Scribd
Upload
56 views9 pages

Internet of Things and Security

The document discusses Internet of Things (IoT) security. It notes that IoT devices are often not very secure, using simple default passwords and infrequent patching. This leaves them vulnerable to attack if connected to a home or corporate network. Default passwords can easily be cracked by searching online databases. The document recommends network segmentation to separate IoT devices from other networks. It provides examples of real-world breaches involving unsecured IoT devices like fish tanks and cameras that enabled wider access to other systems.

Uploaded by

Naresh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
56 views9 pages

Internet of Things and Security

The document discusses Internet of Things (IoT) security. It notes that IoT devices are often not very secure, using simple default passwords and infrequent patching. This leaves them vulnerable to attack if connected to a home or corporate network. Default passwords can easily be cracked by searching online databases. The document recommends network segmentation to separate IoT devices from other networks. It provides examples of real-world breaches involving unsecured IoT devices like fish tanks and cameras that enabled wider access to other systems.

Uploaded by

Naresh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 9

Internet of Things

(IoT) & Security


What is IoT?

• Internet of Things.

• Any device that can send and receive data through


the internet.

• Examples include phones, smart devices


(fridge, camera, lights, TV), industrial applications like
smart city devices (traffic monitoring).

2
Why is IoT Security so Important? Infrequent
Patching is
especially
prevalent on
• IoT devices are typically not very secure. cheaper brands
– like a lot of the
off brand ones
from China
• They use simple default passwords.

• Infrequent patches - if any.

• Left on the corporate or home network visible to


other devices/servers/computers.

3
Default Passwords Remember, a
criminal only
needs one
• A lot of devices come preconfigured with simple unsecure
entrance to
default username/passwords. access your
home. Your
network and
• It is important to change these default passwords to data are no
different.
new secure ones as soon as you get the device.

4
How Easy is it to Crack Remember, a
criminal only
Default Passwords? needs one
unsecure
• Search up a device make/model followed by "default entrance to
password“. access your
home. Your
network and
data are no
• http://open-sez.me - This is a website that keeps a different.
database of default credentials for all sorts of vendors
– home and enterprise.

5
Network Segmentation Keeping them
separate will
mitigate the risk
of a more
• One of the most important things when it comes to vulnerable
device
IoT devices is making sure to keep them on a
different network from your home or business.

• Companies that have been breached through IoT


devices, often had them attached to their regular
network which allowed the attacker access to other
areas once they got in through the IoT device.

6
Real World Examples:
Casino Breach
• A casino was breached using an internet connected
fish tank.

• The tank was connected to a PC with IoT connected


devices like thermometer.

• The thermometer was the point of entry which then


allowed them to scan for vulnerabilities across the
network resulting in 10GB of data being stolen.

7
Real World Examples:
Mirai
• Botnet was created using IoT devices (Cameras,
printers, refrigerators, doorbells, baby monitors, etc.).

• Hundreds of thousands of devices infected.

• DDoS against DYN (DNS service provider).

• DNS translates an IP address to the website name


(Netflix, Twitter, AWS, Etsy, Paypal, etc.).
8
Real World Examples: C2 stands for
Command&
Mirai Explained Control.

• Found devices by scanning the internet for devices


A C2 server
who have telnet port open, it then runs. commands a
Botnet.

• Ran those devices against password “dictionaries” of


commonly used and/or default passwords to gain
access.

• Once elevated permissions were gained on these


devices, they were connected to a C2 server.

You might also like