SlideShare uma empresa Scribd logo
1 de 21
Baixar para ler offline
So What is Being Exposed
From IoT Devices?
Ming Chow
mchow@cs.tufts.edu
Twitter: @0xmchow
The Security of Things Forum
September 9, 2015
Absurdities
from @internetofshit
Absurdities (continued)
https://www.vibease.com/
What is being exposed from IoT Devices
Scope of This Talk
● Ingress and egress from devices
(more of the latter)
● From what devices? Commonly used
devices, not from an infinitely wide
range of stuff (mostly fad)
What This Talk Will Not Cover
● Breaking and exploiting the devices
● Reverse engineering
● Attacking devices (e.g., Denial of Service)
● Defense and fixing the problem
● Web vulnerabilities (e.g., XSS, CSRF)
● Threat profile of mobile and mobile apps
Commonly Exposed from Devices
● Status Data: binary - on or off, available or not
● Identification Data: product, serial numbers
● Location Data: (e.g., where) latitude and longitude
● Automation Data: including sensor data
● Action Data: inferred or determined from status data and/or location data
● Open ports
● Administration web interfaces
Techniques
● Scanning
● Search engines:
○ Google
○ SHODAN - https://www.shodan.io/
○ Thingful - https://thingful.net/
● Social media
Webcams
● Example: AVTECH AVN801: used for surveillance
○ http://www.amazon.com/AVTECH-AVN801-Megapixel-Video-Camera/dp/B008FPDEPK
● 153,998 results on SHODAN: `linux upnp avtech product:"Avtech AVN801
network camera"`
● Ports exposed: 80, 4567, 8080, to name a few
● Admin interface exposed, many don’t even have them
Small Office Home Office (SOHO) Routers
● NETGEAR DG834G
○ http://www.amazon.com/NETGEAR-DG834G-Wireless-G-Router-Built/dp/B0000D8HK1
● 20,311 results on SHODAN: `NETGEAR DG834G`
● Ports exposed: 80, 7547 (modem), 8080, to name a few
● Admin interface exposed (HTTP)
Light Bulbs and Amazon Dash
● Many thanks to my colleague Ben Shapiro at the University of Colorado,
Boulder. He can’t resist playing with this stuff and send me stuff of what can
you do with all this stuff (or whatcouldpossiblygowrong)
● Belkin WeMo line of home automation devices. In this example, a light bulb
http://www.belkin.com/us/Products/home-automation/c/wemo-home-
automation/
● Python API to Belkin WeMo devices: ouimeaux
○ GitHub: https://github.com/iancmcc/ouimeaux
○ Python Package Doc: https://ouimeaux.readthedocs.org/en/latest/readme.html
● Amazon Dash: device to buy home necessities (e.g., food) http://www.
amazon.com/b?node=10667898011
● Belkin WeMo light bulb + Amazon Dash …….
Source Code For Amazon Dash + WeMo Light (thanks again Ben)
from scapy.all import *
import os
def arp_display(pkt):
if pkt[ARP].op == 1: #who-has (request)
if pkt[ARP].psrc == '0.0.0.0': # ARP Probe
if pkt[ARP].hwsrc == 'a0:02:dc:da:8c:58': # Mac n Cheese
print "Pushed Mac n Cheese... toggle bedroom lights"
os.system('wemo -f switch "Bedroom switch" toggle')
else:
print "ARP Probe from unknown device: " + pkt[ARP].hwsrc
while True: sniff(prn=arp_display, filter="arp", store=0, count=999)
The point: ouimeaux is an application programming interface (API) that provides
“command-line tool to discover and control (WeMo) devices in your environment;
REST API to obtain information and perform actions on devices”. Any device on
network can send requests.
Fitbit Ingress
● Body fat
● Weight
● Alarms
● Food
● Water
● Friends
● Heart rate
● Sleep
● Source: https://dev.fitbit.com/docs
Fitbit Egress
● Source: https://dev.fitbit.
com/docs/activity/
● “Fitbit Data Now Being Used In The
Courtroom” http://www.forbes.
com/sites/parmyolson/2014/11/16/fitbit-
data-court-room-personal-injury-claim/
Raspberry Pi
● $35 computers
● Runs a complete Linux distribution off SD card
● Popular for hacking, IoT experiments, home
automation
● Via Thingful: well over 9999+ results. Where does
it get data from? Rastrack: 94845 results
What is being exposed from IoT Devices
What is being exposed from IoT Devices
What is being exposed from IoT Devices
The Future
● My hope: the data that you’ve seen today will help you understand why
security and privacy issues are getting major visibility in the IoT space.
● What’s impressive and scary: the scale of data going in and alas, going out
● API documentation is valuable
● “The Internet of Way Too Many Things” http://www.nytimes.
com/2015/09/06/opinion/sunday/allison-arieff-the-internet-of-way-too-many-
things.html
● Unfortunately, these devices will sell as people generally good at impulse
buys.
● Do really we need all this stuff?
Déjà Vu: Who to Blame
● (heard from Bruce Schneier at USENIX 2004 in Boston)
● Developers
● Users
● Technology
● Politics and "dumb laws"
References
● Dhanjani, N, “Abusing the Internet of Things Blackouts, Freakouts, and Stakeouts”, O’Reilly Media, August 2015
● https://www.blackhat.com/docs/asia-14/materials/Dhanjani/Asia-14-Dhanjani-Abusing-The-Internet-Of-Things-
Blackouts-Freakouts-And-Stakeouts.pdf
● http://www.wired.com/insights/2015/03/internet-things-data-go/
● http://readwrite.com/2015/08/13/five-types-data-internet-of-things
● https://recode.net/2015/04/07/a-hackers-eye-view-of-the-internet-of-things/
● http://www.computerworld.com/article/2944680/internet-of-things/the-internet-of-things-your-worst-nightmare.html
● http://thenextweb.com/insider/2012/12/09/the-future-of-the-internet-of-things/
● http://hackaday.com/2013/01/31/turning-the-belkin-wemo-into-a-deathtrap/
● http://www.networkworld.com/article/2226371/microsoft-subnet/500-000-belkin-wemo-users-could-be-hacked--cert-
issues-advisory.html
● https://community.rapid7.com/community/infosec/blog/2015/09/02/iotsec-disclosure-10-new-vulns-for-several-video-
baby-monitors

Mais conteúdo relacionado

Semelhante a What is being exposed from IoT Devices

2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdfdino715195
 
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7Rapid7
 
Toward a Mobile Data Commons
Toward a Mobile Data CommonsToward a Mobile Data Commons
Toward a Mobile Data CommonskingsBSD
 
Байки із пожежного депо або як працює Big Data в Sigma Software, Денис Пишьєв,
Байки із пожежного депо або як працює Big Data в Sigma Software, Денис Пишьєв,Байки із пожежного депо або як працює Big Data в Sigma Software, Денис Пишьєв,
Байки із пожежного депо або як працює Big Data в Sigma Software, Денис Пишьєв,Sigma Software
 
An Introduction to IoT: Connectivity & Case Studies
An Introduction to IoT: Connectivity & Case StudiesAn Introduction to IoT: Connectivity & Case Studies
An Introduction to IoT: Connectivity & Case Studies3G4G
 
IOT with Drupal 8 - Webinar Hyderabad Drupal Community
IOT with Drupal 8 -  Webinar Hyderabad Drupal CommunityIOT with Drupal 8 -  Webinar Hyderabad Drupal Community
IOT with Drupal 8 - Webinar Hyderabad Drupal CommunityPrateek Jain
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Zoltan Balazs
 
IoT: Entering an Era of Perfect Information
IoT: Entering an Era of Perfect InformationIoT: Entering an Era of Perfect Information
IoT: Entering an Era of Perfect InformationChristopher Mohritz
 
Luiz eduardo. introduction to mobile snitch
Luiz eduardo. introduction to mobile snitchLuiz eduardo. introduction to mobile snitch
Luiz eduardo. introduction to mobile snitchYury Chemerkin
 
How the Internet of Things (IoT) Works for Business
How the Internet of Things (IoT) Works for BusinessHow the Internet of Things (IoT) Works for Business
How the Internet of Things (IoT) Works for Business10x Nation
 
KazHackStan Doing The IoT Penetration Testing - Yogesh Ojha
KazHackStan Doing The IoT Penetration Testing - Yogesh OjhaKazHackStan Doing The IoT Penetration Testing - Yogesh Ojha
KazHackStan Doing The IoT Penetration Testing - Yogesh OjhaYogesh Ojha
 
Perfect Information - How IoT empowers you to know anything, anytime, anywhere
Perfect Information - How IoT empowers you to know anything, anytime, anywherePerfect Information - How IoT empowers you to know anything, anytime, anywhere
Perfect Information - How IoT empowers you to know anything, anytime, anywhere10x Nation
 
CCJS321 Project 2 Essay
CCJS321 Project 2 EssayCCJS321 Project 2 Essay
CCJS321 Project 2 EssayJessica Briggs
 
Os hardware meets os software
Os hardware meets os softwareOs hardware meets os software
Os hardware meets os softwarePaul Tanner
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com -  IoT SecurityRyan Wilson - ryanwilson.com -  IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson
 
20130226 How Personal Is Your Cloud?
20130226 How Personal Is Your Cloud?20130226 How Personal Is Your Cloud?
20130226 How Personal Is Your Cloud?T.Rob Wyatt
 
Programming for the Internet of Things
Programming for the Internet of ThingsProgramming for the Internet of Things
Programming for the Internet of ThingsKinoma
 
Wi-Fi Hotspot Attacks
Wi-Fi Hotspot AttacksWi-Fi Hotspot Attacks
Wi-Fi Hotspot AttacksGreg Foss
 

Semelhante a What is being exposed from IoT Devices (20)

2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
2019-12-11-OWASP-IoT-Top-10---Introduction-and-Root-Causes.pdf
 
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
The Internet of Fails - Mark Stanislav, Senior Security Consultant, Rapid7
 
Toward a Mobile Data Commons
Toward a Mobile Data CommonsToward a Mobile Data Commons
Toward a Mobile Data Commons
 
Байки із пожежного депо або як працює Big Data в Sigma Software, Денис Пишьєв,
Байки із пожежного депо або як працює Big Data в Sigma Software, Денис Пишьєв,Байки із пожежного депо або як працює Big Data в Sigma Software, Денис Пишьєв,
Байки із пожежного депо або як працює Big Data в Sigma Software, Денис Пишьєв,
 
An Introduction to IoT: Connectivity & Case Studies
An Introduction to IoT: Connectivity & Case StudiesAn Introduction to IoT: Connectivity & Case Studies
An Introduction to IoT: Connectivity & Case Studies
 
IOT with Drupal 8 - Webinar Hyderabad Drupal Community
IOT with Drupal 8 -  Webinar Hyderabad Drupal CommunityIOT with Drupal 8 -  Webinar Hyderabad Drupal Community
IOT with Drupal 8 - Webinar Hyderabad Drupal Community
 
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
Hacktivity 2016: The real risks of the IoT security-nightmare: Hacking IP cam...
 
IoT: Entering an Era of Perfect Information
IoT: Entering an Era of Perfect InformationIoT: Entering an Era of Perfect Information
IoT: Entering an Era of Perfect Information
 
Luiz eduardo. introduction to mobile snitch
Luiz eduardo. introduction to mobile snitchLuiz eduardo. introduction to mobile snitch
Luiz eduardo. introduction to mobile snitch
 
How the Internet of Things (IoT) Works for Business
How the Internet of Things (IoT) Works for BusinessHow the Internet of Things (IoT) Works for Business
How the Internet of Things (IoT) Works for Business
 
KazHackStan Doing The IoT Penetration Testing - Yogesh Ojha
KazHackStan Doing The IoT Penetration Testing - Yogesh OjhaKazHackStan Doing The IoT Penetration Testing - Yogesh Ojha
KazHackStan Doing The IoT Penetration Testing - Yogesh Ojha
 
Perfect Information - How IoT empowers you to know anything, anytime, anywhere
Perfect Information - How IoT empowers you to know anything, anytime, anywherePerfect Information - How IoT empowers you to know anything, anytime, anywhere
Perfect Information - How IoT empowers you to know anything, anytime, anywhere
 
CCJS321 Project 2 Essay
CCJS321 Project 2 EssayCCJS321 Project 2 Essay
CCJS321 Project 2 Essay
 
IoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangaloreIoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangalore
 
Os hardware meets os software
Os hardware meets os softwareOs hardware meets os software
Os hardware meets os software
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com -  IoT SecurityRyan Wilson - ryanwilson.com -  IoT Security
Ryan Wilson - ryanwilson.com - IoT Security
 
20130226 How Personal Is Your Cloud?
20130226 How Personal Is Your Cloud?20130226 How Personal Is Your Cloud?
20130226 How Personal Is Your Cloud?
 
Programming for the Internet of Things
Programming for the Internet of ThingsProgramming for the Internet of Things
Programming for the Internet of Things
 
Wi-Fi Hotspot Attacks
Wi-Fi Hotspot AttacksWi-Fi Hotspot Attacks
Wi-Fi Hotspot Attacks
 
IoT: An introduction
IoT: An introductionIoT: An introduction
IoT: An introduction
 

Mais de The Security of Things Forum

Mais de The Security of Things Forum (6)

Securing the Fog
Securing the FogSecuring the Fog
Securing the Fog
 
Secure your Space: The Internet of Things
Secure your Space: The Internet of ThingsSecure your Space: The Internet of Things
Secure your Space: The Internet of Things
 
Patient Centric Cyber Monitoring with DocBox and Evolver
Patient Centric Cyber Monitoring with DocBox and EvolverPatient Centric Cyber Monitoring with DocBox and Evolver
Patient Centric Cyber Monitoring with DocBox and Evolver
 
Securing Internet of Things with Trustworthy Computing
Securing Internet of Things with Trustworthy ComputingSecuring Internet of Things with Trustworthy Computing
Securing Internet of Things with Trustworthy Computing
 
SOHOpelessly Broken
SOHOpelessly BrokenSOHOpelessly Broken
SOHOpelessly Broken
 
The Harsh Reality of Slow Movers
The Harsh Reality of Slow MoversThe Harsh Reality of Slow Movers
The Harsh Reality of Slow Movers
 

Último

20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 

Último (20)

20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
20230104 - machine vision
20230104 - machine vision20230104 - machine vision
20230104 - machine vision
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
20150722 - AGV
20150722 - AGV20150722 - AGV
20150722 - AGV
 

What is being exposed from IoT Devices

  • 1. So What is Being Exposed From IoT Devices? Ming Chow mchow@cs.tufts.edu Twitter: @0xmchow The Security of Things Forum September 9, 2015
  • 5. Scope of This Talk ● Ingress and egress from devices (more of the latter) ● From what devices? Commonly used devices, not from an infinitely wide range of stuff (mostly fad)
  • 6. What This Talk Will Not Cover ● Breaking and exploiting the devices ● Reverse engineering ● Attacking devices (e.g., Denial of Service) ● Defense and fixing the problem ● Web vulnerabilities (e.g., XSS, CSRF) ● Threat profile of mobile and mobile apps
  • 7. Commonly Exposed from Devices ● Status Data: binary - on or off, available or not ● Identification Data: product, serial numbers ● Location Data: (e.g., where) latitude and longitude ● Automation Data: including sensor data ● Action Data: inferred or determined from status data and/or location data ● Open ports ● Administration web interfaces
  • 8. Techniques ● Scanning ● Search engines: ○ Google ○ SHODAN - https://www.shodan.io/ ○ Thingful - https://thingful.net/ ● Social media
  • 9. Webcams ● Example: AVTECH AVN801: used for surveillance ○ http://www.amazon.com/AVTECH-AVN801-Megapixel-Video-Camera/dp/B008FPDEPK ● 153,998 results on SHODAN: `linux upnp avtech product:"Avtech AVN801 network camera"` ● Ports exposed: 80, 4567, 8080, to name a few ● Admin interface exposed, many don’t even have them
  • 10. Small Office Home Office (SOHO) Routers ● NETGEAR DG834G ○ http://www.amazon.com/NETGEAR-DG834G-Wireless-G-Router-Built/dp/B0000D8HK1 ● 20,311 results on SHODAN: `NETGEAR DG834G` ● Ports exposed: 80, 7547 (modem), 8080, to name a few ● Admin interface exposed (HTTP)
  • 11. Light Bulbs and Amazon Dash ● Many thanks to my colleague Ben Shapiro at the University of Colorado, Boulder. He can’t resist playing with this stuff and send me stuff of what can you do with all this stuff (or whatcouldpossiblygowrong) ● Belkin WeMo line of home automation devices. In this example, a light bulb http://www.belkin.com/us/Products/home-automation/c/wemo-home- automation/ ● Python API to Belkin WeMo devices: ouimeaux ○ GitHub: https://github.com/iancmcc/ouimeaux ○ Python Package Doc: https://ouimeaux.readthedocs.org/en/latest/readme.html ● Amazon Dash: device to buy home necessities (e.g., food) http://www. amazon.com/b?node=10667898011 ● Belkin WeMo light bulb + Amazon Dash …….
  • 12. Source Code For Amazon Dash + WeMo Light (thanks again Ben) from scapy.all import * import os def arp_display(pkt): if pkt[ARP].op == 1: #who-has (request) if pkt[ARP].psrc == '0.0.0.0': # ARP Probe if pkt[ARP].hwsrc == 'a0:02:dc:da:8c:58': # Mac n Cheese print "Pushed Mac n Cheese... toggle bedroom lights" os.system('wemo -f switch "Bedroom switch" toggle') else: print "ARP Probe from unknown device: " + pkt[ARP].hwsrc while True: sniff(prn=arp_display, filter="arp", store=0, count=999) The point: ouimeaux is an application programming interface (API) that provides “command-line tool to discover and control (WeMo) devices in your environment; REST API to obtain information and perform actions on devices”. Any device on network can send requests.
  • 13. Fitbit Ingress ● Body fat ● Weight ● Alarms ● Food ● Water ● Friends ● Heart rate ● Sleep ● Source: https://dev.fitbit.com/docs
  • 14. Fitbit Egress ● Source: https://dev.fitbit. com/docs/activity/ ● “Fitbit Data Now Being Used In The Courtroom” http://www.forbes. com/sites/parmyolson/2014/11/16/fitbit- data-court-room-personal-injury-claim/
  • 15. Raspberry Pi ● $35 computers ● Runs a complete Linux distribution off SD card ● Popular for hacking, IoT experiments, home automation ● Via Thingful: well over 9999+ results. Where does it get data from? Rastrack: 94845 results
  • 19. The Future ● My hope: the data that you’ve seen today will help you understand why security and privacy issues are getting major visibility in the IoT space. ● What’s impressive and scary: the scale of data going in and alas, going out ● API documentation is valuable ● “The Internet of Way Too Many Things” http://www.nytimes. com/2015/09/06/opinion/sunday/allison-arieff-the-internet-of-way-too-many- things.html ● Unfortunately, these devices will sell as people generally good at impulse buys. ● Do really we need all this stuff?
  • 20. Déjà Vu: Who to Blame ● (heard from Bruce Schneier at USENIX 2004 in Boston) ● Developers ● Users ● Technology ● Politics and "dumb laws"
  • 21. References ● Dhanjani, N, “Abusing the Internet of Things Blackouts, Freakouts, and Stakeouts”, O’Reilly Media, August 2015 ● https://www.blackhat.com/docs/asia-14/materials/Dhanjani/Asia-14-Dhanjani-Abusing-The-Internet-Of-Things- Blackouts-Freakouts-And-Stakeouts.pdf ● http://www.wired.com/insights/2015/03/internet-things-data-go/ ● http://readwrite.com/2015/08/13/five-types-data-internet-of-things ● https://recode.net/2015/04/07/a-hackers-eye-view-of-the-internet-of-things/ ● http://www.computerworld.com/article/2944680/internet-of-things/the-internet-of-things-your-worst-nightmare.html ● http://thenextweb.com/insider/2012/12/09/the-future-of-the-internet-of-things/ ● http://hackaday.com/2013/01/31/turning-the-belkin-wemo-into-a-deathtrap/ ● http://www.networkworld.com/article/2226371/microsoft-subnet/500-000-belkin-wemo-users-could-be-hacked--cert- issues-advisory.html ● https://community.rapid7.com/community/infosec/blog/2015/09/02/iotsec-disclosure-10-new-vulns-for-several-video- baby-monitors