Understanding IoT devices, their need, and application areas

Understand the IoT ecosystem and communications models

Understanding security challenges and risks associated with IoT-enabled environments

Discuss security in IoT-enabled envrionments

Discuss security measures for IoT-enabled IT environments

Discuss IoT security tools and best practices

Discuss various standards, initiatives and efforts for IoT security

Understanding IoT devices, their need, and application areas

Understand the IoT ecosystem and communications models

Understanding security challenges and risks associated with IoT-enabled environments

Attack Vectors in IoT Architecture

Malicious firmware update

Malware delivery via data storage device

Exposing software vulnerabilities

Attack on key / certificate storage

Attack from downloaded apps

Sniffing of user data

Password dictionary attack

Attack from mobile devices

Man-in-the-middle (MITM) attack

DDoS attack

Malware

Compromised OS and tools

Insecure chipsets

compromised control server

MITM attack corrupted firmware with hacked update

hacking through default password

embedding of malware via Secure Shell (SSH)/Telnet

Hacking of a device through JTAG and open ports

OWASP Top 10 IoT Vulnerabilities

  1. Weak, guessable, or hardcoded passwords
  2. Insecure network services
  3. Insecure ecosystem interfaces
  4. Lack of security update mechanism
  5. Use of insecure or outdated components
  6. Insufficient privacy protection
  7. Insecure data transfer and storage
  8. Lack of device management
  9. Insecure default settings
  10. Lack of physical hardening

Discuss security in IoT-enabled environments

Discuss security measures for IoT-enabled IT environments

Discuss IoT security tools and best practices

Discuss various standards, initiatives and efforts for IoT security

Bluesnarfing – The attacker gains access to Bluetooth devices, retrieves their information, and redirects the incoming calls to another devices

BlueBugging – The attacker creates an adversary inside the victims device by exploiting vulnerabilities in the firmware of old devices.

Bluejacking – The attacker exploits the feature of “sending wireless business cards” in Bluetooth devices by sending an offensive card.

6LoWPAN-based attacks

Use a content chaining approach, which adds new fields to the protocol fragmentation header.

Implement a strong, lightweight public-key authentication mechanism

Use moving target IPv6 defense in 6LoWPAN

beyondtrust

beyondsecurity.com – beStorm

iotsploit.co

iotseeker – information.rapid7.com

iot-inspector.com

Pwn Pulse – outpost24.com

govtrack.us