTING ENVIRONMENT

Integrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com

PREVENTING ZERO-DAY ATTACKS IN MOBILE DEVICES

FINAL DoIT v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES

Goals. Understanding security testing

Monitoring mobile communication network, how does it work? How to prevent such thing about that?

Hacking cars in the style of Stuxnet

Data Security Concerns for the Electric Grid

How To Attack A Key Card With A Keycard With A Car Key (For A Car)

Hacking Database for Owning your Data

Vulnerability Assessment and Penetration Testing

How To Protect Virtualized Data From Security Threats

IT Networking and Security

Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them

BlackBerry 10.3 Work and Personal Corporate

Taxonomic Modeling of Security Threats in Software Defined Networking

Vulnerabilities in SOHO VoIP Gateways

Veracode White Paper The Internet of Things: Security Research Study. The Internet of Things: Security Research Study

Intro to Firewalls. Summary

Security Issues in SCADA Networks

Protec'ng Communica'on Networks, Devices, and their Users: Technology and Psychology

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

Security Threats on National Defense ICT based on IoT

Communica)on and sensor network technologies for smart ci)es

Cyber Threats in Physical Security Understanding and Mitigating the Risk

Protec'ng Informa'on Assets - Week 8 - Business Continuity and Disaster Recovery Planning. MIS 5206 Protec/ng Informa/on Assets Greg Senko

Assessing BYOD with the Smarthpone Pentest Framework. Georgia Weidman

What is Web Security? Motivation

Thick Client Application Security

SCADA and Security Are they Mutually Exclusive? Terry M. Draper, PE, PMP

Big Data Analy,cs: Driving Behaviour Analysis from Smartphone Sensory Data. Chalermpol Saiprasert, Ph.D. NECTEC Thailand

"EZHACK" POPULAR SMART TV DONGLE REMOTE CODE EXECUTION

External Supplier Control Requirements

Who is Watching You? Video Conferencing Security

BBM 461: SECURE PROGRAMMING INTRODUCTION. Ahmet Burak Can

NETWORK DEVICE SECURITY AUDITING

Fundamentals of Network Security - Theory and Practice-

Virtualization System Security

Kaseya Fundamentals Workshop DAY THREE. Developed by Kaseya University. Powered by IT Scholars

ZA Smart TV Series QUICK START GUIDE

Security-as-a-Service (Sec-aaS) Framework. Service Introduction

Phase 2: Scanning Detec0ng informa0on useful for break- in Live machines Network topology Firewall conﬁgura0on Applica0ons and OS types Vulnerabili0es

3M Cogent, Inc. White Paper. Beyond. Wiegand: Access Control. in the 21st Century. a 3M Company

Web Application Security

No Cloud Allowed. Denying Service to DDOS Protection Services

What is Really Needed to Secure the Internet of Things?

DEVELOPING SECURE SOFTWARE

Security and the Internet of Things

Information Security Office

Please Complete Speaker Feedback Surveys. SecurityTube.net

The fabryq IoT prototyping platform

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui

Transcription:

Security testing the Internet-of-things Lindholmen Software Development Day 2014-10-16 Emilie Lundin Barse Informa(on Security Consultant, Combitech emilie.barse@combitech.se

Contents State of security in Internet- of- things A:ack surfaces OWASP Internet of Things top 10 Case studies a:ack examples 2

About me PhD in computer engineering (Chalmers) logging and intrusion detec(on Informa(on Security Consultant for 9 years Areas of interest Log analysis Intrusion detec(on Pentra(on tes(ng/security tes(ng Code review 3

4

State of security in Internet of Things Immature area when it comes to security Security by obscurity ORen not working anymore informa(on spreads Different actors have studied the area for some (me Researchers, standardisa(on organisa(ons Trust is needed Sensi(ve/personal informa(on is handled SCADA systems malicious control can have great impact Consumer worries about security and privacy prevents development Vendors do the implementa(ons Must also design, implement and test for security 5

A>ack surfaces sensor attacker Internet cloud service central manager, analyst third party data user management interface private network manager sensors sensor data 6

A>ack surfaces sensor attacker Internet cloud service central manager, analyst third party data user management interface private network manager sensors sensor data 7

A>ack surfaces sensor attacker Internet cloud service central manager, analyst third party data user management interface private network manager sensors sensor data 8

Tes@ng machine to machine interfaces Less documenta(on Non- standard/less common protocols Less security Limita(ons in computa(onal power prevents use of cryptography Security updates may not exist or are released seldom Hardware limita(ons fixing security vulnerabili(es may require new hardware May take more (me for a:acker But standard components used in many applica(ons Common that replay a:acks can be used Or very simple authen(ca(on schemes 9

Tes@ng machine to machine interfaces Security tester/a:acker may need new tools and hardware equipment SoRware defined radio Protocol analysis tools (e.g. carshark) Fuzzing Need a device or two for tes(ng 10

OWASP Internet of Things Top 10 I1 Insecure Web Interface I2 Insufficient Authen(ca(on/Authoriza(on I3 Insecure Network Services I4 Lack of Transport Encryp(on I5 Privacy Concerns I6 Insecure Cloud Interface I7 Insecure Mobile Interface I8 Insufficient Security Configurability I9 Insecure SoRware/Firmware I10 Poor Physical Security 11

Case study car (in)security Source: Stephen Checkoway et al. Usenix 2011

Case study car (in)security Successfully hacked a:ack surfaces: CAN buses Any func(on can be accessed - breaking, steering, accelera(ng, Physical access/diagnos(c connector Can also be reached remotely via telema(cs unit Wireless car key CD player Bluetooth Source: Stephen Checkoway et al. Usenix 2011

Exploit example Bluetooth in car Comprehensive experimental analyses of Automo(ve A:ack Surfaces Stephen Checkoway et al. Usenix 2011 Bluetooth for connec(ng cell phone - telema(cs unit Arbitrary code execu(on vulnerability Reverse engineering of bluetooth implementa(on in telema(cs ECU Unsafe string copy func(ons found one in handling bluetooth configura(on command - > buffer overflow Requires paired bluetooth device indirect compromise phone with trojan app direct bruteforce PIN for pairing 14

Case study hack your home Home alarm systems NAS (storage) Smart TV Toys Baby monitors 15

Exploit example Home alarm system Tested alarm system for home usage in higher price range Found two ways of a:acking: Physical a:ack Read security codes from PIC processor memory RF communica(on Turn of alarm by replay a:ack of signal from key fob Source: Silvio Cesare, BlackHat USA 2014 16

Links OWASP Internet of Things Top Ten: h:ps://owasp.org/index.php/owasp_internet_of_things_top_ten_project HP Internet of Things Survey: h:p://for(fyprotect.com/hp_iot_research_study.pdf Shodan search engine for Internet connected devices: h:ps://www.shodan.io/ Owning a building Billy Rios, BlackHat 2014: h:ps://www.blackhat.com/docs/asia- 14/materials/Rios/Asia- 14- Rios- Owning- A- Building- Exploi(ng- Access- Control- And- Facility- Management.pdf 17

18

19

20

21