Securing Your Wearable Tech Brand

1 Spirent Communications PROPRIETARY AND CONFIDENTIAL

Securing your wearable tech brand

Rahul Gupta – Market segment manager

30th March 2016

Making IoT adoption Simple, Safe & Secure


Internet Of Things (IoT) Challenges

Management & control of remote devices in the field for 10+ years

New security threats, vulnerabilities & attack surfaces

Multiple standards initiatives which lack unification & ratification

Volume/Variety of devices requiring different Testing, Qualification & Quality

New developers who lack expertise in network coms, IP/IT security etc.

Chrysler Jeep hacked

over internet

(July 2015)

Explosion in number of connections & diverse call models to the Network


IoT connectivity

Source : uBlox

4 Spirent Communications

Wearable drone control

Source : Postscapes.com


Wearable controlled cars

“Volvo owners will be able to talk to their car via their Microsoft Band 2, allowing

them to instruct their vehicle to perform tasks including, setting the navigation,

starting the heater, locking the doors, flashing the lights or sounding the horn via

Volvo’s mobile app Volvo on Call and the connected wearable device”

Source : Trafficsafe.org Jan’16


Fitbit user accounts attacked

Source : CNBC Jan’16

The hackers also gained access to Fitbit users' GPS history, "which shows where a

person regularly runs or cycles, as well as data showing what time a person usually

goes to sleep,"


The smartphone pairing

Hackers can use malicious apps do a variety of things from making phone calls without your permission, sending and

receiving texts and extracting personal information—all potentially without your knowledge. They can also, with the help of

your wearable, track your location through GPS and record any health issues you’ve entered into your wearable. The point

is: once they have permissions to your mobile device, they have a lot of control and a lot of resources.

The hacker can then use this data to conduct varying forms of fraud. Need a special prescription from your doctor that

happens to sell well on the black market? Well, so does the hacker. Going out for a jog in the morning? Good

information for a burglar to know. These personal details just scratch the surface of information available for the taking

on your mobile devices.

https://blogs.mcafee.com/consumer/android-flashlight-app-steals-data


BT & Wi-Fi connections

Bluetooth and Wi-Fi communication between wearable devices and paired smartphones is another area of vulnerability for

enterprise data.

Recently, security firm BitDefender demonstrated that the Bluetooth communication between Android devices and

smartphones could be deciphered using brute-force attacks.

Rather than focusing in on software vulnerabilities, hackers opt for persistent trial and error, trying username and password

combinations until they crack the code and are able to access contents stored on devices.


Increasing use of GPS receivers in IoT applications

Tracking People and Pets (For Health and Safety)

For kids and the elderly

Real-time accurate positions required

Wearable devices required with high-level of accuracy

Monitoring environment

Sensors positioned to monitor air quality, seismic events, etc

May be positioned in GNSS-difficult locations

Important to Test location-aware devices integrating GPS receivers

GPS chipsets have various levels of quality: Accuracy, Precision, Integrity

Errors: Multipath, Atmospheric, RF Interference, System, Timing and more

Ensure your devices are fully tested for GNSS vulnerabilities


Overview of GPS \ GNSS Vulnerabilities


…common problems

Map issues

No position

Sensor fusion

algorithm priorities Multipath errors

Signal selection Poor performance

in city

High errors

Wrong time

Antenna problems

Errors indoors?

Position jumps Interference


GPS Disruption – Real atmospheric events

UK June 2015

Reports that some GPS receivers were affected by at least one (of the two) solar weather events experienced in June 2015 (mid-level solar flare)

USA December 2006

Solar radio bursts during December 2006 were sufficiently intense to be measurable with GPS receivers. This event was about 10 times larger than any previously reported event. The strength of the event was especially surprising since the solar radio bursts occurred near solar minimum. Civilian dual frequency GPS receivers were the most severely affected


• Michael Robinson – DEFCON 23, August 2015

• Demonstrated effect of disrupted (jammed)

GPS Signal on a drone…

• Drone reverted to Non-GPS flying mode but before it did….

• …Video feed started to jitter and video feeds were tagged as “unstable”

• Video synch required precise timing

from GPS

GPS jamming – unexpected behaviour

GPS Interference can cause unexpected behaviour in an unprotected

system


GPS Spoofing demonstrated at Hacker’s convention

DEFCON 23, Las Vegas…

Huang and Yang spoof a drone’s GPS co-ordinates

The drone is geo-fenced and cannot fly in a forbidden area….

But with spoofed co-ordinates it can!

http://www.google.co.uk/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0CAcQjRxqFQoTCPvrqO271ccCFckX2wodtysPlw&url=http://radicaldevelopment.net/preparing-for-defcon-23/&ei=fWjlVbu5M8mv7Aa317y4CQ&psig=AFQjCNHeFE_gDkv5srR0chcYoqpG02aAbw&ust=1441184236358537


Availability of hacking tools

Goo Buy – China

Feb 2016….

Amazon Japan

Store Feb 2015… Cheap Jammers now available from

mainstream internet stores worldwide

Amazon UK Store

Dec 2015….

Unknown, USA


• Low-cost Software Defined Radio boards are easy to

procure – not designed for “Reverse Radio Hacking” but

ideally suited as a platform to do this

• Used with Open Source Code - readily available on the

internet for–

• GPS transmitter (spoofer or repeater)

• GPS Receiver (legitimate)

• Previous attempts at GPS spoofing have all used more

expensive custom hardware.

Generating replica GNSS signals


How are GPS \ GNSS threats evolving?

Information Security categories apply to GNSS situation (Source: SANS Institute)

Unstructured Hacker

Structured Hacker

Organised crime/industrial espionage

Insider

Unfunded terrorist group

Funded terrorist group

Nation State

GNSS threat evolution has strong parallels with evolution of Information Security threats (Theunissen, 2014)

Currently no “responsible disclosure” for GNSS threats and vulnerabilities

Lik

ely

Severi

ty

of

impact

Low

Very High


IoT GPS \ GNSS Cyber Security

Risk Assessment

Test vs threats

Implement mitigation strategy

Use the most appropriate and cost

effective improvement areas…..

Detection and

characterisation of

environment

http://www.google.co.uk/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0ahUKEwjsoeKbyoHLAhVMuRQKHaL_CW8QjRwIBQ&url=http://www.spirent.com/~/media/Datasheets/Positioning/GSS7765.pdf&psig=AFQjCNHnuENg8aclZNIv66l4XoscjhDkwA&ust=1455894057925461


IoT Security Testing

• Compliance level scans (i.e. OWASP, SANS 20)

• Attack surface and connectivity testing

• Stack hardening (Fuzzing)

• Malware testing

• Penetration (PEN) testing

• Privacy data testing

• Blended volumetric attack testing (i.e. multiple

DDoS)

• Load & stress testing

• Security audits (Ethical Hacking)

• Horizontal & vertical privilege escalations

• Static code analysis

Spirent Cyber Security Test Services

Lab testing

Live testing

Remote testing

Field testing


Customer Challenges and Our Solutions

Develop

IoT Devices & Applications

Operate & Optimize

IoT Networks & Applications Customer

Challenges

Our

Solutions

Simple

developers

test tools

Embedded

software to

speed

development

Embedded

software to

facilitate

connection &

configuration

Tests &

services to

quickly

qualify

devices &

applications

Analytics to

detect

performance

& security

issues


IoT Community & IoT SLAM

Internet of Things Community: virtual worldwide community (Spirent is founder member & chair)

• Hosted via social business network “LinkedIn”

• Over ~11,500 members

• Environment for collaboration, sharing & influence

• Holds virtual & in-person events/forums

http://iotslam.com/


© Spirent Communications, Inc. All of the company names and/or brand names and/or product names and/or logos referred to in this document, in particular the name

“Spirent” and its logo device, are either registered trademarks or trademarks pending registration in accordance with relevant national laws. All rights reserved.

Specifications subject to change without notice.

spirent.com

Thank you

• Join the GNSS Vulnerabilities group on LinkedIn to find out

more about GNSS jamming and spoofing and join the discussion

Securing Your Wearable Tech Brand

Internet

Transcript of Securing Your Wearable Tech Brand