INTERNET OF THINGS

A HACKER PERSPECTIVE

IEEE CYBER SCIENCE 2018

JENS MYRUP PEDERSEN, JENS@ES.AAU.DK

ASSOCIATE PROFESSOR, AALBORG UNIVERSITY

Internet of Things is here!

Smart city, smart transport, smart industry, smart grid…

“Life can only be understood backwards, but it must be

lived forwards”• But can we learn anything from Mirai?

IoT is today an easy target…

And even professional systems are largely unsecure

The threat from cyber does not stand alone

• A successful attack requires motivation, knowledge, resources.

• Crucial to understand the attackers: Different attackers, different goals.

Nation states: Strategic goals

Nation states: Strategic goals

Cyber criminals: For profit…

• Ransomware.

• Information theft (identities, credit cards, financial records, pictures).

• Other kinds of blackmail (e.g. using private or confidential information).

• Crypto currency mining.

Cyber criminals – for profit…

What can we expect in the future?

• People LOVE their cheap IoT devices. Also tomorrow.

• Increasing dependencies on IoT.

• Increased capabilities of IoT devices (weaponization).

• Many more devices and more mobility. Bring your own …

• Better opportunities for attackers (both cyber criminals and nation states).

• Certain sectors obvious goals – but not the only ones…

• Even when the obvious holes are closed, there will be a huge market for

zero-days among both cyber criminals and nation states.

• Legislation and risk assessments will push towards more secure solutions,

but this is going to take time…

Is there anything we can do?

• Risk vs. benefits.

• Security by Design (think about security from the beginning).

• Fail safe.

• Encryption and authentication.

• Users are often the weak link (and their influence should be eliminated).

• Processes for patches and updates.

• No silver bullets – segmentation and high walls.

• Attacks can not always be prevented:• Prevent -> Monitor -> Detect -> Mitigate -> Recover

Thank you for your attention