Security Nightmare of IoT Devices - NREL Nightmare of IoT Devices Scott Wu, CEO, NewSky Security...
Transcript of Security Nightmare of IoT Devices - NREL Nightmare of IoT Devices Scott Wu, CEO, NewSky Security...
Security Nightmare of IoT Devices
Scott Wu, CEO, NewSky Security
Richard Yim, VP Product Management, People Power Company
The Enterprise Security Nightmare
IoT => Hackers 2.0
• 28 billion IoT devices by 2020
• $1.9 trillion IoT annual revenue
Enterprise Breach Costs
• 67% enterprise (known) attacked
• $12.8M cost per incident response
11 Billion
28 Billion
0
5,000
10,000
15,000
20,000
25,000
30,000
2014 2020
IoT Future
Today with the People Power IoT Suite we’re helping deliver, manage and monetizesmart home services for Security, Energy and Care, in ways never before possible.
ManageDeployConnect Engage Learn
The People Power IoT Suite
A comprehensive IoT software solutionfor service providers and manufacturers.
Sources: NewSky Research Lab
Smart TV: Ransomware
Smart watch: Bitcoin Mining
Smart Car: OBDII Sniffing
Costco Payment: Breaking QR Code
AVAR Paper
NewSky Red Team Broke Into IoT Devices
Recent IoT Attack Incidents - Dyn DDoS
• Many Fortune 500 companies went offline
• Botnet of 360K infected IoT devices
360,000 IoT zombies in Dyn
attack
384 million IoT zombies in the wild!
IoT zombies grow to 1.7 billion in 2020!
Recent IoT Attack Incidents - Growing Botnet
WannaCry Ransomware – Kill KillSwitch!!!???
● 200k Windows computers infected in 48 hours● First “wormy” ransomware [ MS17-010]● Accidental hero triggered Killswitch
Mirai IoT botnet: DDoS Killswitch!
● Vuln of Atmel’s ZLL Touchlink protocol
● Attack simultaneously on all lamps within range
● Enables attacker to turn all the city lights on or off.
Philips Hue – City Scale Chain Reaction Attack
Video
● Denial of Service (DoS) via communication racing
● Denial of Service (DoS) via battery drain of the key fob
● Hijack and Control
Kevo Smart Lock – Unauthorized access to buildings
• Video Replay: break in when owner not home
• Video Spoofing: Feed fake video
CVE-2016-10115 : Netgear Arlo WebcamFactory Default: 12345678
• Factory set password scheme• “adjective” + “noun” + “a 3 digit number”
• Our 3 test webcams• misty lake 940
uneven sparrow 969lucky sky 878
CVE-2016-10116 : Netgear Arlo WebcamCode Cracking with GPU
• $150 GPU AMD Radeon R9 390
• 2.5 hours to crack “mistylake940”
• Targeted attack!
CVE-2016-10116 : Netgear Arlo WebcamCode Cracking with GPU
Home security &
energythat learns
Smart home solutions at are simple to setup, easy to expand, with AI bots and voice control bringing “peace of mind” to end users and service providers
IoT Case Study: Smart Home SolutionsRisks:
● Utility Service Providers exploring digital transformation - Smart Homes● Huge amounts of data, 90% processed locally with Intelligent Bots● Data, identify theft or falsification, device manipulation, IP theft
Pain Points:● Network edge will be target for attacks● Utility clients demand thorough security hardening, and quarterly
assessment on its Smart Home IoT kits (SLA)● New devices, new threats become an “IT Security Battlefield”
How The Industry needs to address pain points:● IoT security assessment including device-cloud-mobile subsystems● Next generation IoT Gateways, together with robust, enterprise-class
security to ensure Service Providers protect their customers and brand
Cloud-Network Security (AI-Bots)
People PowerIoT Suite
Our device APIs support
Files, Video, and Data.
HTTPS, WSS, MQTTRTSP, RTMPS.
Near-instantaneous synchronization.
We create software for gateways. We operate on several gateways / routers today and open source some of this technology.
802.11 (Wi-Fi) Radios / Ethernet / IP
• RCS Thermostats• Radio Thermostat of America
802.15.4 Radios (ZigBee, Thread)
• Centralite Pearl Thermostat
Honeywell
Sensibo
Weather.com
CloudAI
NewSkyIoT Security
AmazonAlexa
Cloud to Cloud Direct Integration
Only cloud based system can segment, isolate and prevent IoT Malware propagations
Iot innovations are great but….
Secure IoT Traffic is Key
+ Demand Response
+ Jiggle Elimination
+ Learning Algorithms
+ Cybercrime Sensing
PeoplePowerCompanyWebringAItoIoTservices
Q & AN
NewSkySecuritySecureeverydevice
For utilities, telecom and cable providers;Providing new recurring revenues and reduced churn.