SlideShare a Scribd company logo

CloudCamp Chicago lightning talk "The Internet of (Insecure) Things" - Chandler Howell

CloudCamp Chicago
CloudCamp Chicago

Lightning talk slides from the June 2015 CloudCamp "unconference" focused on "The Internet of Things (IoT)" "The Internet of (Insecure) Things" - Chandler Howell, Engineering Manager at Nexum @chandlerhowell About CloudCamp: the event features short lightning talks, an "unpanel" with audience participation and questions, and small breakout clusters around beers and pizza. Hosted by Cohesive Networks at TechNexus.

Technology
1 of 25
Download to read offline
"The Internet of (Insecure) Things" Chandler Howell, 
 Engineering Manager at Nexum Tweet: @chandlerhowell #cloudcamp #cloudcamp @CloudCamp_CHI Sponsored by Hosted by
The Internet of (Insecure) Things Chandler Howell June 2015
The Internet of (Insecure) Things 1. Smart is the New Dumb 2. When Worlds Collide 3. Failure Modes 4. A Parade of Horrors 5. So What Should I do Now?
SMART IS THE NEW DUMB Ironic, really
Smart is the New Dumb Smart, butVulnerable Security is not a priority of IoT (yet) Focus is on Time to market Features & Functionality Focus is NOT on Security Maintainability Longevity
WHEN WORLDS COLLIDE We ain’t seen nothing yet
When Worlds Collide Lifecycles are mismatched Technology lifecycles are very short Devices go EOL in 3-5 years or less Consumer lifecycles are longer Refrigerators, coffee makers, etc. can last 10 years Industrial Equipment may outlive you Heavy Equipment can have service lives >50 years
FAILURE MODES How can I fail thee? Let me count the ways…
Failure Modes 1. Get Broken 2. Get Leveraged 3. Get Exploited
Failure Modes Get Broken Damage or destroy the device or attached devices For example… Plant Control Systems People with Pacemakers
Failure Modes Get Leveraged Compromised Device is used as a vector for other Badness For Example… Unlock a Smart Home Join a botnet Provide a beachhead for APT
Failure Modes Get Exploited The device can be used to spy on people, either directly or indirectly Yes, even more examples… Smart TV’s Data & MetaData Collection
A PARADE OF HORRORS It’s spelled “IoT” but it’s pronounced “Fail”
A Parade of Horrors Welcome to the Future
A Parade of Horrors Consumer Goods Refrigerators Smart Fridges found in a botnet (2014) 25% of devices in that large botnet were IoT Televisions & Electronics Samsung “Smart TV” Spying Numerous XSS, local exploits Light Bulbs LIFX “Smart” Bulbs authentication flaws Disclosed credentials for attached wi-fi
A Parade of Horrors Medical Devices Surgical and anesthesia devices Ventilators Drug infusion pumps Pacemakers External defibrillators Patient monitors Laboratory and analysis equipment Pretty much every type of failure you can imagine
A Parade of Horrors Cars Black Boxes Data stolen or altered Remote Lock/Unlock and starters Key fobs and alarm protocols broken ON*Star Hacked & Abused by Law Enforcement Braking & steering controls Integration with entertainment/dash allowed access and compromise
A Parade of Horrors Airplanes Drones Definitely In-Flight Entertainment Definitely Passenger Flight Control Maybe
A Parade of Horrors Infrastructure Traffic Lights Plaintext wireless Weak/No Authentication Industrial Control Systems 2008: Turkish Gas Pipeline Destroyed 2010: Iranian Gas Centrifuges (Stuxnet) 2014: Steel Mill’s Blast Furnace ($17mm in damage) Utility Meters Weak Authentication Inaccurate readings == Fraud Tampered or otherwise
SO WHAT SHOULD I DO? Can I have a hint?
Fortunately, not this. So what should I do?
So what should I do? Realize these are not new problems Insecure computers are nothing new Think in terms of Failure Modes Use these to understand your threats Expect Novel attack types Inference Attacks Side-Channel Attacks
So what should I do? Architect for Insecure Things Assume devices are insecure by default If not today, they will be some day Leverage Security Tools & Processes Defense-in-Depth Threat Modeling Incident Response
So what should I do? Assess whether the Smart is worth the Risk Don’t forget how to live without IoT Think of it in Business Continuity Planning (BCP) or Disaster Recovery (DR) terms Smart Devices are just another system to fail
Get Dumb Again Like Power Over Ethernet (PoE) light bulbs… THANK YOU! Well, that was fun.

Recommended

Computer safety
Computer safetyComputer safety
Computer safetyAnaamorales27
 
Useful Things You Can Do With Absolute DDS & SIEM
Useful Things You Can Do With Absolute DDS & SIEMUseful Things You Can Do With Absolute DDS & SIEM
Useful Things You Can Do With Absolute DDS & SIEMAbsolute
 
Computer safety
Computer safetyComputer safety
Computer safetyahentz
 
Ce hv6 module 47 spying technologies
Ce hv6 module 47 spying technologiesCe hv6 module 47 spying technologies
Ce hv6 module 47 spying technologiesVi Tính Hoàng Nam
 
Don't Spy On Us - Dictators campaign
Don't Spy On Us - Dictators campaignDon't Spy On Us - Dictators campaign
Don't Spy On Us - Dictators campaignJim Killock
 
The Internet of Things – Good, Bad or Just Plain Ugly?
The Internet of Things – Good, Bad or Just Plain Ugly?The Internet of Things – Good, Bad or Just Plain Ugly?
The Internet of Things – Good, Bad or Just Plain Ugly?Yasmin AbdelAziz
 
Hacking Internet of Things (IoT)
Hacking Internet of Things (IoT)Hacking Internet of Things (IoT)
Hacking Internet of Things (IoT)SecPod Technologies
 
Scaling IoT
Scaling IoTScaling IoT
Scaling IoTMicheal Colhoun
 

Recommended

Computer safety
Computer safetyComputer safety
Computer safetyAnaamorales27
 
Useful Things You Can Do With Absolute DDS & SIEM
Useful Things You Can Do With Absolute DDS & SIEMUseful Things You Can Do With Absolute DDS & SIEM
Useful Things You Can Do With Absolute DDS & SIEMAbsolute
 
Computer safety
Computer safetyComputer safety
Computer safetyahentz
 
Ce hv6 module 47 spying technologies
Ce hv6 module 47 spying technologiesCe hv6 module 47 spying technologies
Ce hv6 module 47 spying technologiesVi Tính Hoàng Nam
 
Don't Spy On Us - Dictators campaign
Don't Spy On Us - Dictators campaignDon't Spy On Us - Dictators campaign
Don't Spy On Us - Dictators campaignJim Killock
 
The Internet of Things – Good, Bad or Just Plain Ugly?
The Internet of Things – Good, Bad or Just Plain Ugly?The Internet of Things – Good, Bad or Just Plain Ugly?
The Internet of Things – Good, Bad or Just Plain Ugly?Yasmin AbdelAziz
 
Hacking Internet of Things (IoT)
Hacking Internet of Things (IoT)Hacking Internet of Things (IoT)
Hacking Internet of Things (IoT)SecPod Technologies
 
Scaling IoT
Scaling IoTScaling IoT
Scaling IoTMicheal Colhoun
 
Avoid embarrassing press by designing secure IoT products with Misha Seltzer
Avoid embarrassing press by designing secure IoT products with Misha SeltzerAvoid embarrassing press by designing secure IoT products with Misha Seltzer
Avoid embarrassing press by designing secure IoT products with Misha SeltzerProduct of Things
 
IoT Mashup - Security for internet connected devices - Lyle
IoT Mashup - Security for internet connected devices - LyleIoT Mashup - Security for internet connected devices - Lyle
IoT Mashup - Security for internet connected devices - Lylewebinos project
 
SIM Portland IOT - Sandhi Bhide - (09-14-2016)
SIM Portland IOT - Sandhi Bhide - (09-14-2016)SIM Portland IOT - Sandhi Bhide - (09-14-2016)
SIM Portland IOT - Sandhi Bhide - (09-14-2016)sandhibhide
 
DHPA Techday 2015 - Patrick Savalle - Disruptive Technology
DHPA Techday 2015 - Patrick Savalle - Disruptive TechnologyDHPA Techday 2015 - Patrick Savalle - Disruptive Technology
DHPA Techday 2015 - Patrick Savalle - Disruptive TechnologySplend
 
This Time, It’s Personal: Why Security and the IoT Is Different
This Time, It’s Personal: Why Security and the IoT Is DifferentThis Time, It’s Personal: Why Security and the IoT Is Different
This Time, It’s Personal: Why Security and the IoT Is DifferentJustin Grammens
 
1_IoT and Its Interfacing Techniques.pdf
1_IoT and Its Interfacing Techniques.pdf1_IoT and Its Interfacing Techniques.pdf
1_IoT and Its Interfacing Techniques.pdfdrputtanr
 
Internet Of Things
Internet Of ThingsInternet Of Things
Internet Of ThingsSumit Pawar
 
IT Security for the Physical Security Professional
IT Security for the Physical Security ProfessionalIT Security for the Physical Security Professional
IT Security for the Physical Security Professionalciso_insights
 
The Devices are Coming! How the “Internet of Things” will affect IT.
The Devices are Coming! How the “Internet of Things” will affect IT.The Devices are Coming! How the “Internet of Things” will affect IT.
The Devices are Coming! How the “Internet of Things” will affect IT.Spiceworks Ziff Davis
 
The Convergence of IT, Operational Technology and the Internet of Things (IoT)
The Convergence of IT, Operational Technology and the Internet of Things (IoT)The Convergence of IT, Operational Technology and the Internet of Things (IoT)
The Convergence of IT, Operational Technology and the Internet of Things (IoT)Jackson Shaw
 
Security and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSecurity and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSomasundaram Jambunathan
 
Addressing security and privacy in io t ecosystem v0.4
Addressing security and privacy in io t ecosystem v0.4Addressing security and privacy in io t ecosystem v0.4
Addressing security and privacy in io t ecosystem v0.4Somasundaram Jambunathan
 
azeem final iot report.docx
azeem final iot report.docxazeem final iot report.docx
azeem final iot report.docxQadeerAhmadShaikh
 
Internet of Things (IoT) from a business Perspective
Internet of Things (IoT) from a business PerspectiveInternet of Things (IoT) from a business Perspective
Internet of Things (IoT) from a business PerspectiveOsama M. Khaled
 
Internet of things
Internet of thingsInternet of things
Internet of thingsAlan Haller
 
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...Duo Security
 
Hardware Trojans By - Anupam Tiwari
Hardware Trojans By - Anupam TiwariHardware Trojans By - Anupam Tiwari
Hardware Trojans By - Anupam TiwariOWASP Delhi
 
How to Avoid IoTageddon
How to Avoid IoTageddon How to Avoid IoTageddon
How to Avoid IoTageddon Bob Snyder
 
Security challenges for internet of things
Security challenges for internet of thingsSecurity challenges for internet of things
Security challenges for internet of thingsMonika Keerthi
 
The 3rd Industrial Revolution: Transforming Healthcare as We Know It?
The 3rd Industrial Revolution: Transforming Healthcare as We Know It?The 3rd Industrial Revolution: Transforming Healthcare as We Know It?
The 3rd Industrial Revolution: Transforming Healthcare as We Know It?garycmdpr
 
CloudCamp Chicago lightning talk "IoT Perspectives from the Trenches" - Steve...
CloudCamp Chicago lightning talk "IoT Perspectives from the Trenches" - Steve...CloudCamp Chicago lightning talk "IoT Perspectives from the Trenches" - Steve...
CloudCamp Chicago lightning talk "IoT Perspectives from the Trenches" - Steve...CloudCamp Chicago
 
CloudCamp Chicago lightning talk IoT in Healthcare
CloudCamp Chicago lightning talk IoT in Healthcare CloudCamp Chicago lightning talk IoT in Healthcare
CloudCamp Chicago lightning talk IoT in Healthcare CloudCamp Chicago
 

More Related Content

Similar to CloudCamp Chicago lightning talk "The Internet of (Insecure) Things" - Chandler Howell

Avoid embarrassing press by designing secure IoT products with Misha Seltzer
Avoid embarrassing press by designing secure IoT products with Misha SeltzerAvoid embarrassing press by designing secure IoT products with Misha Seltzer
Avoid embarrassing press by designing secure IoT products with Misha SeltzerProduct of Things
 
IoT Mashup - Security for internet connected devices - Lyle
IoT Mashup - Security for internet connected devices - LyleIoT Mashup - Security for internet connected devices - Lyle
IoT Mashup - Security for internet connected devices - Lylewebinos project
 
SIM Portland IOT - Sandhi Bhide - (09-14-2016)
SIM Portland IOT - Sandhi Bhide - (09-14-2016)SIM Portland IOT - Sandhi Bhide - (09-14-2016)
SIM Portland IOT - Sandhi Bhide - (09-14-2016)sandhibhide
 
DHPA Techday 2015 - Patrick Savalle - Disruptive Technology
DHPA Techday 2015 - Patrick Savalle - Disruptive TechnologyDHPA Techday 2015 - Patrick Savalle - Disruptive Technology
DHPA Techday 2015 - Patrick Savalle - Disruptive TechnologySplend
 
This Time, It’s Personal: Why Security and the IoT Is Different
This Time, It’s Personal: Why Security and the IoT Is DifferentThis Time, It’s Personal: Why Security and the IoT Is Different
This Time, It’s Personal: Why Security and the IoT Is DifferentJustin Grammens
 
1_IoT and Its Interfacing Techniques.pdf
1_IoT and Its Interfacing Techniques.pdf1_IoT and Its Interfacing Techniques.pdf
1_IoT and Its Interfacing Techniques.pdfdrputtanr
 
Internet Of Things
Internet Of ThingsInternet Of Things
Internet Of ThingsSumit Pawar
 
IT Security for the Physical Security Professional
IT Security for the Physical Security ProfessionalIT Security for the Physical Security Professional
IT Security for the Physical Security Professionalciso_insights
 
The Devices are Coming! How the “Internet of Things” will affect IT.
The Devices are Coming! How the “Internet of Things” will affect IT.The Devices are Coming! How the “Internet of Things” will affect IT.
The Devices are Coming! How the “Internet of Things” will affect IT.Spiceworks Ziff Davis
 
The Convergence of IT, Operational Technology and the Internet of Things (IoT)
The Convergence of IT, Operational Technology and the Internet of Things (IoT)The Convergence of IT, Operational Technology and the Internet of Things (IoT)
The Convergence of IT, Operational Technology and the Internet of Things (IoT)Jackson Shaw
 
Security and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSecurity and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSomasundaram Jambunathan
 
Addressing security and privacy in io t ecosystem v0.4
Addressing security and privacy in io t ecosystem v0.4Addressing security and privacy in io t ecosystem v0.4
Addressing security and privacy in io t ecosystem v0.4Somasundaram Jambunathan
 
Internet of Things (IoT) from a business Perspective
Internet of Things (IoT) from a business PerspectiveInternet of Things (IoT) from a business Perspective
Internet of Things (IoT) from a business PerspectiveOsama M. Khaled
 
Internet of things
Internet of thingsInternet of things
Internet of thingsAlan Haller
 
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...Duo Security
 
Hardware Trojans By - Anupam Tiwari
Hardware Trojans By - Anupam TiwariHardware Trojans By - Anupam Tiwari
Hardware Trojans By - Anupam TiwariOWASP Delhi
 
How to Avoid IoTageddon
How to Avoid IoTageddon How to Avoid IoTageddon
How to Avoid IoTageddon Bob Snyder
 
Security challenges for internet of things
Security challenges for internet of thingsSecurity challenges for internet of things
Security challenges for internet of thingsMonika Keerthi
 
The 3rd Industrial Revolution: Transforming Healthcare as We Know It?
The 3rd Industrial Revolution: Transforming Healthcare as We Know It?The 3rd Industrial Revolution: Transforming Healthcare as We Know It?
The 3rd Industrial Revolution: Transforming Healthcare as We Know It?garycmdpr
 

Similar to CloudCamp Chicago lightning talk "The Internet of (Insecure) Things" - Chandler Howell (20)

Avoid embarrassing press by designing secure IoT products with Misha Seltzer
Avoid embarrassing press by designing secure IoT products with Misha SeltzerAvoid embarrassing press by designing secure IoT products with Misha Seltzer
Avoid embarrassing press by designing secure IoT products with Misha Seltzer
 
IoT Mashup - Security for internet connected devices - Lyle
IoT Mashup - Security for internet connected devices - LyleIoT Mashup - Security for internet connected devices - Lyle
IoT Mashup - Security for internet connected devices - Lyle
 
SIM Portland IOT - Sandhi Bhide - (09-14-2016)
SIM Portland IOT - Sandhi Bhide - (09-14-2016)SIM Portland IOT - Sandhi Bhide - (09-14-2016)
SIM Portland IOT - Sandhi Bhide - (09-14-2016)
 
DHPA Techday 2015 - Patrick Savalle - Disruptive Technology
DHPA Techday 2015 - Patrick Savalle - Disruptive TechnologyDHPA Techday 2015 - Patrick Savalle - Disruptive Technology
DHPA Techday 2015 - Patrick Savalle - Disruptive Technology
 
This Time, It’s Personal: Why Security and the IoT Is Different
This Time, It’s Personal: Why Security and the IoT Is DifferentThis Time, It’s Personal: Why Security and the IoT Is Different
This Time, It’s Personal: Why Security and the IoT Is Different
 
1_IoT and Its Interfacing Techniques.pdf
1_IoT and Its Interfacing Techniques.pdf1_IoT and Its Interfacing Techniques.pdf
1_IoT and Its Interfacing Techniques.pdf
 
Internet Of Things
Internet Of ThingsInternet Of Things
Internet Of Things
 
IT Security for the Physical Security Professional
IT Security for the Physical Security ProfessionalIT Security for the Physical Security Professional
IT Security for the Physical Security Professional
 
The Devices are Coming! How the “Internet of Things” will affect IT.
The Devices are Coming! How the “Internet of Things” will affect IT.The Devices are Coming! How the “Internet of Things” will affect IT.
The Devices are Coming! How the “Internet of Things” will affect IT.
 
The Convergence of IT, Operational Technology and the Internet of Things (IoT)
The Convergence of IT, Operational Technology and the Internet of Things (IoT)The Convergence of IT, Operational Technology and the Internet of Things (IoT)
The Convergence of IT, Operational Technology and the Internet of Things (IoT)
 
Security and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of ThingsSecurity and Privacy considerations in Internet of Things
Security and Privacy considerations in Internet of Things
 
Addressing security and privacy in io t ecosystem v0.4
Addressing security and privacy in io t ecosystem v0.4Addressing security and privacy in io t ecosystem v0.4
Addressing security and privacy in io t ecosystem v0.4
 
azeem final iot report.docx
azeem final iot report.docxazeem final iot report.docx
azeem final iot report.docx
 
Internet of Things (IoT) from a business Perspective
Internet of Things (IoT) from a business PerspectiveInternet of Things (IoT) from a business Perspective
Internet of Things (IoT) from a business Perspective
 
Internet of things
Internet of thingsInternet of things
Internet of things
 
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
 
Hardware Trojans By - Anupam Tiwari
Hardware Trojans By - Anupam TiwariHardware Trojans By - Anupam Tiwari
Hardware Trojans By - Anupam Tiwari
 
How to Avoid IoTageddon
How to Avoid IoTageddon How to Avoid IoTageddon
How to Avoid IoTageddon
 
Security challenges for internet of things
Security challenges for internet of thingsSecurity challenges for internet of things
Security challenges for internet of things
 
The 3rd Industrial Revolution: Transforming Healthcare as We Know It?
The 3rd Industrial Revolution: Transforming Healthcare as We Know It?The 3rd Industrial Revolution: Transforming Healthcare as We Know It?
The 3rd Industrial Revolution: Transforming Healthcare as We Know It?
 

More from CloudCamp Chicago

CloudCamp Chicago lightning talk "IoT Perspectives from the Trenches" - Steve...
CloudCamp Chicago lightning talk "IoT Perspectives from the Trenches" - Steve...CloudCamp Chicago lightning talk "IoT Perspectives from the Trenches" - Steve...
CloudCamp Chicago lightning talk "IoT Perspectives from the Trenches" - Steve...CloudCamp Chicago
 
CloudCamp Chicago lightning talk IoT in Healthcare
CloudCamp Chicago lightning talk IoT in Healthcare CloudCamp Chicago lightning talk IoT in Healthcare
CloudCamp Chicago lightning talk IoT in Healthcare CloudCamp Chicago
 
CloudCamp Chicago lightning talk "Connecting Vehicles on Google Cloud Platfor...
CloudCamp Chicago lightning talk "Connecting Vehicles on Google Cloud Platfor...CloudCamp Chicago lightning talk "Connecting Vehicles on Google Cloud Platfor...
CloudCamp Chicago lightning talk "Connecting Vehicles on Google Cloud Platfor...CloudCamp Chicago
 
CloudCamp Chicago - June 17, 2015 The Internet of Things
CloudCamp Chicago - June 17, 2015 The Internet of ThingsCloudCamp Chicago - June 17, 2015 The Internet of Things
CloudCamp Chicago - June 17, 2015 The Internet of ThingsCloudCamp Chicago
 
CloudCamp Chicago lightning talk "Building warehousing systems on Redshi...
CloudCamp Chicago lightning talk "Building warehousing systems on Redshi...CloudCamp Chicago lightning talk "Building warehousing systems on Redshi...
CloudCamp Chicago lightning talk "Building warehousing systems on Redshi...CloudCamp Chicago
 
CloudCamp Chicago lightning talk "Spark: A Quick Ignition" - Matthew Kem...
CloudCamp Chicago lightning talk "Spark: A Quick Ignition" - Matthew Kem...CloudCamp Chicago lightning talk "Spark: A Quick Ignition" - Matthew Kem...
CloudCamp Chicago lightning talk "Spark: A Quick Ignition" - Matthew Kem...CloudCamp Chicago
 
CloudCamp Chicago lightning talk "Big Data without Big Infrastructure" by ...
CloudCamp Chicago lightning talk "Big Data without Big Infrastructure" by ...CloudCamp Chicago lightning talk "Big Data without Big Infrastructure" by ...
CloudCamp Chicago lightning talk "Big Data without Big Infrastructure" by ...CloudCamp Chicago
 
CloudCamp Chicago - Big Data & Cloud May 2015 - All Slides
CloudCamp Chicago - Big Data & Cloud May 2015 - All SlidesCloudCamp Chicago - Big Data & Cloud May 2015 - All Slides
CloudCamp Chicago - Big Data & Cloud May 2015 - All SlidesCloudCamp Chicago
 
CloudCamp Chicago April 2015 - Patrick Kerpan's talk "What Financial Cloud Sh...
CloudCamp Chicago April 2015 - Patrick Kerpan's talk "What Financial Cloud Sh...CloudCamp Chicago April 2015 - Patrick Kerpan's talk "What Financial Cloud Sh...
CloudCamp Chicago April 2015 - Patrick Kerpan's talk "What Financial Cloud Sh...CloudCamp Chicago
 
CloudCamp Chicago April 2015 - Eero Pikat's talk "Micro-services and how they...
CloudCamp Chicago April 2015 - Eero Pikat's talk "Micro-services and how they...CloudCamp Chicago April 2015 - Eero Pikat's talk "Micro-services and how they...
CloudCamp Chicago April 2015 - Eero Pikat's talk "Micro-services and how they...CloudCamp Chicago
 
CloudCamp Chicago April 2015 - John Downey's talk "Put away the credit card, ...
CloudCamp Chicago April 2015 - John Downey's talk "Put away the credit card, ...CloudCamp Chicago April 2015 - John Downey's talk "Put away the credit card, ...
CloudCamp Chicago April 2015 - John Downey's talk "Put away the credit card, ...CloudCamp Chicago
 
CloudCamp Chicago April 2015 - "FinTech"
CloudCamp Chicago April 2015 - "FinTech"CloudCamp Chicago April 2015 - "FinTech"
CloudCamp Chicago April 2015 - "FinTech"CloudCamp Chicago
 
CloudCamp Chicago - March 2nd 2015 - Cloud Security
CloudCamp Chicago - March 2nd 2015 - Cloud Security CloudCamp Chicago - March 2nd 2015 - Cloud Security
CloudCamp Chicago - March 2nd 2015 - Cloud Security CloudCamp Chicago
 
CloudCamp Chicago March 2nd Lightning talk from Jim Tarantino at MarkITx
CloudCamp Chicago March 2nd Lightning talk from Jim Tarantino at MarkITx CloudCamp Chicago March 2nd Lightning talk from Jim Tarantino at MarkITx
CloudCamp Chicago March 2nd Lightning talk from Jim Tarantino at MarkITx CloudCamp Chicago
 
CloudCamp Chicago March 2nd Lightning talk from Michael Roytman at Risk I/O
CloudCamp Chicago March 2nd Lightning talk from Michael Roytman at Risk I/OCloudCamp Chicago March 2nd Lightning talk from Michael Roytman at Risk I/O
CloudCamp Chicago March 2nd Lightning talk from Michael Roytman at Risk I/OCloudCamp Chicago
 
CloudCamp Chicago Jan 2015 - The Guts of the Cloud (full slides)
CloudCamp Chicago Jan 2015 - The Guts of the Cloud (full slides)CloudCamp Chicago Jan 2015 - The Guts of the Cloud (full slides)
CloudCamp Chicago Jan 2015 - The Guts of the Cloud (full slides)CloudCamp Chicago
 
Cloudcamp Chicago Nov 2104 Fintech - Chris Hacker’s "Change is coming for re...
Cloudcamp Chicago Nov 2104 Fintech - Chris Hacker’s "Change is coming for re... Cloudcamp Chicago Nov 2104 Fintech - Chris Hacker’s "Change is coming for re...
Cloudcamp Chicago Nov 2104 Fintech - Chris Hacker’s "Change is coming for re...CloudCamp Chicago
 
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"CloudCamp Chicago
 
Cloudcamp Chicago Nov 2104 Fintech - Justin Bouchard’s "Using Technology at ...
Cloudcamp Chicago Nov 2104 Fintech - Justin Bouchard’s "Using Technology at ... Cloudcamp Chicago Nov 2104 Fintech - Justin Bouchard’s "Using Technology at ...
Cloudcamp Chicago Nov 2104 Fintech - Justin Bouchard’s "Using Technology at ...CloudCamp Chicago
 
Cloudcamp Chicago Nov 2104 Fintech - Aziz Lalljee
Cloudcamp Chicago Nov 2104 Fintech - Aziz LalljeeCloudcamp Chicago Nov 2104 Fintech - Aziz Lalljee
Cloudcamp Chicago Nov 2104 Fintech - Aziz LalljeeCloudCamp Chicago
 

More from CloudCamp Chicago (20)

CloudCamp Chicago lightning talk "IoT Perspectives from the Trenches" - Steve...
CloudCamp Chicago lightning talk "IoT Perspectives from the Trenches" - Steve...CloudCamp Chicago lightning talk "IoT Perspectives from the Trenches" - Steve...
CloudCamp Chicago lightning talk "IoT Perspectives from the Trenches" - Steve...
 
CloudCamp Chicago lightning talk IoT in Healthcare
CloudCamp Chicago lightning talk IoT in Healthcare CloudCamp Chicago lightning talk IoT in Healthcare
CloudCamp Chicago lightning talk IoT in Healthcare
 
CloudCamp Chicago lightning talk "Connecting Vehicles on Google Cloud Platfor...
CloudCamp Chicago lightning talk "Connecting Vehicles on Google Cloud Platfor...CloudCamp Chicago lightning talk "Connecting Vehicles on Google Cloud Platfor...
CloudCamp Chicago lightning talk "Connecting Vehicles on Google Cloud Platfor...
 
CloudCamp Chicago - June 17, 2015 The Internet of Things
CloudCamp Chicago - June 17, 2015 The Internet of ThingsCloudCamp Chicago - June 17, 2015 The Internet of Things
CloudCamp Chicago - June 17, 2015 The Internet of Things
 
CloudCamp Chicago lightning talk "Building warehousing systems on Redshi...
CloudCamp Chicago lightning talk "Building warehousing systems on Redshi...CloudCamp Chicago lightning talk "Building warehousing systems on Redshi...
CloudCamp Chicago lightning talk "Building warehousing systems on Redshi...
 
CloudCamp Chicago lightning talk "Spark: A Quick Ignition" - Matthew Kem...
CloudCamp Chicago lightning talk "Spark: A Quick Ignition" - Matthew Kem...CloudCamp Chicago lightning talk "Spark: A Quick Ignition" - Matthew Kem...
CloudCamp Chicago lightning talk "Spark: A Quick Ignition" - Matthew Kem...
 
CloudCamp Chicago lightning talk "Big Data without Big Infrastructure" by ...
CloudCamp Chicago lightning talk "Big Data without Big Infrastructure" by ...CloudCamp Chicago lightning talk "Big Data without Big Infrastructure" by ...
CloudCamp Chicago lightning talk "Big Data without Big Infrastructure" by ...
 
CloudCamp Chicago - Big Data & Cloud May 2015 - All Slides
CloudCamp Chicago - Big Data & Cloud May 2015 - All SlidesCloudCamp Chicago - Big Data & Cloud May 2015 - All Slides
CloudCamp Chicago - Big Data & Cloud May 2015 - All Slides
 
CloudCamp Chicago April 2015 - Patrick Kerpan's talk "What Financial Cloud Sh...
CloudCamp Chicago April 2015 - Patrick Kerpan's talk "What Financial Cloud Sh...CloudCamp Chicago April 2015 - Patrick Kerpan's talk "What Financial Cloud Sh...
CloudCamp Chicago April 2015 - Patrick Kerpan's talk "What Financial Cloud Sh...
 
CloudCamp Chicago April 2015 - Eero Pikat's talk "Micro-services and how they...
CloudCamp Chicago April 2015 - Eero Pikat's talk "Micro-services and how they...CloudCamp Chicago April 2015 - Eero Pikat's talk "Micro-services and how they...
CloudCamp Chicago April 2015 - Eero Pikat's talk "Micro-services and how they...
 
CloudCamp Chicago April 2015 - John Downey's talk "Put away the credit card, ...
CloudCamp Chicago April 2015 - John Downey's talk "Put away the credit card, ...CloudCamp Chicago April 2015 - John Downey's talk "Put away the credit card, ...
CloudCamp Chicago April 2015 - John Downey's talk "Put away the credit card, ...
 
CloudCamp Chicago April 2015 - "FinTech"
CloudCamp Chicago April 2015 - "FinTech"CloudCamp Chicago April 2015 - "FinTech"
CloudCamp Chicago April 2015 - "FinTech"
 
CloudCamp Chicago - March 2nd 2015 - Cloud Security
CloudCamp Chicago - March 2nd 2015 - Cloud Security CloudCamp Chicago - March 2nd 2015 - Cloud Security
CloudCamp Chicago - March 2nd 2015 - Cloud Security
 
CloudCamp Chicago March 2nd Lightning talk from Jim Tarantino at MarkITx
CloudCamp Chicago March 2nd Lightning talk from Jim Tarantino at MarkITx CloudCamp Chicago March 2nd Lightning talk from Jim Tarantino at MarkITx
CloudCamp Chicago March 2nd Lightning talk from Jim Tarantino at MarkITx
 
CloudCamp Chicago March 2nd Lightning talk from Michael Roytman at Risk I/O
CloudCamp Chicago March 2nd Lightning talk from Michael Roytman at Risk I/OCloudCamp Chicago March 2nd Lightning talk from Michael Roytman at Risk I/O
CloudCamp Chicago March 2nd Lightning talk from Michael Roytman at Risk I/O
 
CloudCamp Chicago Jan 2015 - The Guts of the Cloud (full slides)
CloudCamp Chicago Jan 2015 - The Guts of the Cloud (full slides)CloudCamp Chicago Jan 2015 - The Guts of the Cloud (full slides)
CloudCamp Chicago Jan 2015 - The Guts of the Cloud (full slides)
 
Cloudcamp Chicago Nov 2104 Fintech - Chris Hacker’s "Change is coming for re...
Cloudcamp Chicago Nov 2104 Fintech - Chris Hacker’s "Change is coming for re... Cloudcamp Chicago Nov 2104 Fintech - Chris Hacker’s "Change is coming for re...
Cloudcamp Chicago Nov 2104 Fintech - Chris Hacker’s "Change is coming for re...
 
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"
 
Cloudcamp Chicago Nov 2104 Fintech - Justin Bouchard’s "Using Technology at ...
Cloudcamp Chicago Nov 2104 Fintech - Justin Bouchard’s "Using Technology at ... Cloudcamp Chicago Nov 2104 Fintech - Justin Bouchard’s "Using Technology at ...
Cloudcamp Chicago Nov 2104 Fintech - Justin Bouchard’s "Using Technology at ...
 
Cloudcamp Chicago Nov 2104 Fintech - Aziz Lalljee
Cloudcamp Chicago Nov 2104 Fintech - Aziz LalljeeCloudcamp Chicago Nov 2104 Fintech - Aziz Lalljee
Cloudcamp Chicago Nov 2104 Fintech - Aziz Lalljee
 

Recently uploaded

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 

Recently uploaded (20)

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 

CloudCamp Chicago lightning talk "The Internet of (Insecure) Things" - Chandler Howell

  • 1. "The Internet of (Insecure) Things" Chandler Howell, 
 Engineering Manager at Nexum Tweet: @chandlerhowell #cloudcamp #cloudcamp @CloudCamp_CHI Sponsored by Hosted by
  • 3. The Internet of (Insecure) Things 1. Smart is the New Dumb 2. When Worlds Collide 3. Failure Modes 4. A Parade of Horrors 5. So What Should I do Now?
  • 4. SMART IS THE NEW DUMB Ironic, really
  • 5. Smart is the New Dumb Smart, butVulnerable Security is not a priority of IoT (yet) Focus is on Time to market Features & Functionality Focus is NOT on Security Maintainability Longevity
  • 6. WHEN WORLDS COLLIDE We ain’t seen nothing yet
  • 7. When Worlds Collide Lifecycles are mismatched Technology lifecycles are very short Devices go EOL in 3-5 years or less Consumer lifecycles are longer Refrigerators, coffee makers, etc. can last 10 years Industrial Equipment may outlive you Heavy Equipment can have service lives >50 years
  • 8. FAILURE MODES How can I fail thee? Let me count the ways…
  • 9. Failure Modes 1. Get Broken 2. Get Leveraged 3. Get Exploited
  • 10. Failure Modes Get Broken Damage or destroy the device or attached devices For example… Plant Control Systems People with Pacemakers
  • 11. Failure Modes Get Leveraged Compromised Device is used as a vector for other Badness For Example… Unlock a Smart Home Join a botnet Provide a beachhead for APT
  • 12. Failure Modes Get Exploited The device can be used to spy on people, either directly or indirectly Yes, even more examples… Smart TV’s Data & MetaData Collection
  • 13. A PARADE OF HORRORS It’s spelled “IoT” but it’s pronounced “Fail”
  • 14. A Parade of Horrors Welcome to the Future
  • 15. A Parade of Horrors Consumer Goods Refrigerators Smart Fridges found in a botnet (2014) 25% of devices in that large botnet were IoT Televisions & Electronics Samsung “Smart TV” Spying Numerous XSS, local exploits Light Bulbs LIFX “Smart” Bulbs authentication flaws Disclosed credentials for attached wi-fi
  • 16. A Parade of Horrors Medical Devices Surgical and anesthesia devices Ventilators Drug infusion pumps Pacemakers External defibrillators Patient monitors Laboratory and analysis equipment Pretty much every type of failure you can imagine
  • 17. A Parade of Horrors Cars Black Boxes Data stolen or altered Remote Lock/Unlock and starters Key fobs and alarm protocols broken ON*Star Hacked & Abused by Law Enforcement Braking & steering controls Integration with entertainment/dash allowed access and compromise
  • 18. A Parade of Horrors Airplanes Drones Definitely In-Flight Entertainment Definitely Passenger Flight Control Maybe
  • 19. A Parade of Horrors Infrastructure Traffic Lights Plaintext wireless Weak/No Authentication Industrial Control Systems 2008: Turkish Gas Pipeline Destroyed 2010: Iranian Gas Centrifuges (Stuxnet) 2014: Steel Mill’s Blast Furnace ($17mm in damage) Utility Meters Weak Authentication Inaccurate readings == Fraud Tampered or otherwise
  • 20. SO WHAT SHOULD I DO? Can I have a hint?
  • 21. Fortunately, not this. So what should I do?
  • 22. So what should I do? Realize these are not new problems Insecure computers are nothing new Think in terms of Failure Modes Use these to understand your threats Expect Novel attack types Inference Attacks Side-Channel Attacks
  • 23. So what should I do? Architect for Insecure Things Assume devices are insecure by default If not today, they will be some day Leverage Security Tools & Processes Defense-in-Depth Threat Modeling Incident Response
  • 24. So what should I do? Assess whether the Smart is worth the Risk Don’t forget how to live without IoT Think of it in Business Continuity Planning (BCP) or Disaster Recovery (DR) terms Smart Devices are just another system to fail
  • 25. Get Dumb Again Like Power Over Ethernet (PoE) light bulbs… THANK YOU! Well, that was fun.