internet of compromised things
play

Internet of Compromised Things Damien Cauquil Hack In Paris, June - PowerPoint PPT Presentation

Sep 28, 2023 •30 likes •650 views

Internet of Compromised Things Damien Cauquil Hack In Paris, June 22nd, 2017 Who am I ? R&D director and senior security researcher at CERT-UBIK Smart Things breaker and reverse-engineer Special interest in DFIR 2 Agenda IoT

  1. Internet of Compromised Things Damien Cauquil Hack In Paris, June 22nd, 2017

  2. Who am I ? • R&D director and senior security researcher at CERT-UBIK • Smart Things breaker and reverse-engineer • Special interest in DFIR 2

  3. Agenda • IoT smart stuff : pirates’ heaven • Mirai ! • How tech people investigated the Mirai botnet • Why it is getting worse • The role of a connected/smart device during an investigation • Digital forensics in the Internet of Things era • A complex technical environment • Post-mortem analysis : tools and methodologies • Live analysis of connected devices and operational issues • Introducing the Hardware Forensic Database • Traceability and accountability • Not all devices are concerned • Observed average security level of connected devices • Logging and traceability • Conclusion 3

  4. Internet of super-duper dumb IPv4-enabled connected smart things that may make coffee and maybe more but that would be hacked in less than two minutes

  5. IoT smart stuff : pirates’ heaven 5

  6. IoT smart stuff : pirates’ heaven 6

  7. IoT smart stuff : pirates’ heaven 7

  8. IoT smart stuff : pirates’ heaven • Mirai demonstrated how insecure our smart things are • used to launch DDoS attacks aroung the globe (KrebsOnSecurity, Dyn) • source code quickly released to hide tracks ... • ... a lot of clones were developed and launched • uses telnet and ssh services to break into cameras, DVRs, etc. • Why targeting connected devices rather than servers ? • usually not up-to-date • runs proprietary (unsecure) software • difficult to monitor • It’s getting worse ! • new botnets designed to fight against Mirai (Hajime, BrickerBot) • used to mine Bitcoin, DogeCoin and other crypto-currencies 8

  9. IoT smart stuff : pirates’ heaven What could possibly go wrong ? 9

  10. IoT smart stuff : pirates’ heaven • Smart devices are now wide-spread and used • to secure our houses and flats : smartlocks • to detect burglars and intruders : smart alarms, smart CCTV • to make a patient’s life easier : smart insuline pumps, connected glucose monitoring systems • What happens if one of those fails ? • Don’t worry, you are covered by your insurance policy ! • Are you sure ? • Last but not least, you might be dead . 10

  11. The role of a connected device during an investigation

  12. The role of a connected device during an investigation • Three major cases : • the device was a victim/target of a crime • the device has been used to commit a crime • the device contains some information related to a crime 12

  13. The role of a connected device during an investigation Pacemakers, insulin pumps and a lot more devices may injure people or cause death 13

  14. The role of a connected device during an investigation • The victim device may contain • information about how the attack was performed • traces related to the origin of the attacker • artefacts (exploits, malwares, backdoors, ...) • Required to evaluate the damages and how bad the situation is ! 14

  15. The role of a connected device during an investigation TV5 Monde hack • In April 2015, TV5 Monde is attacked and its broadcasting infrastructure shut off. • The French ANSSI (National IT Security Agency) handled the incident • They had a hard time figuring out how to forensically extract information from some embedded systems • They asked the vendors about their systems • They had to determine how to extract and preserve the evidences from these devices • No standard procedure for this particular case 15

  16. The role of a connected device during an investigation Quadcopters as bomb droppers 16

  17. • The device may contain • Information that may reveal its owner’s identity : serial number, email address, phone name or number, ... • Geographical information : GPS coordinates, Take off location • Photos, videos, records of previous activity 17

  18. The role of a connected device during an investigation Amazon’s Alexa device analyzed during an FBI investigation 18

  19. • The device may contain • Information about someone’s activity : GPS coordinates, date and time of various events, information about surroundings active devices (WiFi access points), ... • Photos, videos • Logs 19

  20. Digital forensics in the Internet of Things era

  21. Digital forensics in the Internet of Things era Extracting information from devices may seem an easy task • Easy-peasy, its Linux-based with known filesystem ! • We just need to dump the Flash memory and extract everything with Encase ! But wait ... • What if the device uses a secure boot with military-grade encryption ? • What if the device has no filesystem at all ? • What if the device offers no way to access its system to extract live information ? 21

  22. Digital forensics in the Internet of Things era • It uses various electronic chips to store information • eMMC • SPI Flash • F-RAM • Internal flash memory (System on Chip) • Internal EEPROM • It stores information at specific unknown locations • It may use proprietary encryption or obfuscation • It offers no easy way to access the information 22

  23. Post-mortem analysis of a smart device

  24. Post-mortem analysis of a smart device We need moar tools ! • Tools to desolder and clean electronic memory chips • Tools to access memory devices and forensically extract information • Tools to reverse-engineer firmwares and find where and how the information is stored • Tools to bypass memory protections and other anti-dump techniques and tools (i.e. exploits !) 24

  25. Post-mortem analysis of a smart device We need a specific methodology ! • Maximum of information, minimum effort • allowing investigators to quickly extract valuable information • reducing risk of loss of information (when possible) and ensuring evidences integrity 25

  26. Post-mortem analysis of a smart device • Determine if the device has an operating system • Identify the main component • Check the datasheet and development kit • Determine if it usually runs an operating system • Locate external flash memory chips (SPI Flash, NAND, eMMC) • Find the corresponding datasheet • Determine how to communicate with the memory chip : SPI, Parallel Flash, Proprietary protocol • Use the correct adapter/tool to extract the information • Desolder the memory chip if necessary • Use classic forensic tools on SD cards • Create a bit-stream image of the memory chips • Compute SHA512 and MD5 hashes for each image • Analyze the images • Look for filesystems if an operating system is used • Look for chip-specific information (depending on the datasheet and the associated memory map) • Keyword search ! 26

  27. Post-mortem analysis of a smart device Case Study : TheQuickLock padlock 27

  28. Post-mortem analysis of a smart device 1. Open the smartlock 28

  29. Post-mortem analysis of a smart device 29

  30. Post-mortem analysis of a smart device 2. Get your hands on the PCB 30

  31. Post-mortem analysis of a smart device • Main component : Texas Instruments CC2541 • Does it run an OS : NO • No external memory chip : data is stored in the CC2541 SoC • Memory access : We need a CC Debugger to dump the flash 31

  32. Post-mortem analysis of a smart device 3. Access the memory and dump 32

  33. Post-mortem analysis of a smart device • Where is the interesting information stored ? • No OS, information is stored in Flash • We need to find where the interesting information is stored • It is not a trivial task, but requires some time to figure out 33

  34. Post-mortem analysis of a smart device 4. Extract the PIN code from Flash 34

  35. Post-mortem analysis of a smart device 5. Extract the event log 35

  36. Live analysis of compromised devices

  37. Live analysis of compromised devices • Analysis is often difficult • no easy way to communicate with the device • no system access while the system is active (if we want to keep it active) • no standard procedure , it’s not a computer ! • Lack of proper tools • We have to deal with U(S)ART or BLE interfaces • Standard DFIR toolkits provide no way to interact with these protocols 37

  38. Live analysis of compromised devices • If it’s on, keep it on ! • Powering off the device may destroy evidence • The device may provide an easy way to extract valuable information • Identify the best way to extract information from the device • Find a working communication channel • Ensure it offers access to valuable information • Use this communication channel to gather as much information as possible • Available information depends on the device • The device MUST provide a feature to get valuable information (error codes, logs, ...) 38

  39. Live analysis of compromised devices • Use available tools to access the device • Linux’ GATT client to communicate through BLE • screen or minicom to communicate through U(S)ART • Collect every valuable piece of information, following the Order of Volatility • Active memory • Processes list • Active connections • IP Addresses • BD Addresses • Files (or assimilated) • Serial numbers 39

  40. Live analysis of compromised devices Case Study : Fora Glucose Monitoring System 40

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Internet of Compromised Things Damien Cauquil & Nicolas Kovacs RMLL, July 4th, 2017 Who are

Internet of Compromised Things Damien Cauquil & Nicolas Kovacs RMLL, July 4th, 2017 Who are

Internet of Compromised Things Damien Cauquil & Nicolas Kovacs RMLL, July 4th, 2017 Who are we ? Nicolas Kovacs Security Consultant at CERT-UBIK DFIR team leader Bounty Hunter Damien Cauquil R&D director and senior

947 views • 56 slides
The Internet of Things Afloat by Digital Yacht What is the Internet of Things ? The

The Internet of Things Afloat by Digital Yacht What is the Internet of Things ? The

The Internet of Things Afloat by Digital Yacht What is the Internet of Things ? The Internet of Things (IoT ). A proposed development of the Internet in which everyday objects have network connectivity, allowing them to send

575 views • 24 slides
The Internet of Things Niels Olof Bouvin 1 Overview What is the Internet of Things? The vision

The Internet of Things Niels Olof Bouvin 1 Overview What is the Internet of Things? The vision

The Internet of Things Niels Olof Bouvin 1 Overview What is the Internet of Things? The vision Domains of the Internet of Things The challenges RFID 2 What is the Internet of Things? (CERP-IoT 2009): Internet of Things (IoT) is an

813 views • 33 slides
on the Internet of Things Software Project What is the Internet of Things? A system in which

on the Internet of Things Software Project What is the Internet of Things? A system in which

on the Internet of Things Software Project What is the Internet of Things? A system in which objects in the physical world can be connected to the Internet by sensors and actuators (coined 1999 by Kevin Ashton) Key aspects: E2E

343 views • 10 slides
The Internet of Things: an overview "Workshop on New Frontiers in Internet of Things

The Internet of Things: an overview "Workshop on New Frontiers in Internet of Things

The Internet of Things: an overview "Workshop on New Frontiers in Internet of Things Telecommunications/ICT4D Laboratory (T/ICT4D) of the Abdus Salam International Centre for Theoretical Physics (ICTP) 17 March 2016 (Trieste, Italy)

758 views • 37 slides
Wi-Fi Backscatter: Battery-free Internet Connectivity to Empower the Internet of Things

Wi-Fi Backscatter: Battery-free Internet Connectivity to Empower the Internet of Things

Wi-Fi Backscatter: Battery-free Internet Connectivity to Empower the Internet of Things Ubiquitous Computing Seminar FS2015 Bjarni Benediktsson | | Internet of Things The Internet of Things (IoT) is a computing concept that

657 views • 36 slides
How Were Failing To Secure The Internet Of Things Mark Stanislav

How Were Failing To Secure The Internet Of Things Mark Stanislav

How Were Failing To Secure The Internet Of Things Mark Stanislav <mstanislav@duosecurity.com> About The Internet Of Things The Internet of Things is the network of physical objects that contain embedded technology to

519 views • 25 slides
Introduction to The Web of Things Niels Olof Bouvin 1 Overview What is the Internet of Things?

Introduction to The Web of Things Niels Olof Bouvin 1 Overview What is the Internet of Things?

Introduction to The Web of Things Niels Olof Bouvin 1 Overview What is the Internet of Things? The vision Domains of the Internet of Things The challenges The Proto Web of Things The Raspberry Pi as a WoT platform The challenge of the

1.21k views • 63 slides
Securing the Web of Things Andrei Sabelfeld @asabelfeld Web of Things Internet of Things (IoT)

Securing the Web of Things Andrei Sabelfeld @asabelfeld Web of Things Internet of Things (IoT)

Securing the Web of Things Andrei Sabelfeld @asabelfeld Web of Things Internet of Things (IoT) Incompatible standards, platforms, technologies World Wide Web Consortium (W3C) is in a unique position to create the royalty-free and

273 views • 15 slides
for the Internet of Things Shaowei Lin GTC San Jose May 2017 Internet of Things Heterogeneous

for the Internet of Things Shaowei Lin GTC San Jose May 2017 Internet of Things Heterogeneous

Artificial General Intelligence for the Internet of Things Shaowei Lin GTC San Jose May 2017 Internet of Things Heterogeneous Systems Resource Constraints Higher-Order Intelligence Distributed Intelligence Deep Neural Networks

269 views • 24 slides
LoRa Wireless Network for the Internet of Things Content 1) The Internet of Things 2) Low-Power

LoRa Wireless Network for the Internet of Things Content 1) The Internet of Things 2) Low-Power

LoRa Wireless Network for the Internet of Things Content 1) The Internet of Things 2) Low-Power Wide-Area Network (LPWAN) 3) LoRa Architecture Layers Limitations 4) Other LPWAN Technologies 5) Conclusion 2 The Internet of Things

10.73k views • 27 slides
Internet of things: Next evolution of the Internet Cisco blog quotes: The number of devices

Internet of things: Next evolution of the Internet Cisco blog quotes: The number of devices

6PANview : A Network Monitoring System for the Internet of Things 23-August-2011 Lohith Y S, Brinda M C, Anand SVR, Malati Hegde Department of ECE Indian Institute of Science Bangalore Funded by DIT, Government of India Internet of

520 views • 20 slides
INDUSTRIAL INTERNET OF THINGS Title : The State of the Industrial Internet of Things

INDUSTRIAL INTERNET OF THINGS Title : The State of the Industrial Internet of Things

THE STATE OF THE INDUSTRIAL INTERNET OF THINGS Title : The State of the Industrial Internet of Things Overview : From industry to industry the industrial internet of things is creating tremendous value. This webinar, based on insights

573 views • 34 slides
Policy and Technology Drivers in Policy and Technology Drivers in the Internet of Things the

Policy and Technology Drivers in Policy and Technology Drivers in the Internet of Things the

Policy and Technology Drivers in Policy and Technology Drivers in the Internet of Things the Internet of Things Grald Santucci Head of Unit Networked enterprise & Radio Frequency Identification (RFID) Internet of Things 2008, Zurich

732 views • 28 slides
Internet of Things Security A Survey by Avi Webberman Outline What is the Internet of Things

Internet of Things Security A Survey by Avi Webberman Outline What is the Internet of Things

Internet of Things Security A Survey by Avi Webberman Outline What is the Internet of Things (IoT)? Why is IoT Security so Important? Dyn DDOS Attack What are the security challenges of an IoT network? A Proposed Taxonomy

176 views • 14 slides
Internet of Things Hafedh Yahmadi LOGO Contents Whats Internet of Things 1 State of the

Internet of Things Hafedh Yahmadi LOGO Contents Whats Internet of Things 1 State of the

Internet of Things Hafedh Yahmadi LOGO Contents Whats Internet of Things 1 State of the Art of IoT 2 Challenges and Limitation of IoT 3 Future of IoT 4 Thing Ask google : where is my keys.? Where are my kids? History Whats the

591 views • 40 slides
Integrating civil unmanned aircraft operating autonomously in non-segregated airspace: towards a

Integrating civil unmanned aircraft operating autonomously in non-segregated airspace: towards a

Integrating civil unmanned aircraft operating autonomously in non-segregated airspace: towards a dronoethics? RDA2, 28/08/12 Thomas Dubot: thomas.dubot@onera.fr Presentation plan Context Integration of UAOA in non-segregated airspace

325 views • 20 slides
of HTML5 the design of HTML5 the design of HTML5 design principles We hold these Truths to be

of HTML5 the design of HTML5 the design of HTML5 design principles We hold these Truths to be

the design of HTML5 the design of HTML5 the design of HTML5 design principles We hold these Truths to be self-evident, that all Men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these

821 views • 53 slides
Sick of Winter Luke 9: Jesus sends out the 12 Luke 9: Jesus sends out the 12 2. Feeds the 5000

Sick of Winter Luke 9: Jesus sends out the 12 Luke 9: Jesus sends out the 12 2. Feeds the 5000

Sick of Winter Luke 9: Jesus sends out the 12 Luke 9: Jesus sends out the 12 2. Feeds the 5000 Luke 9: Jesus sends out the 12 2. Feeds the 5000 3. Peters great declaration Luke 9: Jesus sends out the 12 2. Feeds the 5000 3. Peters

603 views • 49 slides
FEDERAL DOMESTIC VIOLENCE LAWS VIOLENCE AGAINST WOMEN ACT VAWA GUN CONTROL ACT Presented

FEDERAL DOMESTIC VIOLENCE LAWS VIOLENCE AGAINST WOMEN ACT VAWA GUN CONTROL ACT Presented

FEDERAL DOMESTIC VIOLENCE LAWS VIOLENCE AGAINST WOMEN ACT VAWA GUN CONTROL ACT Presented by: Margaret Groban, AUSA EOUSA, Office of Legal Programs Disclaimer: The National Center on Protection Orders and Full Faith & Credit

374 views • 19 slides
IN THE SHADOW OF DANGER: Workers , Communities, Ecosystems at Risk Our Coalition: champions

IN THE SHADOW OF DANGER: Workers , Communities, Ecosystems at Risk Our Coalition: champions

IN THE SHADOW OF DANGER: Workers , Communities, Ecosystems at Risk Our Coalition: champions strong refinery safety regulations What Is Process Safety Management (PSM)? A set of state regulations (or rules) to ensure that effective safety

358 views • 22 slides
AI Ethics 4/28/17 Near-Term Ethical Concerns military AI privacy AI displacing jobs financial

AI Ethics 4/28/17 Near-Term Ethical Concerns military AI privacy AI displacing jobs financial

AI Ethics 4/28/17 Near-Term Ethical Concerns military AI privacy AI displacing jobs financial instability Discussion Questions What are the redistributive consequences of AI? Are they fundamentally different from other technological

99 views • 6 slides
Three New Laws of AI Qiang Yang CAIO, WeBank, Chair Professor, HKUST 2020.7

Three New Laws of AI Qiang Yang CAIO, WeBank, Chair Professor, HKUST 2020.7

Three New Laws of AI Qiang Yang CAIO, WeBank, Chair Professor, HKUST 2020.7 https://www.fedai.org/ 1 Three Laws of Robotics Asimov First Law: A robot may not injure a human being, or through interaction, allow a human being to

1.08k views • 56 slides
11/10/2011 Introduction Economic Loss Doctrine (ELD) Defined Current State of Law

11/10/2011 Introduction Economic Loss Doctrine (ELD) Defined Current State of Law

11/10/2011 Introduction Economic Loss Doctrine (ELD) Defined Current State of Law Limitation of Liability (LOL) Concept Defined Recent Developments ELD and LOL Bibliographies Economic Loss Doctrine What is ELD?

450 views • 19 slides

More recommend