The Internet of Vulnerabilities Deral Heiland Research Lead IoT | - PowerPoint PPT Presentation

Jun 30, 2023 •280 likes •555 views

The Internet of Vulnerabilities Deral Heiland Research Lead IoT | Rapid7 Deral Heiland CISSP Research Lead (IoT) Rapid7 IoT Research Effective Methodology Functional Evaluation Device Reconnaissance Cloud & Web APIs Mobile & Control

The Internet of Vulnerabilities Deral Heiland Research Lead IoT | Rapid7
Deral Heiland CISSP Research Lead (IoT) Rapid7
IoT Research
Effective Methodology Functional Evaluation Device Reconnaissance Cloud & Web APIs Mobile & Control Applications Network Physical Embedded hardware Inspection Physical Device Attacks Radio (RF)
IoT Hacking
A Few Fun Projects Automated lighting solutions BLE tracking dongles Telepresence robots GPS Panic buttons
Automated Lighting • Unencrypted Storage • Poor Encryption • Unauthenticated control • Embedded Web Vulns
#Set up data to send to port 4000 $data1 = "\x83\x00\x00\xe3\x03\x00\x00\x00\x01"; $data2 = pack('a33',"$SSID"); $data3 = pack('a69',"$WPAPSK"); $data4 = "\x04\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"; $send_data = join "", $data1, $data2, $data3, $data4;
Telepresence Robot • Insecure cloud APIs • Information Leakage • Bluetooth Pairing
https://api.doublerobotics.com/api/v1/session/?limit=1&offset=xxxxxxx&format=json
https://api.doublerobotics.com/api/v1/installation/?limit=1&offset=xxxxxxx&format=json
BLE Dongles • Unauthenticated Access • Week BLE pairing • Information Leakage • Insecure cloud API
https://phonehalocloud.appspot.com/rest/tracker/00000f7c-541088d9
GPS Panic Button • Poor Design • None SSL communication • Bounds checks • Realtime WWW Fail
Deral Heiland CISSP Research Lead Rapid7 Deral_heiland@rapid7.com @percent_x

Download Presentation

Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Network and Internet Vulnerabilities Computer Security Lecture 9 David Aspinall School of

Network and Internet Vulnerabilities Computer Security Lecture 9 David Aspinall School of Informatics University of Edinburgh 24th February 2014 Outline Introduction Network and transport-level vulnerabilities Higher-level protocol

1.01k views • 88 slides

Internet of Things and the risks of vulnerabilities Date : 27 th July 2017

Internet of Things and the risks of vulnerabilities Date : 27 th July 2017 www.dm-networkvideo.com The Background to IoT The Internet of Things ( IoT ) covers all IP addressable appliances Ranges from home appliances and control,

549 views • 17 slides

Exploiting the Client Vulnerabilities in Internet E-voting Systems: Hacking Helios 2.0 as an

Exploiting the Client Vulnerabilities in Internet E-voting Systems: Hacking Helios 2.0 as an Example Saghar Estehghari 1 Yvo Desmedt 1 , 2 1 Department of Computer Science University College London, UK 2 Research Center for Information Security

572 views • 28 slides

Lawful Hacking: Using Existing Vulnerabilities for Wiretapping on the Internet Steven M.

Lawful Hacking: Using Existing Vulnerabilities for Wiretapping on the Internet Steven M. Bellovin https://www.cs.columbia.edu/smb Join work with Matt Blaze, Sandy Clark, Susan Landau 1 Steven M. Bellovin December 22, 2013 A Note on

366 views • 36 slides

CMPSC 497 More on Overflow Vulnerabilities Trent Jaeger Systems and Internet Infrastructure

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA CMPSC 497 More on Overflow Vulnerabilities Trent Jaeger

634 views • 45 slides

CMPSC 497 Other Memory Vulnerabilities Trent Jaeger Systems and Internet Infrastructure

827 views • 44 slides

CMPSC 497 Buffer Overflow Vulnerabilities Trent Jaeger Systems and Internet Infrastructure

739 views • 38 slides

Mobile Apps Often Need to Talk to a Remote server Internet Internet Saving resources (e.g.,

Introduction Overview Detailed Design Evaluation Discussion Related Work Summary References Automatic Forgery of Cryptographically Consistent Messages to Identify Security Vulnerabilities in Mobile Services Chaoshun Zuo , Wubing Wang

347 views • 34 slides

NECESSARY BACKGROUND ON MEMORY EXPLOITS AND WEB APPLICATION VULNERABILITIES Outline 2

1 NECESSARY BACKGROUND ON MEMORY EXPLOITS AND WEB APPLICATION VULNERABILITIES Outline 2 Memory safety attacks Buffer overruns Format string vulnerabilities Web application vulnerabilities SQL injections Cross-site

901 views • 39 slides

vulnerabilities CVE, Common Vulnerabilities and Exposures CWE, Common Weakness Enumeration

Security & Knowledge Management a.a. 2019/20 There are a set of sources that provide updated information about security vulnerabilities CVE, Common Vulnerabilities and Exposures CWE, Common Weakness Enumeration CAPEC,

197 views • 8 slides

Operating System Hardening Vulnerabilities Unique vulnerabilities for: Different

Operating System Hardening Vulnerabilities Unique vulnerabilities for: Different operating systems Different vendors Client and server systems Vendors try to correct Attackers try to exploit Security professionals must

620 views • 11 slides

Understanding and Securing Device Vulnerabilities through Automated Bug Report Analysis Xuan Feng

Understanding and Securing Device Vulnerabilities through Automated Bug Report Analysis Xuan Feng , Xiaojing Liao, XiaoFeng Wang, Haining Wang, Qiang Li, Kai Yang, Hongsong Zhu, Limin Sun USENIX Security 2019 Internet-of-Things (IoT) Devices IoT

422 views • 23 slides

Accountable Internet Protocol David Andersen, Hari Balakrishnan, Nick Feamster, Teemu Koponen,

Accountable Internet Protocol David Andersen, Hari Balakrishnan, Nick Feamster, Teemu Koponen, Daekyeong Moon, Scott Shenker http://www.aip-arch.net/ Internet Full of Vulnerabilities Distributed DoS Million-Node Botnets Prefix Hijacking IP

785 views • 34 slides

SAME Presentation on Cybersecurity Andy Knauf CIO Mead & Hunt INTERNET SECURITY TESTING

SAME Presentation on Cybersecurity Andy Knauf CIO Mead & Hunt INTERNET SECURITY TESTING The engineers will scan Internet-visible hosts, identify services running on the hosts, and conduct testing for vulnerabilities to known exploits.

671 views • 15 slides

Jonathan Pollet conference Part 1: Control System Vulnerabilities control system vulnerabilities

Rome, May 31, 2011 Jonathan Pollet conference Part 1: Control System Vulnerabilities control system vulnerabilities > analysis of 5 years of field data Jonathan Pollet, CISSP , CAP , PCIP Red Tiger Security [on behalf of the DHS CSSP

413 views • 20 slides

No Yes Do you use the Internet to do homework? Do you use the Internet to follow your

No Yes Do you use the Internet to do homework? Do you use the Internet to follow your favourite team? Do you use the internet to watch music videos? Do you use the Internet to read the news? Do you use the Internet to play games? Shared

997 views • 51 slides

The Internet and World Wide Web CSE 190 M (Web Programming), Spring 2007 University of Washington

CSE 190 M Slides: Internet/WWW Page 1 The Internet and World Wide Web CSE 190 M (Web Programming), Spring 2007 University of Washington Reading: Sebesta Ch. 1 sections 1.1 - 1.5.2, 1.7 - 1.8.5, 1.8.8, 1.9 What is the Internet? A "series

451 views • 6 slides

Week 1 @rwdkent www.rwdkent.com Syllabus, Schedule, Assignments What Does A Web Designer Do?

Week 1 @rwdkent www.rwdkent.com Syllabus, Schedule, Assignments What Does A Web Designer Do? A Brief History The Web is 28 years old. Tim Berners Lee Berners-Lee wanted the World Wide Web to be a place where people could share

915 views • 59 slides

WebRTC: Leveraging New Features October 15, 2019 Website: https://webrtc.internaut.com/iit-2019/

WebRTC, Mobility, Cloud, IOT and More... IIT REAL-TIME COMMUNICATIONS Conference & Expo Oct 14-16, 2019 Chicago WebRTC: Leveraging New Features October 15, 2019 Website: https://webrtc.internaut.com/iit-2019/ Bernard Aboba

481 views • 31 slides

WebRTC & ORTC Tutorial October 14, 2019 Tutorial website:

WebRTC, Mobility, Cloud, IOT and More... IIT REAL-TIME COMMUNICATIONS Conference & Expo Oct 14-16, 2019 Chicago WebRTC & ORTC Tutorial October 14, 2019 Tutorial website: https://webrtc.internaut.com/iit-2019/ Bernard Aboba

1.73k views • 128 slides

Application Provisioning in Fog Computing- enabled Internet-of-Things: A Network Perspective

Application Provisioning in Fog Computing- enabled Internet-of-Things: A Network Perspective Ruozhou Yu , Guoliang Xue, and Xiang Zhang Arizona State University Outlines Background and Motivation System Modeling Algorithm Design and Analysis

808 views • 25 slides

Smart Grid: The Internet of Energy H. Vincent Poor Princeton University & TAMU Hagler

Smart Grid: The Internet of Energy H. Vincent Poor Princeton University & TAMU Hagler Institute for Advanced Study With thanks to Minjie Chen (Princeton) and Saleh Soltan (Amazon) Outline Background Smart Grid Motivation

751 views • 44 slides

Use of Internet resources during secure online testing Stephen Williams SVP, Test Development

Use of Internet resources during secure online testing Stephen Williams SVP, Test Development Solutions Prometric What we will cover Open book testing Delivery Methodologies Some testing considerations Open book testing more

337 views • 7 slides

Informational Slides Internet Measurements Seminar

Technische Universitt Mnchen Informational Slides Internet Measurements Seminar http://www.cm.in.tum.de/teaching/2019-seminar-internet-measurements/ Vaibhav Bajpai, Trinh Viet Doan January, 2019 1 Technische Universitt Mnchen Outline

164 views • 5 slides