by Timo Thräm Lufthansa Industry...
Transcript of by Timo Thräm Lufthansa Industry...
Preventing Mirai by Timo Thräm Lufthansa Industry Solutions
Title of presentation (click on “Insert > Header & Footer”) Space for logo of client
We are Lufthansa Industry Solutions
3/29/2017 Preventing Mirai 2
IT Consulting and Systems Integration Lufthansa Industry Solutions
combines the dynamics of an SME
with the economically secure
background of Lufthansa; an
internationally acting global
corporation.
Hard Facts
100% owned by Lufthansa
208 Mil. € total revenue (46% of
which within the
Lufthansa Group)
>200 customers
>1300 skilled employees
Managing Director Bernd Appel
Founding 1997
Title of presentation (click on “Insert > Header & Footer”) Space for logo of client
We are Lufthansa Industry Solutions
3/29/2017 Preventing Mirai 3
Automotive Transport
& Logistics Travel Healthcare Media Energy
Manufac
-turing Manufacturing 3 MRO
Industries
Service Portfolio
Idea/
Strategy
Process
Consulting
Conception
Design
Development/
Technology
Integration
Deployment
Application
Management
Title of presentation (click on “Insert > Header & Footer”) Space for logo of client
Agenda
3/29/2017 Preventing Mirai 4
3 Secure Architecture and Business Cases
2 Security and IoT
1 Information Concerning Mirai
Title of presentation (click on “Insert > Header & Footer”) Space for logo of client
3/29/2017 Preventing Mirai 5
Mirai
Botnet consisting of
400,000 to several million
devices and still growing
Title of presentation (click on “Insert > Header & Footer”) Space for logo of client
Caused the largest DDoS Attack seen till then
against Brian Krebs’ Blog
“https://krebsonsecurity.com” [1]
Caused a DDoS Attack against DynDNS which
made Web Services (e.g. Amazon, Twitter, GitHub)
unavailable for the US East coast [2]
Consists mainly of Internet of Things (IoT) devices
The first generation of Mirai used “Standard
Credentials” to compromise the IoT devices
A modified version of Mirai attacked Telekom
routers last November [3]
Mirai
3/29/2017 Preventing Mirai 6
Facts
heide.de
golem.de
krebsonsecurity.com
Title of presentation (click on “Insert > Header & Footer”) Space for logo of client
Agenda
3/29/2017 Preventing Mirai 7
3 Secure Architecture and Business Cases
2 Security and IoT
1 Information Concerning Mirai
Title of presentation (click on “Insert > Header & Footer”) Space for logo of client
3/29/2017 Preventing Mirai 8
Why are IoT devices so
interesting for hackers?
Title of presentation (click on “Insert > Header & Footer”) Space for logo of client
User driven devices
Individually configured
Passwords
Software
…
Updateable
Monitored
Why do Attackers Focus on IoT Devices?
3/29/2017 Preventing Mirai 9
IoT devices
Multiple devices with same configuration
Updated more seldom
Mostly unmonitored
Title of presentation (click on “Insert > Header & Footer”) Space for logo of client
Why do Attackers Focus on IoT Devices?
3/29/2017 Preventing Mirai 10
Seems like a perfect cost-benefit
calculation for hackers
User driven devices
Individually configured
Passwords
Software
…
Updateable
Monitored
IoT devices
Multiple devices with same configuration
Updated more seldom
Mostly unmonitored
Title of presentation (click on “Insert > Header & Footer”) Space for logo of client
3/29/2017 Preventing Mirai 11
How is it possible to create such
a large and powerful Botnet?
Let’s dig deeper into IoT security
Title of presentation (click on “Insert > Header & Footer”) Space for logo of client
Embedded device constraints
Insufficient update management
Insufficient quality assurance
(Solution-) developers and what they think about security
System integrators are often engineers,
but rarely trained security
Cost driven development
Weak standard credentials
The S in IoT
3/29/2017 Preventing Mirai 12
Key Problems with IoT and Security
Title of presentation (click on “Insert > Header & Footer”) Space for logo of client
Embedded device constraints
Insufficient update management
Insufficient quality assurance
(Solution-) developers and what they think about security
System integrators are often engineers,
but rarely trained security
Cost driven development
Weak standard credentials
The S in IoT
3/29/2017 Preventing Mirai 13
Key Problems with IoT and Security
Similar to the challenges
in IT a few years ago
Title of presentation (click on “Insert > Header & Footer”) Space for logo of client
3/29/2017 Preventing Mirai 14
IoT Security Myths
Title of presentation (click on “Insert > Header & Footer”) Space for logo of client
3/29/2017 Preventing Mirai 15
Myth #1
There is no cryptography
for IoT devices Wrong
Title of presentation (click on “Insert > Header & Footer”) Space for logo of client
Block Ciphers (ISO/IEC 291922)
SIMON [4]
SPECK [4]
Protocols
IPSec for 6LowPAN [5]
MQTT over SSL
Hash Functions
PHOTON [6]
Stream Ciphers
MICKESv2 [6]
Trivium [6]
And others …
We do have the Tools …
3/29/2017 Preventing Mirai 16
… we just need to use them
Title of presentation (click on “Insert > Header & Footer”) Space for logo of client
Myth #2
Our custom devices can
not perform security related
operations
3/29/2017 Preventing Mirai 17
Wrong
Title of presentation (click on “Insert > Header & Footer”) Space for logo of client
Custom devices
Designed with cryptographic-co-processors
Designed with additional memory and storage
for security features
Designed with secure storages
We do have the Tools …
3/29/2017 Preventing Mirai 18
… we just need to use them
Title of presentation (click on “Insert > Header & Footer”) Space for logo of client
Myth #3
Our solution is not worth
being hacked
3/29/2017 Preventing Mirai 19
Wrong
Title of presentation (click on “Insert > Header & Footer”) Space for logo of client
We do have the Tools … … we just need to use them
3/29/2017 Preventing Mirai 20
This assumption is the
reason why Mirai 1.0
entered the market
Title of presentation (click on “Insert > Header & Footer”) Space for logo of client
System architecture
Security-by-design
Update management must be considered
during the design-phase
Security as quality gate
We do have the Tools … … we just need to use them
3/29/2017 Preventing Mirai 21
Title of presentation (click on “Insert > Header & Footer”) Space for logo of client
Agenda
3/29/2017 Preventing Mirai 22
3 Secure Architecture and Business Cases
2 Security and IoT
1 Information Concerning Mirai
Title of presentation (click on “Insert > Header & Footer”) Space for logo of client
3/29/2017 Preventing Mirai 23
Secure Architecture Real World Example
Title of presentation (click on “Insert > Header & Footer”) Space for logo of client
Real World Examples
3/29/2017 Preventing Mirai 24
Secure Architecture
Intranet
GSM
LAN
Wifi
Internet
VPN
VPN
VPN
VPN
VPN
Update-Server
Middleware Access
Control
Monitoring
…
Internal System
VPN
Devices are deployed with a
minimum hardened image
and an unique ID
Configured by the update
server
Strict separation of intranet
and internet
No intranet credentials
stored on the devices
…
Security features
improved the business
solution
Title of presentation (click on “Insert > Header & Footer”) Space for logo of client
3/29/2017 Preventing Mirai 25
Securing your IoT solution is
not just about securing you
business case. It is about
securing the infrastructure of
the internet and therefore
securing all business cases.
Space for logo of client
Any Questions?
Contact Timo Thräm, IT-Security Consultant
E-Mail: [email protected]
Phone: +49 151 589 227 71
Space for logo of client
Thank you for
your Attention. Contact Timo Thräm, IT-Security Consultant
E-Mail: [email protected]
Phone: +49 151 589 227 71
Title of presentation (click on “Insert > Header & Footer”) Space for logo of client
IP-Symcon – Smart Home
Web based user interface is only accessible via
the internet if it is password protected
Real World Examples
3/29/2017 Preventing Mirai 28
MQTT Broker [7]
More than 59000 open MQTT Broker
Some of them are used in productive systems
IP-Symcon WebFront
https://www.shodan.io/
Title of presentation (click on “Insert > Header & Footer”) Space for logo of client
Jeep Jerokee Hack [9]
The Jeep expose an execute command to the GSM
Network via a D-Bus interface Stock impact
Real World Examples
3/29/2017 Preventing Mirai 29
Wireless IP-Cam [8]
“Overall badly designed with a lot of
vulnerabilities”[8]
More than 1,250 various branded cameras
Unauthenticated access
Charlie Miller and Chris Valasek [9]
Space for logo of client
Any Questions?
Contact Timo Thräm, IT-Security Consultant
E-Mail: [email protected]
Phone: +49 151 589 227 71
Space for logo of client
Thank you for
your Attention. Contact Timo Thräm, IT-Security Consultant
E-Mail: [email protected]
Phone: +49 151 589 227 71
Title of presentation (click on “Insert > Header & Footer”) Space for logo of client
[1] https://www.golem.de/news/mirai-botnetz-dyndns-bestaetigt-angriff-von-zig-millionen-ip-adressen-1610-
123981.html
[2] https://www.golem.de/news/ddos-massiver-angriff-auf-dyndns-beeintraechtigt-github-und-amazon-1610-
123966.html
[3] https://www.heise.de/security/meldung/Grossstoerung-bei-der-Telekom-Was-wirklich-geschah-
3520212.html
[4] http://csrc.nist.gov/groups/ST/lwc-workshop2015/papers/session1-shors-paper.pdf
[5] https://www.iab.org/wp-content/IAB-uploads/2011/03/Raza.pdf
[6] http://ecrypt-eu.blogspot.de/2016/12/lightweight-cryptography.html
[7] https://m.heise.de/security/meldung/MQTT-Protokoll-IoT-Kommunikation-von-Reaktoren-und-
Gefaengnissen-oeffentlich-einsehbar-
3629650.html?wt_ref=https%3A%2F%2Fwww.google.com%2F&wt_t=1487357607699
[8] https://pierrekim.github.io/advisories/2017-goahead-camera-0x00.txt
[9] http://illmatics.com/Remote%20Car%20Hacking.pdf
Sources
3/29/2017 Preventing Mirai 32