Understanding IoT devices, their need, and application areas
Understand the IoT ecosystem and communications models
Understanding security challenges and risks associated with IoT-enabled environments
Discuss security in IoT-enabled envrionments
Discuss security measures for IoT-enabled IT environments
Discuss IoT security tools and best practices
Discuss various standards, initiatives and efforts for IoT security
Understanding IoT devices, their need, and application areas
Understand the IoT ecosystem and communications models
Understanding security challenges and risks associated with IoT-enabled environments
Attack Vectors in IoT Architecture
Malicious firmware update
Malware delivery via data storage device
Exposing software vulnerabilities
Attack on key / certificate storage
Attack from downloaded apps
Sniffing of user data
Password dictionary attack
Attack from mobile devices
Man-in-the-middle (MITM) attack
DDoS attack
Malware
Compromised OS and tools
Insecure chipsets
compromised control server
MITM attack corrupted firmware with hacked update
hacking through default password
embedding of malware via Secure Shell (SSH)/Telnet
Hacking of a device through JTAG and open ports
OWASP Top 10 IoT Vulnerabilities
- Weak, guessable, or hardcoded passwords
- Insecure network services
- Insecure ecosystem interfaces
- Lack of security update mechanism
- Use of insecure or outdated components
- Insufficient privacy protection
- Insecure data transfer and storage
- Lack of device management
- Insecure default settings
- Lack of physical hardening
Discuss security in IoT-enabled environments
Discuss security measures for IoT-enabled IT environments
Discuss IoT security tools and best practices
Discuss various standards, initiatives and efforts for IoT security
Bluesnarfing – The attacker gains access to Bluetooth devices, retrieves their information, and redirects the incoming calls to another devices
BlueBugging – The attacker creates an adversary inside the victims device by exploiting vulnerabilities in the firmware of old devices.
Bluejacking – The attacker exploits the feature of “sending wireless business cards” in Bluetooth devices by sending an offensive card.
6LoWPAN-based attacks
Use a content chaining approach, which adds new fields to the protocol fragmentation header.
Implement a strong, lightweight public-key authentication mechanism
Use moving target IPv6 defense in 6LoWPAN
beyondtrust
beyondsecurity.com – beStorm
iotsploit.co
iotseeker – information.rapid7.com
iot-inspector.com
Pwn Pulse – outpost24.com
govtrack.us