Title: Webinar on Internet of Things(IoT): The Next Cyber Security Target
1Internet of Things(IoT)The Next Cyber Security
Target
By
- Praveen Kumar Gandi
- Head Information Security Services
- ClicTest
- praveen.g_at_clictest.com
Disclaimer The images used in this presentation
belong to their respective copyright holders and
are used for educational purposes only. All other
rights are reserved.
2Evolution of Internet of Things
HUMAN TO HUMAN
MACHINE TO MACHINE
SOCIAL MEDIA
WWW
WEB 2.0
- Identification, tracking, monitoring, metering
. - Semantically structured and shared data
- Fixed
- mobile telephony
- SMS
- E-mail
- Information
- Entertainment
- E-productivity
- E-commerce
-
- Skype
- Facebook
- YouTube
- Twitter
- .
Smart networks
Smart IT platforms services
Smart Phones applications
Smart Devices, objects tags
Smart Data ambient context
3Importance of Internet of Things
- According to Gartner's analysis, there will be
nearly 26 billion devices on the Internet of
Things by 2020. - As per ABI Research, an estimation of more than
30 billion devices will be wirelessly connected
to Internet of Things. - And as per the MarketsandMarkets Analysis, the
estimated revenue generated on these smart
product sales by 2016 will be 1 Trillion.
Source Cisco
4Internet of Things(IoT)
- Originally, The Internet of Things (IoT) refers
to the interconnection of uniquely identifiable
embedded computing devices within the existing
Internet infrastructure. -
- As the technology advances, the term Internet of
Things(IoT) denotes to Advanced connectivity of
devices, systems, and services that goes beyond
machine-to-machine communications (M2M) and
covers a variety of protocols, domains, and
applications.
Source http//en.wikipedia.org/wiki/Internet_of_T
hings
5Internet of Things(IoT)
- The IoT represents an evolution of future as many
physical devices communicate with each other
everyday through internet and identify themselves
with other devices. - The other technologies like RFID, Sensor
technologies, Wireless technologies, etc. will
also be used as method of communication.
6Internet Evolution
7 SourceCisco
8Types of Internet of Things
9Do you know?
- The First IOT device is Internet Coke Machine at
Carnegie Mellon University introduced in the year
1982.
10Internet of Things In Everyday Life
11Internet of Things in Homes(Smart Homes)
12How IoT works?
Source Securing the IoT World by Aaron Guzman
13Are Internet of Things Secure?
14Smart Cars got pwned!!
15Smart Lights can be Hacked
- Unsecure communication between bridge and
application - Vulnerability in smart bulb makes home black out
by security researcher - Fixed in Latest Version
16Vulnerabilities in IoT Devices
- Due to improper security model implementation
and unsecure communication between the device and
application. -
- Any device on the same Wi-Fi network can command
or control these devices.
17How far IoT can be hacked?
Remember Fire Sale in Die Hard 4.0
18Hurdles Securing the IoT
- There is no consistent or official software
update process or mechanism - There is little or no understanding of the cyber
threats embedded in their systems - There is lack of accountability for device
security - Improper configuration or purpose-built features
that equate to security flaws - Data privacy
19Securing the IoT
- Keep your Software/firmware Updated
- Ensure that connectivity is Secure.
- eg Two Factor Authentication
20Securing the IoT
- Secure the location of the data being reported by
IoT-linked devices. - Encrypt the System.
- eg Two-Person Controls
21Securing the IoT
- Ensure Supply Chain Security.
- Prevention of counterfeit hardware by procedures
to certify manufacturers supply chain processes
to prevent the introduction of malicious code. - Support IoT security.
- We must support regulation that requires that
IoT devices meet security standards, just as we
require standards for our electrical devices with
UL approval requirements.
22Securing the IoT
- Use out of band (OOB) systems closed systems
(intranets) that are not open to the public. - The Defence Department uses IoT linked
devices, but they are mainly out of reach from
hackers because they are OOB. Defence weapons
systems and even sensor-wearing soldiers report
critical status information to centralized
control centres that feed decision makers. While
less vulnerable to being hacked, these OOB
systems are subject to insider attacks.
23Securing the IoT
- Support Standardization.
- Eg OWASP
Source IoT-Attack-Surfaces-Defcon-2015
24Securing the IoT
- Stay informed.
- National Institute of Standards and Technology
and Federal Guidance such as Federal Information
Processing Standards (FIPS) address critical
steps that are needed to secure and protect
information and critical systems.
25Thank You !
Praveen Kumar G Head Information Security
Services ClicTest E-mail praveen.g_at_clictest.com