SlideShare a Scribd company logo

(SACON 2020) Practical Exploitation of IoT Networks and Ecosystems workshop

Priyanka Aash
Priyanka Aash

(SACON 2020) Practical Exploitation of IoT Networks and Ecosystems workshop. Discover more content on sacon.io

Technology
1 of 42
Practical Exploitation of IoT Networks and Ecosystems Sanjay V & Nitin Lakshmanan DEEP ARMOR www.deeparmor.com
 @deep_armor
SACON 2020 Instructors Nitin Lakshmanan Senior Security Analyst Deep Armor Aujas Networks, Aricent/ Intel Sanjay V Security Analyst Deep Armor Deloitte
SACON 2020 Agenda • IoT Architecture & Intro to IoT Security • Security Paradigms for the Building Blocks • Wireless Protocols • Hands-on Exercises • Security Development Life Cycle (SDLC) for IoT • Fun Hacking Activities • Summary Hacking Zigbee-style Wireless Sensor Networks Breaking Bluetooth Security Attacking Consumer IoT Ecosystems AWS IoT Core & Cloud Services Hands-on Exercises
SACON 2020 Internet Of Things • Network of devices connected 
 to Internet • Connect, Collect and Exchange • Part of the fast growing electronic culture • Revolution in all the fields Connected People Connected Fleets Connected Infra Connected Markets Connected Assets Connected Products Network Data
SACON 2020 Messy World of IoT Security • “Let me get the product out first” • “I’m paying a supplier for hardware/software. Security is their responsibility” • “We don’t store any confidential information” • “Let me worry about it if/when we get hacked” • “We are 100% secure (!)” • …
SACON 2020 Attacks on IoT products
SACON 2020 IoT Security & Businesses • Security is often seen as zero ROI • Impedes rapid prototyping and delivery (doesn’t have to) • Consumers will buy anyway • Poor awareness; Sometimes, lack of options • Liability laws are almost non-existent • Few that exist don’t hold water
SACON 2020 Range / Power of protocols for IoT Protocol Power Range WiFi High Long Zigbee / Z-Wave Low Short to Mid BT / BLE Low Short LPWAN Low Long
SACON 2020 Zigbee • Low data rate wireless applications • Smart energy, medical, home automation, IIoT • Two bands of operation: 868/915MHz and 2450MHz • Simpler & less expensive than Bluetooth • 10-100m range • Zigbee Alliance
SACON 2020 Zigbee Security Model • Open Trust model (Device Trust Boundary) • Crypto protection only between devices • All services employ the same security suite
SACON 2020 Practical Exploitation of IoT
 Wireless Sensor Networks (WSN)
SACON 2020 Agenda • IEEE 802.15.4 (Layer 1 & 2 definitions for Zigbee) • Tools • Setup • Attack and Defense • Packet Generation • Sniffing and Injection • Packet Manipulation • Security Hardening
SACON 2020 802.15.4 • IEEE standard for low-rate wireless personal area networks (LR-WPANs) • 6LoWPAN for IPv6 over WPANs • Zigbee extends 802.15.4 
 (wrapper services) Application Presentation Session Transport Network Data Link Physical Logical Link Control Media Access Control ZigbeeSpec
SACON 2020 Attacking WSN • IoT product simulator • 802.15.4-based network • Packet sniffing, manipulation and injection • Goals: • Understanding basic packet header formats • Security models for protecting communication • Hardware and software tools for packet sniffing & injection
SACON 2020 Challenges • Insufficient security research and documentation • Few testing/debugging platforms • Reliable ones are very expensive or obsoleted • Beta quality hardware at best • Took us weeks, studying blogs, asking questions, trial- and-error, … • Lots of future work possible. Wanna collaborate?
SACON 2020 Generating & Analyzing IEEE 802.15.4 WSN packets (MAC Layer)
SACON 2020 WSN Internals Payload DASRC SEQ NUM PAN ID DST Payload D A SRC SEQN U M PA NID D ST Attacker Gateway
SACON 2020 Impact • Compromise integrity of sensor data • Spoof all legit devices in the network • Logistics & Asset Management - think Vaccine Transportation! • Medical Use Cases - Hospital monitoring • Security and Surveillance • Rapid emergency response for Industries • CVSSv3 Score: 9.3
SACON 2020 Hardening the WSN
SACON 2020 Approach • We care about: • Integrity of data transmitted (bi-directional) • Confidentiality (sometimes) • Device attestation in the WSN • Crypto • IoT Platform Constraints • RAM and flash memory are often in KBs • Traditional crypto is way too intensive • Libraries — Few and proprietary
SACON 2020 • Protecting data integrity is (should be) a key security objective • Use Crypto • Challenges • Need for HW Acceleration • Key provisioning and exchange • Traditional Public Key Crypto is often unacceptable • Nonce-based approaches are easy but insecure • We did not discuss: • Device Security Measures (Secure Boot, Secure FOTA, etc.) • Out of the box provisioning, device mapping and reuse • Key Management Summary
SACON 2020 Consumer IoT Security
 &
 AWS-IoT Topics
SACON 2020 Agenda • Consumer IoT • Case Study: “X” Fitness Band & “X” Wearable Technology device • Weaknesses in Smartphone Platforms <—> Wearables channels • Hands-on hacking of Bluetooth and BLE protocols • Hardening BLE • AWS IoT Core • Secure by Design and SDLC for IoT Platforms
SACON 2020 Wearables Security
SACON 2020 Introduction • Wireless protocol for short range data exchange • BT: 1-100m • BLE: 10-600m • BLE is Light-weight subset of classic Bluetooth with low power consumption • RF range: 2.4 - 2.485 GHz • Maintained & Governed by the Bluetooth Special Interest Group (SIG) • Popular use cases: wearable devices, smart pay systems, healthcare, smart security systems etc
SACON 2020 Bluetooth 5 Feature Bluetooth 5 Bluetooth 4.2 Speed Supports 2 Mbps Supports 1 Mbps Range 40m indoor 10m indoor Power Requirement Low High Message capacity 255 bytes 31 bytes • Latest version of BT and BLE Spec • Improvements to BLE • Aimed at IoT (especially consumer)
SACON 2020 Bluetooth LE security Secure Simple Pairing (SSP) • Just Works: very limited/no user interface • Numeric Comparison: devices with display or yes/no button • Passkey Entry: 6 digit pin as the pass key • Out Of Band: Out of the band channel for key exchange to thwart MITM attacks • Network traffic is encrypted with AES-128
SACON 2020 Practical Exploitation of BLE Systems
SACON 2020 Attacking Wearable - Mobile Ecosystems Section A
SACON 2020 Section B BLE Packet Analysis using Wireshark (“X” Popular fitness tracker)
SACON 2020 Section B: Sniffing with Ubertooth
SACON 2020 Summary • BT/BLE network packet analysis is easy • Market-available HW and SW • Many products do not enable the existing encryption mechanisms offered by the BT spec • At the very least, enable LTK-encryption
SACON 2020 Section C Attacking BLE LTK Encryption
SACON 2020 Section D Hardening BLE
SACON 2020 IoT Cloud Security
SACON 2020 Agenda • IoT Services from Modern Cloud Vendors • AWS IoT Core • Setting up IoT Core with device simulators • Secure configuration • AWS Cloud Security Checks
SACON 2020 • Managed cloud service for connected devices to interact with cloud applications • Amazon FreeRTOS — open-source OS for MCUs (low power & memory) • Connect and manage devices • Secure the communication • Process and Act • Monitor What is it?
SACON 2020 Unshackling from Traditional SDLC
SACON 2020 Security Development Life Cycle Security Architecture, Privacy Requirements Threat Modeling, Attack Trees & Data Access Reviews Focused Security Code Reviews & Privacy Planning Fuzzing, Penetration Testing, Privacy Sign-off Fix verification, Incident Response Planning Delta Security Assessment, Security for Continuous Integration/ Delivery Program Conception Design Implementation Pre-Launch Deployment Maintenance Reviews Reviews & Reports Reports Resolution & Sign-off Reports Device Mobile Cloud
SACON 2020 Privacy • Why worry? • Global Markets • Country-specific guidelines • Ecosystems and overlapping policies GDPR!
SACON 2020 Summary • Plethora of protocols & standards make IoT security messy • Make hardware & software for IoT comms undergo penetration testing • RZUSBStick works great. Also, ApiMote • Not much else • BT/BLE sniffing is very sketchy • Cloud Services giants & increasing number of IoT services • SDLC and Shift-left Ecosystem Protocols Integration Interoperability
SACON 2020 www.deeparmor.com | @deep_armor | services@deeparmor.com SDLC Vulnerability Assessments Security Consulting Trainings

Recommended

(SACON) Dr. Soumya Maity & Lokesh Balu - A scalable, control-based, developer...
(SACON) Dr. Soumya Maity & Lokesh Balu - A scalable, control-based, developer...(SACON) Dr. Soumya Maity & Lokesh Balu - A scalable, control-based, developer...
(SACON) Dr. Soumya Maity & Lokesh Balu - A scalable, control-based, developer...
Priyanka Aash
 
(SACON) Pradyumn Nand & Mrinal Pande - Metron & Blitz, Building and scaling y...
(SACON) Pradyumn Nand & Mrinal Pande - Metron & Blitz, Building and scaling y...(SACON) Pradyumn Nand & Mrinal Pande - Metron & Blitz, Building and scaling y...
(SACON) Pradyumn Nand & Mrinal Pande - Metron & Blitz, Building and scaling y...
Priyanka Aash
 
(SACON) Satish Sreenivasaiah - DevSecOps Tools and Beyond
(SACON) Satish Sreenivasaiah - DevSecOps Tools and Beyond(SACON) Satish Sreenivasaiah - DevSecOps Tools and Beyond
(SACON) Satish Sreenivasaiah - DevSecOps Tools and Beyond
Priyanka Aash
 
(SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ...
(SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ... (SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ...
(SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ...
Priyanka Aash
 
(SACON) Apoorv Raj Saxena - Hacking and Securing Kubernetes and Dockers in Cl...
(SACON) Apoorv Raj Saxena - Hacking and Securing Kubernetes and Dockers in Cl...(SACON) Apoorv Raj Saxena - Hacking and Securing Kubernetes and Dockers in Cl...
(SACON) Apoorv Raj Saxena - Hacking and Securing Kubernetes and Dockers in Cl...
Priyanka Aash
 
IoT End-to-End Security Overview
IoT End-to-End Security OverviewIoT End-to-End Security Overview
IoT End-to-End Security Overview
Amazon Web Services
 
Software-Defined Segmentation Done Easily, Quickly and Right
Software-Defined Segmentation Done Easily, Quickly and RightSoftware-Defined Segmentation Done Easily, Quickly and Right
Software-Defined Segmentation Done Easily, Quickly and Right
SBWebinars
 
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...
Skycure
 

Recommended

(SACON) Dr. Soumya Maity & Lokesh Balu - A scalable, control-based, developer...
(SACON) Dr. Soumya Maity & Lokesh Balu - A scalable, control-based, developer...(SACON) Dr. Soumya Maity & Lokesh Balu - A scalable, control-based, developer...
(SACON) Dr. Soumya Maity & Lokesh Balu - A scalable, control-based, developer...
Priyanka Aash
 
(SACON) Pradyumn Nand & Mrinal Pande - Metron & Blitz, Building and scaling y...
(SACON) Pradyumn Nand & Mrinal Pande - Metron & Blitz, Building and scaling y...(SACON) Pradyumn Nand & Mrinal Pande - Metron & Blitz, Building and scaling y...
(SACON) Pradyumn Nand & Mrinal Pande - Metron & Blitz, Building and scaling y...
Priyanka Aash
 
(SACON) Satish Sreenivasaiah - DevSecOps Tools and Beyond
(SACON) Satish Sreenivasaiah - DevSecOps Tools and Beyond(SACON) Satish Sreenivasaiah - DevSecOps Tools and Beyond
(SACON) Satish Sreenivasaiah - DevSecOps Tools and Beyond
Priyanka Aash
 
(SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ...
(SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ... (SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ...
(SACON) Anand Tapikar - Attack vectors of Kubernetes infra. Are we on right ...
Priyanka Aash
 
(SACON) Apoorv Raj Saxena - Hacking and Securing Kubernetes and Dockers in Cl...
(SACON) Apoorv Raj Saxena - Hacking and Securing Kubernetes and Dockers in Cl...(SACON) Apoorv Raj Saxena - Hacking and Securing Kubernetes and Dockers in Cl...
(SACON) Apoorv Raj Saxena - Hacking and Securing Kubernetes and Dockers in Cl...
Priyanka Aash
 
IoT End-to-End Security Overview
IoT End-to-End Security OverviewIoT End-to-End Security Overview
IoT End-to-End Security Overview
Amazon Web Services
 
Software-Defined Segmentation Done Easily, Quickly and Right
Software-Defined Segmentation Done Easily, Quickly and RightSoftware-Defined Segmentation Done Easily, Quickly and Right
Software-Defined Segmentation Done Easily, Quickly and Right
SBWebinars
 
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and Dev...
Skycure
 
Protecting National Critical Infrastructure Asiangames 2018
Protecting National Critical Infrastructure Asiangames 2018Protecting National Critical Infrastructure Asiangames 2018
Protecting National Critical Infrastructure Asiangames 2018
Yusuf Hadiwinata Sutandar
 
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Lancope, Inc.
 
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Priyanka Aash
 
TechWiseTV Workshop: Cisco Stealthwatch and ISE
TechWiseTV Workshop: Cisco Stealthwatch and ISETechWiseTV Workshop: Cisco Stealthwatch and ISE
TechWiseTV Workshop: Cisco Stealthwatch and ISE
Robb Boyd
 
TechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSecTechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSec
Robb Boyd
 
TechWiseTV Workshop: Cisco ISE 2.1 (Identity Services Engine)
TechWiseTV Workshop: Cisco ISE 2.1 (Identity Services Engine)TechWiseTV Workshop: Cisco ISE 2.1 (Identity Services Engine)
TechWiseTV Workshop: Cisco ISE 2.1 (Identity Services Engine)
Robb Boyd
 
Cisco Connect Halifax 2018 Anatomy of attack
Cisco Connect Halifax 2018 Anatomy of attackCisco Connect Halifax 2018 Anatomy of attack
Cisco Connect Halifax 2018 Anatomy of attack
Cisco Canada
 
TechWiseTV Workshop: Stealthwatch Learning Network License
TechWiseTV Workshop: Stealthwatch Learning Network LicenseTechWiseTV Workshop: Stealthwatch Learning Network License
TechWiseTV Workshop: Stealthwatch Learning Network License
Robb Boyd
 
Ten security product categories you've (probably) never heard of
Ten security product categories you've (probably) never heard ofTen security product categories you've (probably) never heard of
Ten security product categories you've (probably) never heard of
Adrian Sanabria
 
2018 06 Presentation Cloudguard SaaS de Checkpoint
2018 06 Presentation Cloudguard SaaS de Checkpoint 2018 06 Presentation Cloudguard SaaS de Checkpoint
2018 06 Presentation Cloudguard SaaS de Checkpoint
e-Xpert Solutions SA
 
Get an office 365 expereience your users will love v8.1
Get an office 365 expereience your users will love v8.1Get an office 365 expereience your users will love v8.1
Get an office 365 expereience your users will love v8.1
Zscaler
 
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...
Cisco Canada
 
Pactera - Cloud, Application, Cyber Security Trend 2016
Pactera - Cloud, Application, Cyber Security Trend 2016Pactera - Cloud, Application, Cyber Security Trend 2016
Pactera - Cloud, Application, Cyber Security Trend 2016
Kyle Lai
 
Palo Alto Networks CASB
Palo Alto Networks CASBPalo Alto Networks CASB
Palo Alto Networks CASB
Alberto Rivai
 
The Software-Defined Perimeter: Securing Network Access for the Modern Workforce
The Software-Defined Perimeter: Securing Network Access for the Modern WorkforceThe Software-Defined Perimeter: Securing Network Access for the Modern Workforce
The Software-Defined Perimeter: Securing Network Access for the Modern Workforce
Perimeter 81
 
Overcoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the CloudOvercoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the Cloud
Zscaler
 
Modern Security Operations & Common Roles/Competencies
Modern Security Operations & Common Roles/Competencies Modern Security Operations & Common Roles/Competencies
Modern Security Operations & Common Roles/Competencies
Harry McLaren
 
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentOperational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Cryptzone
 
Check Point Solutions Portfolio- Detailed
Check Point Solutions Portfolio- DetailedCheck Point Solutions Portfolio- Detailed
Check Point Solutions Portfolio- Detailed
Moti Sagey מוטי שגיא
 
SDP Glossary v2.0
SDP Glossary v2.0 SDP Glossary v2.0
SDP Glossary v2.0
Shamun Mahmud
 
Connecting_Things_2.01_Instructor Supplemental Materials_Chapter4.pptx
Connecting_Things_2.01_Instructor Supplemental Materials_Chapter4.pptxConnecting_Things_2.01_Instructor Supplemental Materials_Chapter4.pptx
Connecting_Things_2.01_Instructor Supplemental Materials_Chapter4.pptx
ssuser52b751
 
Industrial IoT Mayhem? Java IoT Gateways to the Rescue
Industrial IoT Mayhem? Java IoT Gateways to the RescueIndustrial IoT Mayhem? Java IoT Gateways to the Rescue
Industrial IoT Mayhem? Java IoT Gateways to the Rescue
Eurotech
 

More Related Content

What's hot

Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Lancope, Inc.
 
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Priyanka Aash
 
TechWiseTV Workshop: Cisco Stealthwatch and ISE
TechWiseTV Workshop: Cisco Stealthwatch and ISETechWiseTV Workshop: Cisco Stealthwatch and ISE
TechWiseTV Workshop: Cisco Stealthwatch and ISE
Robb Boyd
 
SDP Glossary v2.0
SDP Glossary v2.0 SDP Glossary v2.0
SDP Glossary v2.0
Shamun Mahmud
 

What's hot (20)

Protecting National Critical Infrastructure Asiangames 2018
Protecting National Critical Infrastructure Asiangames 2018Protecting National Critical Infrastructure Asiangames 2018
Protecting National Critical Infrastructure Asiangames 2018
 
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
 
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
 
TechWiseTV Workshop: Cisco Stealthwatch and ISE
TechWiseTV Workshop: Cisco Stealthwatch and ISETechWiseTV Workshop: Cisco Stealthwatch and ISE
TechWiseTV Workshop: Cisco Stealthwatch and ISE
 
TechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSecTechWiseTV Workshop: Cisco TrustSec
TechWiseTV Workshop: Cisco TrustSec
 
TechWiseTV Workshop: Cisco ISE 2.1 (Identity Services Engine)
TechWiseTV Workshop: Cisco ISE 2.1 (Identity Services Engine)TechWiseTV Workshop: Cisco ISE 2.1 (Identity Services Engine)
TechWiseTV Workshop: Cisco ISE 2.1 (Identity Services Engine)
 
Cisco Connect Halifax 2018 Anatomy of attack
Cisco Connect Halifax 2018 Anatomy of attackCisco Connect Halifax 2018 Anatomy of attack
Cisco Connect Halifax 2018 Anatomy of attack
 
TechWiseTV Workshop: Stealthwatch Learning Network License
TechWiseTV Workshop: Stealthwatch Learning Network LicenseTechWiseTV Workshop: Stealthwatch Learning Network License
TechWiseTV Workshop: Stealthwatch Learning Network License
 
Ten security product categories you've (probably) never heard of
Ten security product categories you've (probably) never heard ofTen security product categories you've (probably) never heard of
Ten security product categories you've (probably) never heard of
 
2018 06 Presentation Cloudguard SaaS de Checkpoint
2018 06 Presentation Cloudguard SaaS de Checkpoint 2018 06 Presentation Cloudguard SaaS de Checkpoint
2018 06 Presentation Cloudguard SaaS de Checkpoint
 
Get an office 365 expereience your users will love v8.1
Get an office 365 expereience your users will love v8.1Get an office 365 expereience your users will love v8.1
Get an office 365 expereience your users will love v8.1
 
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...
Cisco connect winnipeg 2018 stealthwatch whiteboard session and cisco secur...
 
Pactera - Cloud, Application, Cyber Security Trend 2016
Pactera - Cloud, Application, Cyber Security Trend 2016Pactera - Cloud, Application, Cyber Security Trend 2016
Pactera - Cloud, Application, Cyber Security Trend 2016
 
Palo Alto Networks CASB
Palo Alto Networks CASBPalo Alto Networks CASB
Palo Alto Networks CASB
 
The Software-Defined Perimeter: Securing Network Access for the Modern Workforce
The Software-Defined Perimeter: Securing Network Access for the Modern WorkforceThe Software-Defined Perimeter: Securing Network Access for the Modern Workforce
The Software-Defined Perimeter: Securing Network Access for the Modern Workforce
 
Overcoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the CloudOvercoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the Cloud
 
Modern Security Operations & Common Roles/Competencies
Modern Security Operations & Common Roles/Competencies Modern Security Operations & Common Roles/Competencies
Modern Security Operations & Common Roles/Competencies
 
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentOperational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS Environment
 
Check Point Solutions Portfolio- Detailed
Check Point Solutions Portfolio- DetailedCheck Point Solutions Portfolio- Detailed
Check Point Solutions Portfolio- Detailed
 
SDP Glossary v2.0
SDP Glossary v2.0 SDP Glossary v2.0
SDP Glossary v2.0
 

Similar to (SACON 2020) Practical Exploitation of IoT Networks and Ecosystems workshop

Connecting_Things_2.01_Instructor Supplemental Materials_Chapter4.pptx
Connecting_Things_2.01_Instructor Supplemental Materials_Chapter4.pptxConnecting_Things_2.01_Instructor Supplemental Materials_Chapter4.pptx
Connecting_Things_2.01_Instructor Supplemental Materials_Chapter4.pptx
ssuser52b751
 
Industrial IoT Mayhem? Java IoT Gateways to the Rescue
Industrial IoT Mayhem? Java IoT Gateways to the RescueIndustrial IoT Mayhem? Java IoT Gateways to the Rescue
Industrial IoT Mayhem? Java IoT Gateways to the Rescue
Eurotech
 
Vlad Trifa, Chief Product Officer ,Ambrosus - Bridging Blockchains and the Io...
Vlad Trifa, Chief Product Officer ,Ambrosus - Bridging Blockchains and the Io...Vlad Trifa, Chief Product Officer ,Ambrosus - Bridging Blockchains and the Io...
Vlad Trifa, Chief Product Officer ,Ambrosus - Bridging Blockchains and the Io...
Techsylvania
 
Io t solutions world congress 2018 review Henk Jan van Wijk Conclusion Connect
Io t solutions world congress 2018 review Henk Jan van Wijk Conclusion Connect Io t solutions world congress 2018 review Henk Jan van Wijk Conclusion Connect
Io t solutions world congress 2018 review Henk Jan van Wijk Conclusion Connect
Conclusion Connect enabling industry 4.0 with IoT
 
TM4C-IoT-Gateway-with-Security-Protection_0.pdf
TM4C-IoT-Gateway-with-Security-Protection_0.pdfTM4C-IoT-Gateway-with-Security-Protection_0.pdf
TM4C-IoT-Gateway-with-Security-Protection_0.pdf
ssuser8b324e
 
Internet of Things Innovations & Megatrends Update 12/14/16
Internet of Things Innovations & Megatrends Update 12/14/16Internet of Things Innovations & Megatrends Update 12/14/16
Internet of Things Innovations & Megatrends Update 12/14/16
Mark Goldstein
 

Similar to (SACON 2020) Practical Exploitation of IoT Networks and Ecosystems workshop (20)

Connecting_Things_2.01_Instructor Supplemental Materials_Chapter4.pptx
Connecting_Things_2.01_Instructor Supplemental Materials_Chapter4.pptxConnecting_Things_2.01_Instructor Supplemental Materials_Chapter4.pptx
Connecting_Things_2.01_Instructor Supplemental Materials_Chapter4.pptx
 
Industrial IoT Mayhem? Java IoT Gateways to the Rescue
Industrial IoT Mayhem? Java IoT Gateways to the RescueIndustrial IoT Mayhem? Java IoT Gateways to the Rescue
Industrial IoT Mayhem? Java IoT Gateways to the Rescue
 
Gustavo Zastrow - Introduction to AWS IoT Core and MQTT
Gustavo Zastrow - Introduction to AWS IoT Core and MQTTGustavo Zastrow - Introduction to AWS IoT Core and MQTT
Gustavo Zastrow - Introduction to AWS IoT Core and MQTT
 
Drobics trustworthy io-t-for-industrial-applications
Drobics trustworthy io-t-for-industrial-applicationsDrobics trustworthy io-t-for-industrial-applications
Drobics trustworthy io-t-for-industrial-applications
 
(Sacon) Sumanth Naropanth - IoT network & ecosystem security attacks & secur...
(Sacon) Sumanth Naropanth - IoT network & ecosystem security attacks & secur...(Sacon) Sumanth Naropanth - IoT network & ecosystem security attacks & secur...
(Sacon) Sumanth Naropanth - IoT network & ecosystem security attacks & secur...
 
Market Trend And Korenix IIoT Vision - 2018
Market Trend And Korenix IIoT Vision - 2018Market Trend And Korenix IIoT Vision - 2018
Market Trend And Korenix IIoT Vision - 2018
 
Vlad Trifa, Chief Product Officer ,Ambrosus - Bridging Blockchains and the Io...
Vlad Trifa, Chief Product Officer ,Ambrosus - Bridging Blockchains and the Io...Vlad Trifa, Chief Product Officer ,Ambrosus - Bridging Blockchains and the Io...
Vlad Trifa, Chief Product Officer ,Ambrosus - Bridging Blockchains and the Io...
 
IoTSummit: Create iot devices connected or on the edge using ai and ml
IoTSummit: Create iot devices connected or on the edge using ai and mlIoTSummit: Create iot devices connected or on the edge using ai and ml
IoTSummit: Create iot devices connected or on the edge using ai and ml
 
Overblik over trådløs teknologi og designovervejelser
Overblik over trådløs teknologi og designovervejelserOverblik over trådløs teknologi og designovervejelser
Overblik over trådløs teknologi og designovervejelser
 
Internet of Things
Internet of ThingsInternet of Things
Internet of Things
 
Io t solutions world congress 2018 review Henk Jan van Wijk Conclusion Connect
Io t solutions world congress 2018 review Henk Jan van Wijk Conclusion Connect Io t solutions world congress 2018 review Henk Jan van Wijk Conclusion Connect
Io t solutions world congress 2018 review Henk Jan van Wijk Conclusion Connect
 
Partner Keynote: Intel - The New Frontier of Cloud Computing
Partner Keynote: Intel - The New Frontier of Cloud ComputingPartner Keynote: Intel - The New Frontier of Cloud Computing
Partner Keynote: Intel - The New Frontier of Cloud Computing
 
Enterprise-Grade IoT Infrastructure and Connectivity on AWS
Enterprise-Grade IoT Infrastructure and Connectivity on AWSEnterprise-Grade IoT Infrastructure and Connectivity on AWS
Enterprise-Grade IoT Infrastructure and Connectivity on AWS
 
TM4C-IoT-Gateway-with-Security-Protection_0.pdf
TM4C-IoT-Gateway-with-Security-Protection_0.pdfTM4C-IoT-Gateway-with-Security-Protection_0.pdf
TM4C-IoT-Gateway-with-Security-Protection_0.pdf
 
Is your MQTT broker IoT ready?
Is your MQTT broker IoT ready?Is your MQTT broker IoT ready?
Is your MQTT broker IoT ready?
 
INTERNET OF THINGS.pptx
INTERNET OF THINGS.pptxINTERNET OF THINGS.pptx
INTERNET OF THINGS.pptx
 
Internet of things chapter2.pdf
Internet of things chapter2.pdfInternet of things chapter2.pdf
Internet of things chapter2.pdf
 
Internet of Things Innovations & Megatrends Update 12/14/16
Internet of Things Innovations & Megatrends Update 12/14/16Internet of Things Innovations & Megatrends Update 12/14/16
Internet of Things Innovations & Megatrends Update 12/14/16
 
the connection of iot with lora pan which enable
the connection of iot with lora pan which enablethe connection of iot with lora pan which enable
the connection of iot with lora pan which enable
 
UCT IoT Deployment and Challenges
UCT IoT Deployment and ChallengesUCT IoT Deployment and Challenges
UCT IoT Deployment and Challenges
 

More from Priyanka Aash

Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Priyanka Aash
 

More from Priyanka Aash (20)

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdf
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdf
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdf
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdf
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdf
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 Battlefield
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware Attacks
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 

Recently uploaded

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 

Recently uploaded (20)

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 

(SACON 2020) Practical Exploitation of IoT Networks and Ecosystems workshop

  • 1. Practical Exploitation of IoT Networks and Ecosystems Sanjay V & Nitin Lakshmanan DEEP ARMOR www.deeparmor.com
 @deep_armor
  • 2. SACON 2020 Instructors Nitin Lakshmanan Senior Security Analyst Deep Armor Aujas Networks, Aricent/ Intel Sanjay V Security Analyst Deep Armor Deloitte
  • 3. SACON 2020 Agenda • IoT Architecture & Intro to IoT Security • Security Paradigms for the Building Blocks • Wireless Protocols • Hands-on Exercises • Security Development Life Cycle (SDLC) for IoT • Fun Hacking Activities • Summary Hacking Zigbee-style Wireless Sensor Networks Breaking Bluetooth Security Attacking Consumer IoT Ecosystems AWS IoT Core & Cloud Services Hands-on Exercises
  • 4. SACON 2020 Internet Of Things • Network of devices connected 
 to Internet • Connect, Collect and Exchange • Part of the fast growing electronic culture • Revolution in all the fields Connected People Connected Fleets Connected Infra Connected Markets Connected Assets Connected Products Network Data
  • 5. SACON 2020 Messy World of IoT Security • “Let me get the product out first” • “I’m paying a supplier for hardware/software. Security is their responsibility” • “We don’t store any confidential information” • “Let me worry about it if/when we get hacked” • “We are 100% secure (!)” • …
  • 6. SACON 2020 Attacks on IoT products
  • 7. SACON 2020 IoT Security & Businesses • Security is often seen as zero ROI • Impedes rapid prototyping and delivery (doesn’t have to) • Consumers will buy anyway • Poor awareness; Sometimes, lack of options • Liability laws are almost non-existent • Few that exist don’t hold water
  • 8. SACON 2020 Range / Power of protocols for IoT Protocol Power Range WiFi High Long Zigbee / Z-Wave Low Short to Mid BT / BLE Low Short LPWAN Low Long
  • 9. SACON 2020 Zigbee • Low data rate wireless applications • Smart energy, medical, home automation, IIoT • Two bands of operation: 868/915MHz and 2450MHz • Simpler & less expensive than Bluetooth • 10-100m range • Zigbee Alliance
  • 10. SACON 2020 Zigbee Security Model • Open Trust model (Device Trust Boundary) • Crypto protection only between devices • All services employ the same security suite
  • 11. SACON 2020 Practical Exploitation of IoT
 Wireless Sensor Networks (WSN)
  • 12. SACON 2020 Agenda • IEEE 802.15.4 (Layer 1 & 2 definitions for Zigbee) • Tools • Setup • Attack and Defense • Packet Generation • Sniffing and Injection • Packet Manipulation • Security Hardening
  • 13. SACON 2020 802.15.4 • IEEE standard for low-rate wireless personal area networks (LR-WPANs) • 6LoWPAN for IPv6 over WPANs • Zigbee extends 802.15.4 
 (wrapper services) Application Presentation Session Transport Network Data Link Physical Logical Link Control Media Access Control ZigbeeSpec
  • 14. SACON 2020 Attacking WSN • IoT product simulator • 802.15.4-based network • Packet sniffing, manipulation and injection • Goals: • Understanding basic packet header formats • Security models for protecting communication • Hardware and software tools for packet sniffing & injection
  • 15. SACON 2020 Challenges • Insufficient security research and documentation • Few testing/debugging platforms • Reliable ones are very expensive or obsoleted • Beta quality hardware at best • Took us weeks, studying blogs, asking questions, trial- and-error, … • Lots of future work possible. Wanna collaborate?
  • 16. SACON 2020 Generating & Analyzing IEEE 802.15.4 WSN packets (MAC Layer)
  • 17. SACON 2020 WSN Internals Payload DASRC SEQ NUM PAN ID DST Payload D A SRC SEQN U M PA NID D ST Attacker Gateway
  • 18. SACON 2020 Impact • Compromise integrity of sensor data • Spoof all legit devices in the network • Logistics & Asset Management - think Vaccine Transportation! • Medical Use Cases - Hospital monitoring • Security and Surveillance • Rapid emergency response for Industries • CVSSv3 Score: 9.3
  • 20. SACON 2020 Approach • We care about: • Integrity of data transmitted (bi-directional) • Confidentiality (sometimes) • Device attestation in the WSN • Crypto • IoT Platform Constraints • RAM and flash memory are often in KBs • Traditional crypto is way too intensive • Libraries — Few and proprietary
  • 21. SACON 2020 • Protecting data integrity is (should be) a key security objective • Use Crypto • Challenges • Need for HW Acceleration • Key provisioning and exchange • Traditional Public Key Crypto is often unacceptable • Nonce-based approaches are easy but insecure • We did not discuss: • Device Security Measures (Secure Boot, Secure FOTA, etc.) • Out of the box provisioning, device mapping and reuse • Key Management Summary
  • 22. SACON 2020 Consumer IoT Security
 &
 AWS-IoT Topics
  • 23. SACON 2020 Agenda • Consumer IoT • Case Study: “X” Fitness Band & “X” Wearable Technology device • Weaknesses in Smartphone Platforms <—> Wearables channels • Hands-on hacking of Bluetooth and BLE protocols • Hardening BLE • AWS IoT Core • Secure by Design and SDLC for IoT Platforms
  • 25. SACON 2020 Introduction • Wireless protocol for short range data exchange • BT: 1-100m • BLE: 10-600m • BLE is Light-weight subset of classic Bluetooth with low power consumption • RF range: 2.4 - 2.485 GHz • Maintained & Governed by the Bluetooth Special Interest Group (SIG) • Popular use cases: wearable devices, smart pay systems, healthcare, smart security systems etc
  • 26. SACON 2020 Bluetooth 5 Feature Bluetooth 5 Bluetooth 4.2 Speed Supports 2 Mbps Supports 1 Mbps Range 40m indoor 10m indoor Power Requirement Low High Message capacity 255 bytes 31 bytes • Latest version of BT and BLE Spec • Improvements to BLE • Aimed at IoT (especially consumer)
  • 27. SACON 2020 Bluetooth LE security Secure Simple Pairing (SSP) • Just Works: very limited/no user interface • Numeric Comparison: devices with display or yes/no button • Passkey Entry: 6 digit pin as the pass key • Out Of Band: Out of the band channel for key exchange to thwart MITM attacks • Network traffic is encrypted with AES-128
  • 29. SACON 2020 Attacking Wearable - Mobile Ecosystems Section A
  • 30. SACON 2020 Section B BLE Packet Analysis using Wireshark (“X” Popular fitness tracker)
  • 31. SACON 2020 Section B: Sniffing with Ubertooth
  • 32. SACON 2020 Summary • BT/BLE network packet analysis is easy • Market-available HW and SW • Many products do not enable the existing encryption mechanisms offered by the BT spec • At the very least, enable LTK-encryption
  • 33. SACON 2020 Section C Attacking BLE LTK Encryption
  • 36. SACON 2020 Agenda • IoT Services from Modern Cloud Vendors • AWS IoT Core • Setting up IoT Core with device simulators • Secure configuration • AWS Cloud Security Checks
  • 37. SACON 2020 • Managed cloud service for connected devices to interact with cloud applications • Amazon FreeRTOS — open-source OS for MCUs (low power & memory) • Connect and manage devices • Secure the communication • Process and Act • Monitor What is it?
  • 38. SACON 2020 Unshackling from Traditional SDLC
  • 39. SACON 2020 Security Development Life Cycle Security Architecture, Privacy Requirements Threat Modeling, Attack Trees & Data Access Reviews Focused Security Code Reviews & Privacy Planning Fuzzing, Penetration Testing, Privacy Sign-off Fix verification, Incident Response Planning Delta Security Assessment, Security for Continuous Integration/ Delivery Program Conception Design Implementation Pre-Launch Deployment Maintenance Reviews Reviews & Reports Reports Resolution & Sign-off Reports Device Mobile Cloud
  • 40. SACON 2020 Privacy • Why worry? • Global Markets • Country-specific guidelines • Ecosystems and overlapping policies GDPR!
  • 41. SACON 2020 Summary • Plethora of protocols & standards make IoT security messy • Make hardware & software for IoT comms undergo penetration testing • RZUSBStick works great. Also, ApiMote • Not much else • BT/BLE sniffing is very sketchy • Cloud Services giants & increasing number of IoT services • SDLC and Shift-left Ecosystem Protocols Integration Interoperability
  • 42. SACON 2020 www.deeparmor.com | @deep_armor | services@deeparmor.com SDLC Vulnerability Assessments Security Consulting Trainings