adam's notes

IoT Security

Internet of Things is used to refer to any device with an internet connection that doesn’t run a full desktop operating system.

  • The term is broad and many of the concepts and ideas related to it are open to interpretation

Kinds of IoT Devices

Printers

Printers are complex devices with operating systems like any other computer, capable of communicating on one or more networks, and with plenty of starting places for an attacker to attempt to gain a foothold.

Printers generally use an RTOS on a small embedded device, which drives the printer hardware.

  • These devices listen on a variety of ports and run common services
    • E.g., FTP, Telnet, SSH, and HTTP/HTTPS, services peculiar to printing devices
  • have both wired and wireless network adapters
  • commonly come equipped with a reasonable amount of memory and storage to support the large print jobs

KRACK vulnerability can allow attackers to eavesdrop on traffic sent wirelessly to printers and to access sensitive documents.

Surveillance Cameras

Networked surveillance cameras are frequently full of vulnerabilities.

  • often have:
    • simple default administrative credentials
    • backdoors enabling unauthorized use
    • hordes of security vulnerabilities and misconfigurations
  • Malware can easily take advantage to attack other devices or serve as entry into the environment

Physical Security Devices

Physical security devices include tools such as smart locks, which connect to a network (often Bluetooth or Bluetooth Low-Energy) and allow you to open and close a lock through a mobile app or other software.

IoT Security Issues

  • Lack of Transparency
  • Insecure communication
  • Device spoofing
  • Physical tampering

Lack of Transparency

  • Often don’t know exactly what your IoT devices are doing

Remedy

Connect an IoT device to a VPN to isolate the device (making its traffic easier to distinguish) and force it to communicate through a monitorable choke point

  • then use a tool like mitmproxy to eavesdrop on it
    • see who the device is talking to and what data is being sent or received

Everything is an IoT Device

All sorts of appliances now ship with “smart” capabilities and network connectivity of some variety.

Example

In October 2016, an enormous distributed denial-of-service (DDoS) attack left massive swaths of the internet unusable, including services from large providers such as Amazon Web Services, Twitter, Netflix, and CNN.

These outages stemmed from DDoS attacks against Dyn, the company controlling many of the root DNS servers forming the infrastructure of the internet. The attack against these servers had a rate of 1.2 terabytes per second, at the time the largest DDoS attack ever witnessed, and came from more than 100,000 devices, almost all of which were IoT devices.13

The attack was possible because malware called Mirai recruited vulnerable IoT devices into a botnet (a network of compromised systems) and made them accessible for the controllers of the botnet to use for DDoS attacks. The malware didn’t perform a complex attack; it simply looked for devices on the network and attempted to access them using their default administrative password.

Outdated Devices

Many old devices on the market cause security problems.

  • not easy to add security measures to older devices

Graph View

Backlinks