IoT (in-)security - CEC conf - 2021-10-19 by Pascal

1 of 18

Slide Notes

IoT (in-)security - CEC conf - 2021-10-19

@ Luxinnovation

PRESENTATION OUTLINE

New technologies, old risks, IoT (in-)security

The future might be smart but will it be secure ?

What is IoT?

The Internet of things

Photo by POLISEA

Take these

sensors, micro-controllers...

Photo by Robin Glauser

put them into "normal" objects

(like umbrellas, dolls, fridges, cars...)

Photo by Alexandru Acea

and connect them to the Internet!

Photo by POLISEA

to make them smart!

but what about security?

Photo by Alex Knight

Major Risks of IoT

account hijack
data/privacy abuse
interception/surveillance
rogue/“zombie” devices
supply chain/SDLC compromise
massive botnets (e.g. DDoS)
physical attacks
human casualty

Photo by Leio McLaren (@leiomclaren)

some examples

Photo by Leio McLaren (@leiomclaren)

Mirai botnet

"smart" cameras

Photo by AxisCommunications

Cayla the Doll

smart toy

Photo by kentarou2014

BIOTRONIK Cardiomessenger II

smart pacemaker

Photo by Arenamontanus

Hacking Yourself: Marie Moe and Pacemaker Security

https://youtu.be/W1YWpVMpPi8

Link to Video: https://youtu.be/W1YWpVMpPi8

Photo by Orminternal

Recommendations (user)

strong password security
software/firmware updates
network segmentation and filtering
physical security
check contracts, terms and conditions
! if you don't need it don't use it !

!! If you don't need it don't use it !!

and last but not least

Photo by Solarbotics

Recommendations (provider)

security by design
sound data collection/mgmt
supply chain integrity
check third party software
comprehensive testing
security by default
sound patch policy and process
comprehensive documentation
leverage on standards and good practice

smart & secure

National awareness campaign 2021

www.secure-iot.lu

https://secure-iot.lu/assets/img/video/watch.mp4

Thank you for your attention! questions?

Pascal Steichen

Pascal Steichen

https://lhc.lu/