View
2
Download
0
Category
Preview:
Citation preview
#watitis2017
#watitis2017
u w a t e r l o o . c a \w a t i t i s@ w a t i t i s c o n f
RISE OF THE
MACHINESU N D E R S TA N D I N G A N D H A C K I N G T H E
I N T E R N E T O F T H I N G S
Terry Labach
#watitis2017
READ ALL ABOUT IT!
#watitis2017
THIS IS NOT A HEATER
#watitis2017
THIS IS NOT A HEATER
• It is a computer
• A heater happens to be attached to it
• We’ll come back to this later
#watitis2017
WHAT IS THE INTERNET OF
THINGS?
• aka IoT
• Devices, other than computers (or what we
think of as computers) connected to the
internet
• Started with:
Routers
Industrial control systems
Coke machines
#watitis2017
THE INTERNET COKE MACHINE
• Connected by 1982!
• Carnegie-Mellon CS department Coke
machine
• Let users remotely determine inventory and
temperature
#watitis2017
THE INTERNET OF THINGS
• Now includes
Webcams
Printers
Network attached
storage
Children’s toys
Televisions
Light bulbs
Door locks
Appliances• Vacuum cleaners
• Refrigerators
• Toasters
• Electrical outlets
And more, and
more, and more!
#watitis2017
THE INTERNET OF THINGS
• IoT devices more likely to be able to sense
their environment in some way
• Can collect data from their environment
Video
Audio
GPS
Temperature
• Can share this data
#watitis2017
THE INTERNET OF THINGS
• Devices could be hard-wired, or connected
to a network using Wi-Fi
• Could be wirelessly accessible using
Bluetooth
• May be controllable from remote locations
#watitis2017
THIS ISN’T SKYNET (YET…)
• People still make the decisions to implement
and IoT devices
• Our decisions need to be informed
#watitis2017
THE INTERNET OF HACKABLE
THINGS
• Some call this a more accurate description of
the IoT
• Security is an afterthought
• Focus on novelty and convenience
#watitis2017
WHAT ARE THE RISKS?
• Privacy
Devices can spy on you
• Theft
Compromised devices could allow physical
access to property or leak passwords
• Access to or misuse of your devices
IoT devices have been used in botnet attacks
• Using your data for financial gain
• Loss of control of your devices
#watitis2017
WHAT IS “COLLECTING USAGE
DATA”?
• Mining your details to sell to advertisers
• Roomba robotic vacuum cleaners create a
map of your home
Who could make use of that?
(Hint: advertisers)
• Company would like to “share” customer
data
#watitis2017
THE GOOD, BAD, AND THE GOOFY
• A roundup of some IoT devices
#watitis2017
GOOD
• Searching for good IoT devices…
#watitis2017
BAD
• Companies are looking for new products and
new markets to drive new sales
• What can we connect to the Internet?
#watitis2017
YOUR TELEVISION WATCHES YOU
#watitis2017
YOUR TELEVISION WATCHES YOU
• March 2017 Wikileaks disclosure of CIA
hacking tool called “Weeping Angel”
• Made Samsung Smart televisions appear to
be off when they were on
• Could control built-in microphone and
camera
#watitis2017
CAYLA THE DOLL
#watitis2017
CAYLA THE DOLL
• “The Bright-Eyed Talking Doll That Just
Might Be a Spy”
https://www.nytimes.com/2017/02/17/technology/
cayla-talking-doll-hackers.html
• Records sound
• Transmits over an insecure Bluetooth
interface
• Banned in Germany
#watitis2017
INTERNET DISHWASHERS
• Miele Professional PG 8528
• Network-enabled
Not supposed to be accessible from the Internet
But some did connect and were visible, and
controllable, from anywhere!
Large capacity dishwasher used in hospitals and
labs
Embedded webserver could be subverted
What could you do with a back door into a lab?
#watitis2017
DOOR LOCKS
• Smart locks
• Can use a Bluetooth device (fob,
smartphone) to open lock
• Some allow you to add a network module to
control over your home network
#watitis2017
DOOR LOCKS
• Some have been found to send passwords
unencrypted
• A Bluetooth sniffer could be used to discover
the lock password
• Others responded to an encrypted, but
unchanging, signal
• An attacker could record the signal and
replay it to open the lock
#watitis2017
DOOR LOCKS & AMAZON
• Authorize Amazon delivery people to enter
your home
• Uses smart lock and app
• Camera records your door and lock logs
locking and unlocking
• What could go wrong?
#watitis2017
DOOR LOCKS & AMAZON
• Now you see the delivery person in the
surveillance camera on the right…
#watitis2017
DOOR LOCKS & AMAZON
• …but overwhelm the wireless network, and the camera freezes on the last image seen!
#watitis2017
WEBCAMS
• Once hard-wired to computers and controlled
by them
• Now, often connected directly to networks via
Wi-Fi
• Controlled wirelessly via embedded web
servers
• Useful for
Skype
Monitoring your home
Sharing video…
#watitis2017
WEBCAMS
• Good camera!
#watitis2017
WEBCAMS
• Bad camera!
#watitis2017
WEBCAMS
• Smorgasbord of cameras
#watitis2017
WEBCAMS
• Select live video feed from previous panel
#watitis2017
HOME AUTOMATION
• “Smart” homes
• Network connected
Audio and video
Thermostats
Security cameras
Lighting
• Hubs to control devices from Amazon (Echo),
Apple (Home)
#watitis2017
HOME AUTOMATION
• What happens if I push a button on this
publically accessible interface?
#watitis2017
HOME AUTOMATION
• Attacks
Disable security alarms and cameras
Unlock doors
Adjust thermostat
Use your imagination!
#watitis2017
HOW WERE THESE DEVICES
FOUND?
• That is a elite hacker’s secret!
#watitis2017
HOW WERE THESE DEVICES
FOUND?
• That is a elite hacker’s secret!
• Actually, it was Shodan
#watitis2017
SHODAN
• One of a number of search engines
specializing in finding devices
• Scans the Internet and saves information
that each device gives it about itself
• Can search by device, location, type of
software interface, etc.
#watitis2017
SHODAN
• Detects web servers that act as control
interfaces to IoT devices
• Also detects interfaces to databases, SCADA
systems, gaming servers, etc.
• Finding a vulnerable device to attack is as
easy as using Google
#watitis2017
GOOFY
#watitis2017
$699 WI-FI CONNECTED JUICER
• Needs internet access to verify the
ingredient pouch
#watitis2017
SMART CHOPSTICKS• Announced by Baidu in 2014
• Claimed to detect contaminated oils
• Pairs with a smartphone app
• Never produced, but still described in articles as an innovative IoT device in 2017!
#watitis2017
OTHER DEVICES
• A hands on look
#watitis2017
SPOTSTAR
• Smart heater and fan
• Proximity sensor stops operation when no
one at desk
• Thermostat learns your heating and cooling
preferences
#watitis2017
SPOTSTAR – HOW IT WORKS
#watitis2017
SPOTSTAR – HACKABLE?
• Points of attack
Web server controls parameters• Direct break in
• Steal session credentials and spoof identity
Wireless connectivity• Can observe wireless traffic
• Fake eduroam access point
• Flood network with traffic to prevent updates
#watitis2017
SPOTSTAR – THERE IS A CATCH
• Heater operation can’t be altered if network connectivity is lost
#watitis2017
CONCLUSION
• What do IoT devices really do?
• What do we need our devices to do?
• How should we respond to the rise of IoT?
#watitis2017
ACKNOWLEDGEMENTS
I would like to thank the following people for
their assistance and advice as I developed
this presentation.
• Costin Ograda-Bratu, Ronaldo Garcia, and
Lawrence Folland of CSCF
• Mike Nowakowski and Jason Testart of IST
#watitis2017
RESOURCES 1• privacy not included [2017 Holiday Shopping Guide]
https://advocacy.mozilla.org/en-US/privacynotincluded
• Don't Buy Anyone an Echo
https://gizmodo.com/dont-buy-anyone-an-echo-1820981732
• The Internet Of Hackable Things
https://motherboard.vice.com/en_us/topic/the-internet-of-hackable-things
• Strangers can talk to your child through 'connected' toys,
investigation finds
https://www.theguardian.com/technology/2017/nov/14/retailers -urged-to-
withdraw-toys-that-allow-hackers-to-talk-to-children
• Amazon Key Flaw Could Let Rogue Deliverymen Disable Your
Camera
https://www.wired.com/story/amazon-key-flaw-let-deliverymen-
disable-your-camera/
#watitis2017
RESOURCES 2• “Internet of Things” security is hilariously broken and getting worse
https://arstechnica.com/information-technology/2016/01/how-to-search-the-
internet-of-things-for-photos-of-sleeping-babies/
• Bluetooth Hack Affects 20 Million Amazon Echo and Google Home
Devices
https://thehackernews.com/2017/11/amazon-alexa-hacking-bluetooth.html
• Watch Thieves Hack Keyless Entry to Steal a Mercedes in Less
Than a Minute
https://gizmodo.com/watch-thieves-hack-keyless-entry-to-steal-a-mercedes-in-
1820767189
• Hacks to turn your wireless IP surveillance cameras against youhttps:/ /www.csoonl ine.com/art ic le/2224469/microsoft -subnet/hacks-to-turn-your-wireless- ip-
surveil lance-cameras-against-you.html
• Hackers Use College’s Connected Vending Machines To
Attack Network
https://consumerist.com/2017/02/14/hackers-use-colleges-connected-vending-
machine-to-attack-network/
#watitis2017
INFORMATION SECURITY
SERVICES
• IST team
• We will provide custom information security
consulting or training to your team or
department
• Contact Terry Labach to discuss your
security education needs
#watitis2017
TERRY LABACH
terry.labach@uwaterloo.ca
519-888-4567 x45227
#watitis2017
QUESTIONS?
Recommended