Public Servant | DSCI Security Leader | BITS Alumnus | Ethical Hacker & Skeptical Army Brat who demystifies FakeNews & preaches Logic.

" ABHINAV - A BLOG HOSTING INTERNET NUISANCES, ATTACKS & VULNERABILITIES "

Friday, March 23, 2018

Demystifying the Dark-Side of Internet of Things (IOT): A Journey through Security & Privacy Challenges



Recently, I spoke at the India Electronics Week - EFYCON 2018 held at KTPO, Bangalore. The talk focussed on sensitising the audience about the paradigm shift that is required for securing IOT Businesses where Proprietary protocols, indigenous hardware & air-gapped networks are not just enough in the era of Industry 4.0. The talk also presented a view on 'What are we currently doing to protect ourselves' and 'What we need to do'. What are the new security challenges that are coming up and how privacy & anonymity is taking the lead over security with respect to IOT.

Here’s the digest of the presentation.

Why is everything getting Smart with the advent of IOT? 
 Sensors or Cloud or M2M.
 How is IOT bridging the gap between Digital threats and Physical threats?

Top recent IOT Hacks: 
 Chrysler's Jeep Cherokee,
 Mattel's Wi-fi Hello Barbie.

Eavesdropping through microphones of Smart Dolls, Smart Teddy Bears & Smart TVs.
 What if the smart doll teaches offensive things to your kid.

Exploitable Smart Refrigerators, Smart Thermostats, Smart Insulin Pumps. 
 How Smart TVs have been hacked & infected by malware
 for automated Ad Clicks and Cryptocurrency mining.

IOT Ransomeware is now reality. 
 How much someone would be willing to pay to remove ransomware from a Smart Pacemaker?

 Denial of Service (DOS) attacks on & through IOT devices. 
 How hackers can turn a Smart Fridge into a spam-bot?

Why can't we make smart devices smart enough to be secure? 
 The IOT Security Challenges:
 Resource Constraints, STRIDE Threat vectors.

Security vs Privacy vs Anonymity. 
 Importance of Trust in IOT Privacy.
 Security by Obscurity vs Security by Design:
 Proprietary protocols, indigenous hardware & air-gapped networks.

Security can not be an afterthought. 
 It has to considered & implemented in all of stages of IOT Business:
 Planning, Design, Implementation, Verification, Validation, Deployment & Operations.

IOT Business Model needs to change.
 Earlier we used to Build product, Ship them &
 forget about them until we had to Service them,
 but now we have to Ship & Remember.


Below is the presentation material of the delivered talk.




Posted by at
Labels: , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)