2. What is the Internet of
Things?
The Internet of Things (IoT) is the network of physical
devices, vehicles, home appliances and other
items embedded with electronics, software, sensors,
actuators, and connectivity which enables these
things to connect and exchange data, creating
opportunities for more direct integration of the
physical world into computer-based systems,
resulting in efficiency improvements, economic
benefits and reduced human intervention
3. What?
• Its mostly a bunch of devices that record data,
send it somewhere for processing, and then
often return data back to the original device.
• These devices are supposed to make it easier
to bridge the gap between the physical and
logical world
• These devices can basically, suuuuuuuupppper
basically, be broken down into three categories
• Personal Devices
• Smart City/Business
• Industrial
4. Personal IoT
• Personal IoT is usually the first thing we think
of when considering IoT devices
• These are generally made to make it easier for
us to interact with the world around us on a
personal level.
• These devices could include things like:
• Personal Assistants (Alexa, Google Home,
HomePod)
• Smart Devices: Refrigerators, TV’s,
Toothbrushes, condoms, etc.
• Smart Cars
• Smart Home Devices: Thermostats, locks, video
cameras, lights, etc.
5. Smart City/Business
• Smart City can mean a lot of different things,
but mostly it involves using an expanded
network of sensors to enhance a cities
livability.
• Same same for a business, but shop-ability vs.
livability.
• Examples:
• Drones that clean building or deliver defib to a
heart attack victim.
• Smart cars in a neural network
• Facial recognition software, shot sensors, side
walks that create power, etc.
6. Industrial IoT
Similar to what smart cities want to achieve, a lot
of these sensors fall under the acronym SCADA
(Supervisory Control and Data Acquisition)
• These systems usually use a network of
sensors to supervise and some times manage
physical systems:
• Utilities like Water and Electricity
• Manufacturing
• Food production
8. IoT Stats
• In 2015, there were about 15.4 billion
connected devices. According to IHS, this
number will grow to 30.7 billion in 2020, and
75.4 billion by 2025
• In 2016, global spending on the IoT across
markets was $737 billion. IDC predicts that by
2020, this number will reach $1.29 trillion, a
compound annual growth rate of 15.6 percent.
• This year, 60 percent of global manufacturers
will use analytics data recorded from connected
devices to analyze processes and identify
optimization possibilities, according to IDC and
SAP.
• It's thought as much as 2.5 quintillion bytes of
data is being generated by the technology each
day, according to IBM.
9. What really is the cloud?
• It layman's terms it means your data resides on
someone else's computer
• In more technical terms, it means the server
used for your data storage belongs to a third
party and you are ”renting” that storage space.
10. US Third Party Doctrine
• The third-party doctrine is a United States legal
theory that holds that people who voluntarily
give information to third parties—such as
banks, phone companies, internet service
providers (ISPs), and e-mail servers—have "no
reasonable expectation of privacy." A lack of
privacy protection allows the United States
government to obtain information from third
parties without a legal warrant and without
otherwise complying with the Fourth
Amendment prohibition against search and
seizure without probable cause and a
judicial search warrant.
• Right now, this doctrine applies to most data
collected by IoT devices.
12. Deep Dive
• All of this interconnected data can give us a
deeper look at our daily lives in a way previously
not possible.
• Healthcare
• Fitness
• Driving patterns
• Daily Habits (Smart home stuff)
• Daily spending habits and trends
13. What's my “Public
Profile?”
• Could a company buy my health data and make
an employment decision based off of that?
• Could an insurance company deny me
competitive rates using data collected from
”smart city” installations like license plate
readers?
• Driving after dark?
• Long distance driving
• Hard braking?
• What about a credit score based off of my
spending habits?
• Home insurance and mortgage rates based off
of smart home telemetry?
• Lights on while on vacation?
• Locks and password security?
14. IoT Data exchanges
• How valuable is your information?
• Data is considered to be “digital gold”
• “Data exchanges are where IoT-generated data
sets are combined and then refined through
data analytics, and all this information takes on
real value. These exchanges are places where
organizations partner to identify patterns and
draw conclusions about the information or see
ways they can monetize the data.”
• Like Cambridge Analytica on crack.
15. Exercise: Your Smart Life
• Wake up
• Get ready to go work
• Work all day
• Lunch
• Work some more
• Maybe hit the Gym
• Dinner.
• Drinks with friends?
• Sleep
17. Big profile IoT Hacks
• Mirai Bot Net
• Largest recorded DDoS attack in history
• Used default usernames and passwords to
spread the malware
• Trendnet Webcam Hack
• Many of these webcams were enumerated on
popular sites like shodan
• Any one could view or even listen to these
exposed endpoints
• The Jeep Hack
• Researchers took control of a Jeep on the
highway, could speed it up and slow it down,
even cause it to veer.
• Used the Jeeps cellular network connectivity to
establish remote control
• Hackable Cardio Devices from St. Judes
• Devices could administer shocks and change
heart rhythms
18. Designed with low
Security
• Because security is expensive
• More power
• More expensive components
• Research
• Updates
IoT device manufacturers, for their part, see
security as a costly alternative to other factors
that small, low power connected devices need.
For instance, said Marc Bown, senior director of
security at Fitbit, many connected device
manufacturers would prefer to use low power,
cheaper chips as opposed to ones that come with
higher levels of security.
“Manufacturers are trading off encryption for low
power chips, lower prices, storage space, and
battery life,” Bown said.
19. Maintenance and
Updates
• How long will a device continue to receive
updates?
• What about legitimate products and the
company goes out of business?
• Nest
• Security update and patch cycle for your car?
• Untrained or lazy consumers?
• What about medical devices?
• AT&T's Cybersecurity Insights Report surveyed
more than 5,000 enterprises around the world
and found that 85% of enterprises are in the
process of or intend to deploy IoT devices. Yet
a mere 10% of those surveyed feel confident
that they could secure those devices against
hackers.
20. What Can I do?
Securing your personal Internet of Crap
21. Do your product research
• Is this a reputable company?
• Do they offer a routine patching cycle?
• Is there already a hack available for that
device?
• What kind of built in security is available?
• Avoid devices with P2P capabilities.
22. Secure it immediately
• Change the default settings
• Passwords and Usernames
• Wake words for voice driven devices
• Apply all security patches available from the
manufacturer
• Set your device to check for and apply new
firmware and software updates from the
manufacturer automatically
• Ensure if you use cloud services with the
device that they are secure
• Disable UPnP (Universal Plug n Play)
23. Security is an Onion.
• Create a separate network for your IoT devices
if you can.
• Use proper wi-fi security practices when creating
this network!
• Even better, put a firewall on this separate
network.
• Remove old devices
• Avoid single points of failure
24. Some examples of bad IoT
Because if we don’t laugh we’re all gonna cry
25.
26.
27.
28.
29. … and sex toys
• Condoms, vibrators, all sorts of stuff
• We-Vibe recently had to settle a 3.75 million
dollar suit after it became apparent that the Wi-
Fi source it gave off was easily hackable so
strangers could control the device?
• Bug or feature?
30. Thank you again for coming!
Check out Free Geeks other courses!