INTERNET OF THINGS A HACKER PERSPECTIVE IEEE CYBER SCIENCE ... · internet of things a hacker...
Transcript of INTERNET OF THINGS A HACKER PERSPECTIVE IEEE CYBER SCIENCE ... · internet of things a hacker...
INTERNET OF THINGS
A HACKER PERSPECTIVE
IEEE CYBER SCIENCE 2018
JENS MYRUP PEDERSEN, [email protected]
ASSOCIATE PROFESSOR, AALBORG UNIVERSITY
Internet of Things is here!
Smart city, smart transport, smart industry, smart grid…
“Life can only be understood backwards, but it must be
lived forwards”• But can we learn anything from Mirai?
IoT is today an easy target…
And even professional systems are largely unsecure
The threat from cyber does not stand alone
• A successful attack requires motivation, knowledge, resources.
• Crucial to understand the attackers: Different attackers, different goals.
Nation states: Strategic goals
Nation states: Strategic goals
Cyber criminals: For profit…
• Ransomware.
• Information theft (identities, credit cards, financial records, pictures).
• Other kinds of blackmail (e.g. using private or confidential information).
• Crypto currency mining.
Cyber criminals – for profit…
What can we expect in the future?
• People LOVE their cheap IoT devices. Also tomorrow.
• Increasing dependencies on IoT.
• Increased capabilities of IoT devices (weaponization).
• Many more devices and more mobility. Bring your own …
• Better opportunities for attackers (both cyber criminals and nation states).
• Certain sectors obvious goals – but not the only ones…
• Even when the obvious holes are closed, there will be a huge market for
zero-days among both cyber criminals and nation states.
• Legislation and risk assessments will push towards more secure solutions,
but this is going to take time…
Is there anything we can do?
• Risk vs. benefits.
• Security by Design (think about security from the beginning).
• Fail safe.
• Encryption and authentication.
• Users are often the weak link (and their influence should be eliminated).
• Processes for patches and updates.
• No silver bullets – segmentation and high walls.
• Attacks can not always be prevented:• Prevent -> Monitor -> Detect -> Mitigate -> Recover
Thank you for your attention