Tagged: iot Toggle Comment Threads | Keyboard Shortcuts

  • case

    case 9:08 pm on December 27, 2016 Permalink
    Tags: government, iot, , standards   

    Reality Check: Getting Serious About IoT Security 

    The Department of Homeland Security is fully justified in urging security standards for the Internet of Things.

    “In an effort to curtail a new and disturbing cyberattack trend, the Department of Homeland Security has placed Internet of Things (IoT) device manufacturers on notice. The recent proclamation clarified how serious the agency is about the issue and how serious it wants corporate decision makers to be. In short, the DHS “Strategic Principles for Securing the Internet of Things” acknowledges the gravity of the current climate and the potential for greater harm by encouraging security to be implemented during the design phase, complete with ongoing updates based on industry best practices.

    How this effort could affect upcoming product releases is yet to be seen, but these questions remain: How secure must products be before delivery to consumers? Will the liability of insecure Web devices translate to a burden for consumers unaware of proper security? This uncertainty could cause problems for those who produce or use IoT devices.

    This move by the DHS was necessary. The recent Dyn DDoS attack made the susceptibility of these devices clear, and the sheer destructive potential makes the risks impossible to ignore.”

    http://www.darkreading.com/iot/reality-check-getting-serious-about-iot-security-/a/d-id/1327602?

     
  • case

    case 9:00 pm on December 27, 2016 Permalink
    Tags: iot, iot village,   

    IoT Village at DEF CON 24 Uncovers Extensive Security Flaws in Connected Devices 

    “One of the most unnerving exploits was presented by researcher Fred Bret-Mounet, who showed an attacker could shut down the equivalent of a small to mid-sized power generation facility by accessing the flaw in solar panels manufactured by Tigro Energy.

    In another, researcher Anthony Rose discovered that 75% of the smart locks he investigated could be easily compromised, letting an attacker open the lock on a victim’s front door. Another researcher, who goes by the handle “jmaxxz,” discovered a series of vulnerabilities with August locks which, if exploited, would mean that “anyone you’ve ever let use your phone, or ever given access to your home as a guest via your smart lock could enter your home without your knowledge or permission.” he said. Smart locks are one of the fastest growing consumer products serving the smart home.

    http://www.darkreading.com/attacks-breaches/iot-village-at-def-con-24-uncovers-extensive-security-flaws-in-connected-devices/d/d-id/1326928

     
  • case

    case 8:58 pm on December 27, 2016 Permalink
    Tags: ccc, german, germany, iot,   

    Lockpicking in the IoT at Chaos Communications Congress 2016 

    Lockpicking in the IoT
    …or why adding BTLE to a device sometimes isn’t smart at all

    Overview
    “Smart” devices using BTLE, a mobile phone and the Internet are becoming more and more popular. We will be using mechanical and electronic hardware attacks, TLS MitM, BTLE sniffing and App decompilation to show why those devices and their manufacturers aren’t always that smart after all. And that even AES128 on top of the BTLE layer doesn’t have to mean “unbreakable”. Our main target will be electronic locks, but the methods shown apply to many other smart devices as well…

    This talk will hand you all the tools you need to go deeply into hacking smart devices. And you should! The only reason a huge bunch of these products doesn’t even implement the most basic security mechanisms, might be that we don’t hack them enough!

    We start by looking at the hardware layer, dissecting PCBs and showing which chips are usually used for building those devices. Even if the firmware is read protected they still can be used as nice devboards with unusual pheripherals – if you can’t flash it, you don’t own it!

    But you don’t always have to get out your JTAG interfaces. The most simple part is intercepting an Apps communication with its servers. We show an easy Man-in-the-middle setup, which on the fly breaks the TLS encryption and lets you read and manipulate the data flowing through. This was enough to completely defeat the restrictions on a locks “share to a friend” feature and of course helps you recover your password…

    Understanding the API also is the best way to actually OWN your device – giving you the option to replace the vendors cloud service with an own backend. We show how this can be for example used to continue using your bike lock when the kickstarter you got it from goes bankrupt after a presentation about it’s bad crypto. Just kidding, they are already notified and working on a patch.

    Also going for the wireless interface and sniffing BTLE isn’t as difficult as it might sound. Turning a cheap 10 EUR devboard into a sniffer we show how to use Wireshark to dissect the packets going from and to the device and analyze the payload. In some cases this is all what’s needed to get the secret key from a single interaction…

    Finally we will turn into reverse engineers, showing how to decompile an android app and analyze it’s inner working or even modify it to your needs. Using this we show, that a quite popular electronic padlock indeed correctly claims to use AES128, but due to a silly key exchange mechanism we can break it by listening to a single opening command. All details of this 0-day attack will be released during the talk – the vendor has been notified in May.

    Last but not least we will go back for the hardware layer, showing that sometimes even simple things like magnets or shims can be used to defeat $80+ electronic locks in seconds…


    Speaker: Ray
    Ray’s mainly known for only taking questions as an answer, but also is an active lockpicker and electronics hacker.

    Besides presenting Hacker Jeopardy for over ten years now, Ray is also known for his presentations about lockpicking. He created the first 3D printed key and used laser cutters to circumvent key control of high security handcuffs. For three years now he is also going for electronic locks, bypassing mechanical actors as well as flashing own firmwares “just because he can”.

    https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8019.html

    Livestream:
    https://streaming.media.ccc.de/33c3/hall1

     
  • case

    case 8:56 pm on December 27, 2016 Permalink
    Tags: iot,   

    IoT Village 

    Organized by security consulting and research firm Independent Security Evaluators (ISE), IoT Village™ delivers thought leadership advocating for security advancements in Internet of Things (IoT) devices. The village consists of workshops on hacking numerous off-the-shelf devices (e.g. medical devices, home appliances, routers, and storage devices), live educational talks and a variety of contests. IoT Village’s™ contests are brought to you by SOHOpelessly Broken™, the first-ever router hacking contest at DEF CON, which delivered 15 new 0-day vulnerabilities to the research community.

    https://www.iotvillage.org/

     
  • case

    case 8:56 pm on December 27, 2016 Permalink
    Tags: cyberattacks, iot,   

    US hospitals lack new technologies and best practices to defend against threats, new report says.Major Cyberattacks On Healthcare Grew 63% In 2016 

    US hospitals lack new technologies and best practices to defend against threats, new report says.

    Some 93 major cyberattacks hit healthcare organizations this year, up from 57 in 2015, new research shows.

    TrapX Labs, a division of TrapX Security, found this 63% increase in attacks on the healthcare industry for the period between January 1, 2016 and December 12. Some may have been ongoing prior to Jan. 1, but for consistency, researchers only used official reporting dates to the Department of Health and Human Services, Office of Civil Rights (HHS OCR).

    Among the largest attacks were those on Banner Health (3.6M records), Newkirk Products (3.4M records), 21st Century Oncology (2.2M records), and Valley Anesthesiology Consultants (0.88M records).

    Sophisticated attackers are now responsible for 31% of all major HIPAA data breaches reported this year, a 300% increase over the past three years, according to the report. Cybercriminals were responsible for 10% of all major data breaches in 2014 and 21% in 2015.

    http://www.darkreading.com/attacks-breaches/major-cyberattacks-on-healthcare-grew-63–in-2016/d/d-id/1327779?ngAction=register#

     
  • case

    case 4:56 pm on November 8, 2016 Permalink
    Tags: chain reaction, exploit, , iot, safety, , zigbee   

    IoT Goes Nuclear: Creating a ZigBee Chain Reaction 

    chainreaction

    A nice little paper came out about creating IoT worms. Definitely a read if you’re interested in IoT Security and big wave attacks. Personally I’m not a big fan of ZigBee (security, building with it, ect.) and it’s nice to see a paper like this. We’ve been warned about this forever. Now we’ll see lots of people playing with the exploits.

    Full page is here: http://iotworm.eyalro.net/ excerpts and link to full paper below:

    Creating an IoT worm

    Within the next few years, billions of IoT devices will densely populate our cities.
    In this paper we describe a new type of threat in which adjacent IoT devices will infect each other with a worm that will spread explosively over large areas in a kind of nuclear chain reaction, provided that the density of compatible IoT devices exceeds a certain critical mass. In particular, we developed and verified such an infection using the popular Philips Hue smart lamps as a platform.

    The worm spreads by jumping directly from one lamp to its neighbors, using only their built-in ZigBee wireless connectivity and their physical proximity. The attack can start by plugging in a single infected bulb anywhere in the city, and then catastrophically spread everywhere within minutes, enabling the attacker to turn all the city lights on or off, permanently brick them, or exploit them in a massive DDOS attack. To demonstrate the risks involved, we use results from percolation theory to estimate the critical mass of installed devices for a typical city such as Paris whose area is about 105 square kilometers: The chain reaction will fizzle if there are fewer than about 15,000 randomly located smart lights in the whole city, but will spread everywhere when the number exceeds this critical mass (which had almost certainly been surpassed already).

    To make such an attack possible, we had to find a way to remotely yank already installed lamps from their current networks, and to perform over-the-air firmware updates. We overcame the first problem by discovering and exploiting a major bug in the implementation of the Touchlink part of the ZigBee Light Link protocol, which is supposed to stop such attempts with a proximity test. To solve the second problem, we developed a new version of a side channel attack to extract the global AES-CCM key that Philips uses to encrypt and authenticate new firmware. We used only readily available equipment costing a few hundred dollars, and managed to find this key without seeing any actual updates. This demonstrates once again how difficult it is to get security right even for a large company that uses standard cryptographic techniques to protect a major product.

    Possible Worm applications

    Bricking attack

    An attacker can use the worm for a city-wide bricking attack. The malicious firmware can disable additional firmware downloads, and thus any effect caused by the worm (blackout, constant flickering, etc.) will be permanent. There is no other method of reprogramming these devices without full disassemble (which is not feasible). Any old stock would also need to be recalled, as any devices with vulnerable firmware can be infected as soon as power is applied.

    Wireless network jamming

    The IEEE 802.15.4 standard which ZigBee runs over uses the 2.4GHz ISM (Industrial, Scientific, Medical) license-free band. This band is widely used by many standards, including IEEE 802.11b/g (n mode supports both 2.4GHz and 5GHz bands). These 802.15.4 SoC devices have a special `test mode’ which transmits a continuous wave signal that is used during the FCC/CE emission certification process. This test signal can be tuned to overlap on any of the 2.4 GHz 802.11 channels (or sweep between them), and can be used as a very effective jammer. Using many infected lamps at once, WiFi communication (or any other 2.4 GHz transmissions) could be disrupted in the whole city.

    Attacking the electric grid

    All the city’s smart lamps can be scheduled to simultaneously turn on and off multiple times. The sudden changes in power consumption can have a detrimental effect on the electric grid.

    Causing epileptic seizures

    By repeatedly flashing the lights at the right frequency, it is possible to induce epileptic seizures in photosensitive people on a large scale.

    Full results described in the following paper:
    IoT Goes Nuclear: Creating a ZigBee Chain Reaction [PDF, 6.7MB]
    Eyal Ronen, Colin O’Flynn, Adi Shamir and Achi-Or Weingarten

     
  • case

    case 7:39 pm on November 4, 2016 Permalink
    Tags: , cloud, computers, evolution, iot,   

    Evolution of Computers Over Time 

    evolution-computers-over-time

    I use this graph a lot. Going to the ‘cloud’ all of the time is an unnecessary and insecure waste of bandwidth.

     
  • case

    case 5:21 am on November 2, 2016 Permalink
    Tags: , hacking, , iot,   

    Unsecured Internet of Things gadgets get hacked within 40 minutes of being connected to the net 

    unsecured-internet-of-things-gadgets-get-hacked-within-40-minutes-of-being-connected-to-the-net-_-boing-boing

    “The Atlantic’s Andrew McGill set up a virtual server on Amazon’s cloud that presented to the internet as a crappy, insecure Internet of Things toaster; 41 minutes later, a hacked IoT device connected to it and tried to hack it. Within a day, the “toaster” had been hacked more than 300 times.”

    http://boingboing.net/2016/10/31/unsecured-internet-of-things-g.html

    This reminds me of old WordPress installations!

     
  • case

    case 5:13 am on November 2, 2016 Permalink
    Tags: , , iot, , , weapons   

    The Weapons in Your Home. 

    Yes, you. Everyone that has an unsecured connected device without a good password is a contributor to current and future DDoS attacks at unheard of volumes.

    That cute little thermostat or security camera you own? It’s a weapon. And it’s not so cute after all.

    rope-snap
    Image orignally used on https://www.neustar.biz/blog/category/internet-of-things

     
  • case

    case 4:59 am on November 2, 2016 Permalink
    Tags: botnet, compromise, , devices, iot,   

    New, more-powerful IoT botnet infects 3,500 devices in 5 days 

    Discovery of Linux/IRCTelnet suggests troubling new DDoS menace could get worse.

    DAN GOODIN – 11/1/2016, 4:15 PM

    “A recent volley of DDoS attacks launched from infected IoT devices has opened a troubling chapter for the Internet because the assaults are capable of delivering malicious data in volumes that were almost unimaginable just a few years ago. Linux/IRCTelnet is likely only the beginning of what could be a long line of next-generation malware that steadily improves its capabilities. The proliferation of Internet-connected devices that by default are defenseless against these threats is bad news, indeed.” http://arstechnica.com/security/2016/11/new-iot-botnet-that-borrows-from-notorious-mirai-infects-3500-devices/

     
c
compose new post
j
next post/next comment
k
previous post/previous comment
r
reply
e
edit
o
show/hide comments
t
go to top
l
go to login
h
show/hide help
shift + esc
cancel