We are in the age of Cybercrimes and just getting started with Internet of Things. There will be a huge demand for IoT as 50 billion connected devices will be deployed across the globe by 2020. These devices will communicate with each other where the web and the physical world will meet with different set of internet infrastructure and protocols. This in turn, will not only help us in saving money, but also provide us with more options. Discussion Topics: • The importance of IoT • How will they impact in our everyday lives? • Is Internet of Things Secure? • Securing Internet of Things But, the Tech buzz is all about: Security of Things (Security in the Internet of Things). How far these Internet of Things can be trusted? Can these IoT devices be hacked? How they have become the Next Cyber Security Target for hackers? How can we secure Internet of Things? For more details, please visit www.clictest.com or drop us an email to info@clictest.com

1. Internet of Things(IoT):The Next Cyber
Security Target
Praveen Kumar Gandi
Head Information Security Services
ClicTest
praveen.g@clictest.com
By
Disclaimer: The images used in this presentation belong to their respective copyright holders and are used for educational purposes only. All
other rights are reserved.

2. Pre-
Internet
Internet of
CONTENT
Internet of
SERVICES
Internet of
PEOPLE
Internet of
THINGS
“HUMAN
TO
HUMAN”
“WWW” “WEB 2.0” “SOCIAL
MEDIA”
“MACHINE
TO
MACHINE”
• Fixed &
mobile
telephony
• SMS
• E-mail
• Information
• Entertainment
• E-productivity
• E-commerce
• …
• Skype
• Facebook
• YouTube
• Twitter
• ….
• Identification,
tracking,
monitoring,
metering ….
• Semantically
structured and
shared data …
+ Smart
networks
+ Smart
IT platforms
& services
+ Smart
Phones &
applications
+ Smart
Devices,
objects & tags
+ Smart
Data & ambient
context
Evolution of Internet of Things

3. • According to Gartner's analysis,
there will be nearly 26 billion
devices on the Internet of Things
by 2020.
• As per ABI Research, an
estimation of more than 30
billion devices will be wirelessly
connected to Internet of Things.
• And as per the
MarketsandMarkets Analysis, the
estimated revenue generated on
these smart product sales by
2016 will be $1 Trillion.
Importance of Internet of Things
Source: Cisco

4. Internet of Things(IoT)
• Originally, The Internet of Things (IoT) refers
to “the interconnection of uniquely
identifiable embedded computing devices
within the existing Internet infrastructure”.
• As the technology advances, the term
Internet of Things(IoT) denotes to
“Advanced connectivity of devices, systems,
and services that goes beyond machine-to-
machine communications (M2M) and covers
a variety of protocols, domains, and
applications”.
Source: http://en.wikipedia.org/wiki/Internet_of_Things

5. Internet of Things(IoT)
• The IoT represents an evolution of future
as many physical devices communicate
with each other everyday through internet
and identify themselves with other
devices.
• The other technologies like RFID, Sensor
technologies, Wireless technologies, etc.
will also be used as method of
communication.

6. IPV6
Inexpensive and High
Speed Connection
Big
Data
and
Cloud
Inexpensive and
Powerful Hardware
Internet
Evolution

7. Source:Cisco

8. Types of Internet of Things
Information
Technology
• PCs
• Servers
• Virtualization
• Routers
• Switches
Personal Technology
• Tablets
• Smart phones
• Smart watches
• Home energy
• Home entertainment
• Home control
• Medical implants
• Medical wearables
Operational
Technology
• Industrial Control
Systems(ICS)
• Supervisory control
and data acquisition
• Medical machines
• Kiosks
• Manufacturing
• Cloud service
infrastructure
• Environmental
Monitoring

9. Do you know?
• The First IOT device
is Internet Coke
Machine at
Carnegie Mellon
University
introduced in the
year 1982”.

10. Internet of Things In Everyday Life

11. Internet of Things in Homes(Smart Homes)

12. How IoT works?
Source: Securing the IoT World by Aaron Guzman

13. Are Internet of Things Secure?

14. Smart Cars got pwned!!

15. Smart Lights can be Hacked
• Unsecure communication
between bridge and application
•Vulnerability in smart bulb
makes home black out by
security researcher
•Fixed in Latest Version

16. Vulnerabilities in IoT Devices
• Due to improper security model implementation and unsecure
communication between the device and application.
• Any device on the same Wi-Fi network can command or control these
devices.

17. How far IoT can be hacked?
Remember “Fire Sale” in Die Hard 4.0

18. Hurdles Securing the IoT
• There is no consistent or
official software update
process or mechanism
• There is little or no
understanding of the cyber
threats embedded in their
systems
• There is lack of accountability
for device security
• Improper configuration or
purpose-built features that
equate to security flaws
• Data privacy

19. Securing the IoT
• Keep your Software/firmware
Updated
• Ensure that connectivity is Secure.
eg: Two Factor Authentication

20. • Secure the location of the
data being reported by
IoT-linked devices.
• Encrypt the System.
eg: Two-Person Controls
Securing the IoT

21. • Ensure Supply Chain
Security.
Prevention of counterfeit hardware by
procedures to certify manufacturers’ supply
chain processes to prevent the introduction of
malicious code.
• Support IoT security.
We must support regulation that requires that
IoT devices meet security standards, just as we
require standards for our electrical devices
with UL approval requirements.
Securing the IoT

22. • Use out of band (OOB) systems
– closed systems (intranets) that
are not open to the public.
The Defence Department uses IoT linked devices, but
they are mainly out of reach from hackers because they
are OOB. Defence weapons systems and even sensor-
wearing soldiers report critical status information to
centralized control centres that feed decision
makers. While less vulnerable to being hacked, these
OOB systems are subject to insider attacks.
Securing the IoT

23. • Support Standardization.
Eg: OWASP
Securing the IoT
Source: IoT-Attack-Surfaces-Defcon-2015

24. Securing the IoT
• Stay informed.
National Institute of Standards and
Technology and Federal Guidance such as
Federal Information Processing Standards
(FIPS) address critical steps that are needed
to secure and protect information and critical
systems.

25. Thank You !
Praveen Kumar G
Head Information Security Services |ClicTest
E-mail: praveen.g@clictest.com