Internet of Things – novelty and comfort vs. security

Video thumbnail (Frame 0) Video thumbnail (Frame 1536) Video thumbnail (Frame 3216) Video thumbnail (Frame 4543) Video thumbnail (Frame 6638) Video thumbnail (Frame 8108) Video thumbnail (Frame 9485) Video thumbnail (Frame 10997) Video thumbnail (Frame 12205) Video thumbnail (Frame 14097) Video thumbnail (Frame 15521) Video thumbnail (Frame 17370) Video thumbnail (Frame 19823) Video thumbnail (Frame 21663) Video thumbnail (Frame 23295) Video thumbnail (Frame 25040) Video thumbnail (Frame 27186) Video thumbnail (Frame 29273) Video thumbnail (Frame 30619) Video thumbnail (Frame 32144) Video thumbnail (Frame 34081) Video thumbnail (Frame 35360) Video thumbnail (Frame 36678) Video thumbnail (Frame 37922) Video thumbnail (Frame 39899) Video thumbnail (Frame 42359) Video thumbnail (Frame 46956) Video thumbnail (Frame 48321) Video thumbnail (Frame 52969) Video thumbnail (Frame 54681) Video thumbnail (Frame 57062) Video thumbnail (Frame 58565) Video thumbnail (Frame 60219) Video thumbnail (Frame 61437) Video thumbnail (Frame 64625) Video thumbnail (Frame 65949) Video thumbnail (Frame 68088) Video thumbnail (Frame 74256) Video thumbnail (Frame 76193) Video thumbnail (Frame 78830) Video thumbnail (Frame 80517) Video thumbnail (Frame 83167) Video thumbnail (Frame 84965) Video thumbnail (Frame 86614) Video thumbnail (Frame 93460) Video thumbnail (Frame 94823)
Video in TIB AV-Portal: Internet of Things – novelty and comfort vs. security

Formal Metadata

Internet of Things – novelty and comfort vs. security
Title of Series
CC Attribution 4.0 International:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Release Date

Content Metadata

Subject Area
Aleksander Zdyb will present unique security requirements of Internet of Things, automotive and other embedded devices.
Keywords Security

Related Material

Video is cited by the following resource
Point (geometry) Proof theory Computer animation Software Multiplication sign Information security
Computer animation Term (mathematics) Personal digital assistant Internet der Dinge Information security
Computer animation Internetworking Term (mathematics) Radio-frequency identification Physical law Chain Expert system Branch (computer science) Internet der Dinge Information security
Group action Data storage device Shared memory Insertion loss Usability Uniform resource locator Process (computing) Computer animation Visualization (computer graphics) Internetworking Computer network Internet der Dinge Object (grammar) Extension (kinesiology)
Computer animation State of matter Internetworking Different (Kate Ryan album) Interface (computing) Internet der Dinge System call Resultant
Group action Greatest element Computer animation Multiplication sign Formal grammar Infinity Internet der Dinge
Presentation of a group Mathematics Computer animation Integrated development environment Multiplication sign Real number Set (mathematics) Resultant
Type theory Meeting/Interview Encryption Energy level Student's t-test Information security
Rifling Functional (mathematics) Computer animation Inheritance (object-oriented programming) Internetworking
Facebook Computer animation Speech synthesis Energy level Error message Magnetic stripe card Condition number
Spring (hydrology) Computer animation Profil (magazine) Graph (mathematics) Measurement Form (programming)
Computer animation Telecommunication Summierbarkeit Branch (computer science)
Server (computing) Computer animation Personal digital assistant
Computer animation Personal digital assistant Local area network Heat wave Encryption Video game Information security
Ocean current Computer animation File format Universe (mathematics) Virtual machine Control flow
Group action Weight Parameter (computer programming) Flow separation Message passing Arithmetic mean Computer animation Software Internetworking Personal digital assistant Factory (trading post) Electronic visual display Error message Physical system
Computer animation Key (cryptography) Different (Kate Ryan album) Phase transition 1 (number) Encryption Endliche Modelltheorie Condition number
Computer animation Control flow Limit (category theory) Information security Measurement
Topological vector space Scaling (geometry) Computer animation Forcing (mathematics) Graph (mathematics) Information security Binary file
Scripting language Mobile Web Pattern recognition Computer animation Vector space Interface (computing) Constructor (object-oriented programming) Bit Metropolitan area network Connected space
User interface Enterprise architecture Computer animation Information Integrated development environment Telecommunication Multiplication sign Point cloud Mikroblog Information security Number
Computer animation Strategy game Physical law Information security
Computer animation Multiplication sign Information security Product (business)
Computer animation Software Video game
Slide rule Computer animation Bit rate Internetworking Multiplication sign Plastikkarte Mereology Number
Computer virus User interface Boss Corporation Group action Touchscreen Firewall (computing) Multiplication sign Interface (computing) Mereology Power (physics) Discounts and allowances Moore's law Mathematics Computer animation Software Personal digital assistant Encryption Logic gate
Point (geometry) Shift operator Flock (web browser) Multiplication sign Forcing (mathematics) Staff (military) Code Connected space Wave packet Number Computer animation Personal digital assistant Web-Designer Factory (trading post) Single-precision floating-point format Configuration space Cuboid Information security
Topological vector space Building Arithmetic mean Arm Computer animation Term (mathematics) Shared memory Insertion loss Information privacy Information security Theory
Building Computer animation Software Network topology Self-organization Physicalism Plastikkarte Finite-state machine Extreme programming Information security Resultant
Service (economics) Computer animation Information Heat wave Set (mathematics)
Slide rule Boss Corporation Server (computing) Arm Transportation theory (mathematics) Multiplication sign Device driver Insertion loss Water vapor Measurement Dimensional analysis Computer animation Software Hypermedia Factory (trading post) Order (biology) Right angle
Functional (mathematics) Process (computing) Computer animation Internet der Dinge Connected space
Computer animation Software Transportation theory (mathematics) Multiplication sign Software developer Point cloud Video game Software framework Cycle (graph theory) Flow separation Perspective (visual)
Scripting language Point (geometry) Slide rule Functional (mathematics) Standard deviation Greatest element Transportation theory (mathematics) Multiplication sign Moment (mathematics) Plastikkarte Public key certificate Neuroinformatik Computer animation Thermodynamisches System Self-organization Energy level Cuboid Software testing Object (grammar) Information security Local ring Physical system
Point (geometry) Computer animation Transportation theory (mathematics) Internetworking Multiplication sign Cuboid Object (grammar) Connected space
Vortex Moore's law Computer animation Software Multiplication sign Self-organization Point cloud Online help Limit (category theory) Mereology Electronic signature Power (physics)
Presentation of a group Computer animation Information Different (Kate Ryan album) Multiplication sign Order (biology) Smartphone Tunis
Computer animation Information Multiplication sign Archaeological field survey Information security
Computer animation Electronic program guide Self-organization Internet der Dinge Information security Physical system
Point (geometry) Arm Divisor Multiplication sign Moment (mathematics) Execution unit Public key certificate Computer animation Forest Operating system Energy level Software framework Communications protocol Information security Metropolitan area network
Computer animation Operating system Authorization Information security
Computer animation
you look at so again I thank you for world and welcome our minds so that some this the and privately I
personally and just of free software
and professionally I work with embedded devices I devices and in the last 3 3 4 point all devices and for us for years I was interested particularly
in security of this devices of OK this is my 2nd time here on cross con speaking so thank still holds and all the proof for inviting me and holding these receive and is very very nice every time sold uh let's start at the top of the day
is Internet of Things novelty and comfort versus security so I think that we all kind understand what the Internet of Things devices are but let's
look at the moral fault used in more details and especially let's see what are the benefits but also what is the compromise we we need to agree especially in terms of security uh to use them so today we're going to talk about what is the think in case it's not yet well understood and probably not going to expand because it's you just going topic and there are I
believe there are no real experts in this branch so then I would show some have been about the use of this book the devices has out instead then that they're create and then finally how provides
security and sold most common problems and and in the end we can have some discussion of questions of law let's see so the
1st question if furious if every device connected to Internet is already I device so Internet of things
it's not recent term was 1st used by Mr. Kevin Ashton had in the last century and he was describing Procter & Gamble's it's a supply chain and tools just RFID devices speaking to each other and that was it so how do we defined it of only so
the the the loss of the and with while this is not the issue with the group think of it this is it OK sorry about that so currently Wikipedia defined and that think facet concept according to which devices can store process and share that with you that of computer network but I think this is to generalize it it can be true
for all the trait every device which is connected to to to kind and that so let's look at under our Mr. and neurons on the express and to the extent the researcher says it's location of visual presence to physical objects and that's more like the soul and comparing to intended of non thinks the Internet of humans that said we can agree somehow the Internet of Things usable devices which themselves produce that information and consume them and there there
is no need for human of course you 1 can be at the beginning of the change or and in the end of the chain but in the intermediate state the only devices which produce and consume each other's data and that's the different so no I don't believe that every device connected to Internet is the Internet of Things I believe that it is to have this feature of producing that on its own or consuming that up on its own without needing human tool interface with so let's see
how does it look in practice so what especially manufacturers while where what they liked call
Internet of Things for different results because they really believe that this is terrible things or maybe they just want to market this this way but let's see so let's start
with very simple stuff and 1 little describe this grammar at the beginning I'm showing devices uh about I'm not talking about them really sold this is just illustration of a group of devices so group is just very common among stuff like that connected bottoms which can be programmed for power outlets that special but this is where the Internet of Things uh than boys
and dispose can also our connecting infinite and should share some that to we see some that are for example some toys can on the time of the day they can react on the weather conditions outside and so on so this
is a very very nice sometimes it's on the for this that personal results as there is some research not destroy presented by the time was restricted to edges were able to talk 1 of such devices and make it swearing in front of their user's around so let's see what's next something more
than of yeah yeah of real stuff so this is here at 8 which is connected on it can connect for example directly to the doorbell sold he doesn't leads to amplify the real go adorable but instead can just play the sound of the doorbell have directly compare it to fall or it can we act on changes in the environment to adjusted settings very nice day today just before my presentation those also mention
this peacemaker defibrillator which is also a kind of priority because it these devices this type of devices have been mentioned it also was mentioned that they usually have no security no encryption so yeah you can see that the appliances maybe reduce sometimes as sometimes
the seals or more students and person and you have some uh rebounding you can order the things using your phone for example that's just fun probably have barbecue
must have are so this is device can I measure the In the level of gas in your container what or wrong what can go wrong is a
rifle and uh of course I'm not going to say that if you have this device you could pull the trigger of his rival but were said were able told me sleep out of aiming and targeting to hate and this school couple tried is helping to track current and articles were able to change the target while any so this is kind of scary or being as something
for the youngest of this is from nice device 8 can help track vital functions of your baby have trouble very good for most of violence and for some money but there was already a story on the internet our parents were scared to see the litigation on data from that the flight of functional the babies disappeared on me to find out that the Toda dozens of the stock and he so something which
is probably not on the 4th thing I just I just wonder you can be connected to your phone hopefully not directed to Facebook to just announced that everybody during this is something
which I believe and this is what where I work I work in industry and agriculture IOT uh so I believe this is 1 of them passes which makes most sense on the couch or where the I the devices all the tracked also harvest those stripes and so on are connected to each other speaking error to each other
what are other crops what are the fewer levels what other engines conditions this helps a lot in on
this is some thing for gardening and you can get to a spring and your graphs and so on that includes special about this and other stuff but
this is something you know there is no things to be excited about to be laugh about it last year it's about how well this
this is something which is virtually on the beach form men it's measure this is sensitive to the measure of uh man's performance and synchronize it without profile on phone uh I don't know if it's false it's to their dating airport also not just the OK something which
is again use or not but there is hope the bond qualities they want to create 1 OK so we are using the banking for like 15 or 20 years now so what is of a special about this 1 all if you always spent somewhere in the restaurant Lempel is going to connect to your thermostat and turned on your temperature so can save money the so to
sum up our it's all around us it's in every branch of our I've smart-home wearables communication industry and undertakes health everything so if you like it or not is all around us even if you don't by yourself if you dont employed yourself it's your neighbor is your colleagues who does it and you can't you can't just do anything about this
out a few examples of what I have already what has already gone wrong and about these devices the what
this so that this 1st example
about k so can we have some hope this the each of the so again from squared and and I OK so about that so you will know what can go wrong about devices already
but about specific about anti devices so there was some tall peak on Reddit last year that with fabric I become a us there previous users where is still able to connect to their new users devices and this might be a Iittle problem but sometimes it may escalate so
let's see what's next so sometimes owners of pets decides to leave them at home and go for vocational there and there are these nice devices which can take care of that that's at least feeding them but they're also cases where some servers where malfunctioning and stopped feeding animals uh and if they also applied to people because of but anatomist on the coast of draining battery which then and so yeah they devices just didn't work
and another case also with 10 that during the heat wave our own they just had about somewhere in service and that they didn't work again so if we if we depend on our comfort the or life even sometimes of the pets for these devices we when we we have to know what the houses the and other device I've already shown this
is it doesn't matter with which exactly is at all all of them behave uh around the same and have security implement that or lack of security implemented the same way so this device had how life I hold sport for uh is the set up but there was no uh there was only with weak possible at on this holds book and there was no encryption in local networks and no encryptions no encryption in
uh communicating with the club so every neighbor could possibly uh switch the lights of formation whatever all of story non 2
years narrow talked currents attackers were able to take over feeling and breaks in that car In the next year likely it was only with physical access but sometimes it's not a problem along a recent story at some university there was 5 thousand devices talked to execute are the NSA quest about seafood why not soul what's special it's special because vending machines light bulbs light posts were involved so these devices where hard to breakdown working on this in uh University again this is
from like a few weeks before of from somewhere is built on the coffee machine so the story was like our technicians hold remote argument that there can monitoring system be in petrochemical factory a huge 1 was attacked by apparently around somewhere and admin about that's impossible because we have completely separated network and the technique action came to the kitchen to take some coffee not only to not is that the coffee machine displays the same error of the mean the same message of the are somewhere
so what turned out to be all so yes there was separated network for in for the monitoring system but someone connecting our coffee machine to Internet also connected it to the separated network so coffee machine was a breach between separated corporate network and Internet and this much in this is probably probable was just infected by around somewhere and then spread it to their the meant to be separate net net funny story or not the case so I don't individual DEF CON this
is Dr. from last year it was on the recent that it's this year so that the diurnal summaries yet but it didn't phase interesting anyway so uh 47 about in 23 devices of 21 manufacturers so 1 and the most interesting
ones and most of there was like the mall parking the must that around somewhere so if you want your house to be heated or cooled down they need to pay because otherwise uh you will not have you as conditions the door
locks that was a disaster almost every single available on market was packed for different reasons like passport appliances banknotes and transmitted without any encryption uh 1 of the device just opened the door when receiving uh distorted markets and so and recent stories from diesel previous models was that there was lot of of 1 of these Dora Oaks and it happened that it breaks devices like and that manufacturer claims that you can always use physical key
but if you can break break break even devices that we've just updated the something which gone wrong and solar panels Atticus
world have taken over 1 of the farms and they could disable it they also claimed that they put our steer it in this way that they could damages the
waitress are there are will chose which are somehow connected which can be remotely controlled our and these were also hot and some security measures where disabled like 1 speed limit and so on on some devices because we're even able to take control so that that's very and some toxin
larger scale but to die and the re the DOS attacks from last year um graphs on security forces but that this was 1 of the biggest the at that's in the history and it is believed that signify significant contribution of uh I devices was that the devices were like TVs VCRs and so on and they're and the same situation with me I at dark on bin that come on it touched uses
mostly in US about some of the uh some of us could also suffer from and in Europe in our own again it is believed that helped in devices played a significant role within this attack so why why the problems why is
it that this is this was the that recognition what the problem in the maybe in between but that was not in the script we the this the data itself
but why the problems because there are so many the happened vectors in this device you can happen to their weapons of mobile interface and constructive interface at you they can be captured by the other devices in this ecosystem they can be hacked to cloud connections because some of them don't uh and could lead they can be packed on destroyed by a bit man and is meant because most of them all physical access maybe not in your home but maybe in safety into infrastructure like are streetlights even so there's are some
numbers let's see all let's have a look at the research from HP Enterprise they claim and you can see in the artist the year of that 90 per cent of devised got information about environment and at the same time 80 per cent of them price doubts about security that's a lot that's me a lot and that's scary uh 70 per cent devices do not include communication not not in the cloud and 60 per cent of devices have web interfaces which are prone to attacks and of status updates are not
encrypted and probably also not signed to be sure of what they don't so another
research this 1 is from semantic I believe uh so the most common credentials for 2 devices so there's no wonder that so easily taken over and and
other research from PwC are this is our securities sovereignty they they they have among our IT director laws and so on uh people which have something to say in their companies about security and IT and everything around and they revealed that only 25 per cent of the
this companies I hope the security strategy and 28 is going to have 1 maybe sometimes uh and another scary research so this is not are
directly related to all our security but in sorry it's that 3 three-fourths of IT products are fairly and that there things not because of security reasons about what I wanted to point you that if the market is so hot so difficult the there is no wonder that sometimes and that's the most of the time but it's tempting to just
neglect security so if there's
so many problems call these IOT again and I also is everybody we need them Our because they're fun because they're helping us they're tho because
we have more comfortable life they help us and more money they help us few Morris that what ever so does city 1 answer almost everybody this IOT but then why pronounced it
IOT and this also just of this concept of this is for money but how they earn money on IOT so far as investor has also spying on companies if some companies is equipped with a lot of I to devices which are easily hacked it just helps to compromise network and finally getting to other devices there's no doubt of the users and this may be all of us like we have some biomedical devices on
cars which on our steps which count our which measure our heart rate and so on these this not if stolen may have really great impact on for example what issue and we are all 4 and how much does it cost maybe there is no examples member this knows disclosure of this point but if it doesn't happen right now what will happen in the future so as something which is kind of use and and it was even if I 2 devices for this but this is just another way uh buggery spine competition with things like is the user and the user is that potentially could have at home or or so uh so these devices also uh store some credentials some of them even still credit card numbers and so on and they are easily hackable so this is just easier to steal credentials from then and again what needs is devices can do arbitrary the internet request and they can easily become part of somewhat let's uh or to spam or whatever and from somewhere we already seen this on parties 2 slides that is this devices are taken over they may just in yeah extort money from users because they want to house house has to be heated or cooled down or whatever so why this why the
criminals prefer IOT over hiking and compromising other devices to 1st of all I like to devices are easier to find because most of the time they just announced the presence uh either by uh having some signals of over Wi-Fi or Bluetooth fool or other a transposed or you can just see them because they are attached to the wall they are attached to street lights and so on they are easier to compromise because most of the time there are small we low
computing power the fuel performance they cannot of for running of and virus they cannot afford uh running firewall so it's just easier to hide and to get into them that easier to manage also because they have multiple and interfaces most of the time they can have a Web interface that can have mobile interface some of them has to have our Telenet or SSH or whatever so there's just this is easy to match them and and In contrary Our not tools for example they were just 24 by 7 so even if we cut our laptop while compromised if we close if if you shut it down you put it to sleep it just won't spy on people it wouldn't it just not uh take part in the In the last part I but devices things that have been used devices are more so than just working you normally don't out completely shut down your uh garage gate or your boss or you don't completely part of purity so that they just look and it but they don't most of the time disclosed the fact that they were hacked because most of the time there is no no screen there for example in our door old or a doorbell on or gosh gate or whatever there is nothing which would say which would to point we view that this device was hot unless it's really what our of the criminals that practice want so they can be hacked compromise and still work and just do their work in background and they work in this case is not infecting quit from somewhere in the wing of the doses and so on and there is plenty of them there more than 1 device the human being from planets so that's just a lot of them OK
so on why it's easier to compromise this device as I've already said that they cannot defend this device is very often are much books size and with fuel computing power so they don't have anti-virus then don't have 7 layers so firewall and discount defend themselves so called 1 of and they just work operates in the so-called trust that for so many math manufactures say all our device is meant to work only in your home so if you have your network group that you don't have you don't need additional encryption on our devices but that's most of them not true because yeah in that way if you
talk 1 because of whatever reason you can have access to all of them because they are send their credentials just in plain text so that the just just using Our so easy configuration is also the selling point an because you're ground to mark cannot be just she can just configure the device so it must work just out of the box and to set up we know that we to set up security there is some work to be done and manufacturers in most of the cases just neglected and try to skip this 1 because otherwise they will not self and other tool reasons 2 stories 1 about Jack a web developer which has this who has not much experience uh it's now IOT device called the so this previous 1st problem at the time like 5 or 6 museums Villalobos work on I 2 devices and there is need for more and if the market is sold you it cannot be demanding because there's just no experienced work force so people with with no real experience and especially no XPS in secure coding they still do it because the there is no 1 else and snowstorm moved jolt who was electrician on in the factory floor and did they just shifts to him a tone of connected light bulbs and tell them to to history and nothing else right so again a lot of experience lack of trained staff big it's is the reason why it is easy to compromise because of 1st uh not cold of not a great and the quality and no experience to configure and deploy them correctly and again I just called a flock of fishery number yeah what we can do this is the and I want you the so we OK so I think we are receiving now
another lesson of history and another great uh researcher Mr. Craig Hoffman said we are repeating every single problem from security from computing given our now in embedded devices so we kind of know almost every think about computing but then there came embedded device and for some reason we just forgot everything and I think it's also frightening so what now
to just summarize all our and some of the traits which come do not from the intent of because we have some examples now to let's just do some theory they have been embarked or treat our privacy so and security so privacy would be that most
OK some of the devices given like TVs are Dulbecco's on and so on they listen to us they look at us just to listen to our voice voice commands to see our gestures but what happens with is that 1 can you be sure about that's not even about privacy in terms of heading this doctor by company behind this arm and these devices that because that's that's that's for sure and that's according to privacy policy we agreed to but what is devices are hot they can watch us and listen to us and they can so this doctor for some reason and then uh like share an out eyes out those uh surveillance there was 1 example that there were drawn used to inspect and elevation of high buildings How do we know that this loss will not act and used to been on at the inhabitants of this building for example and security in this is most common and meaning like how to devices are present for example in streetlights sometimes and quality of they are hot compromised or does not functioning they can easily lead to disasters sometimes so In the
general threats from out to devices are like this they allow allow us to recognize topology of networks and if you have anything to do with networks of of security you know that that that's very efficient weapon against metals and organizations and they can make easier penetrates networks also because if you are able to hot let's say uh come in Dessau comma of company which is outside of the buildings maybe on defense or somewhere there if you are able to hot-key sometimes even we if uh physical access and it's connected to the corporate network as uh it was already set it is possible but then they have easier access to 2 companies to
networks and also the yellow sleep attacks which are a special kind of about and that it was the inventor uh because of this I O devices of extreme smart homes that you just to make the devices never rest so they drained battery and malfunction or not function at all in in the results the lockout threats
so day as I on the set can recognize our habits and our lifestyle and got this information so this information uh for whatever reason to your mother and that's really scary a medical information like how where some character traits truckers over and step truckers and stop kind of story of this information can be sold for
real money to initialize comprise the companies for example and what else at this was already told that had been out of service on household devices just to disabled then uh to make them they have to make users pay for example for for and putting it back to work and must already said before but it's not obvious that they were hacked so they may we have ends disclosed this just after 2 weeks or months in in the very worst moment like during the heat wave for example and this is for example more likely that you pay for enabling cure air conditioner doing keep and
so this where all continents want our public our soul I would dimensions of sizes of public infrastructure and this may be used against with slides uh this maybe sometimes uh we know that our on bosses uh like public transportation's there are competence now and into to this competence to this networks and drivers can receive orders what if they just get really all this to all to do go go with all losses to the sense to it also on this may be a disaster and enabling many devices at the same time right it I think you have to already on there was attempt to
do so enabling the uh many many air conditioners at the same time which was about to lead to a black because of a high energy consumption and another topic it travels on media consumption lying uh forging and the measurements from your water that twist the arm air consumption Arnold rise server civilians also how our IP cameras at home have such surveillance cameras in city and or a factory or whatever I'm in was attacked what you and it's good OK some of those most of them will not even not it's because this is how this
device work this is how they meant to be sometimes they are just there and there are meant to forget about them they do the job but sometimes the compromise than don't
so this is again but maybe maybe we're not too far away from this on so finally I would
try to tell you what can you do to make it better that is a little so to secure
Internet of Things devices you need to answer some questions what does it do besides it's our obvious functions good so what are the connections
What are the transportation layer uh like what are the destinations of the networking is it not only lock Isaac cloud or whatever separation so I want to mention that most of these devices Men's to function in so-called networks but it's sure most of is it to every time or even the biggest knock on a will still they behave like they should or maybe the exports to much to close then and lifetime and life cycle of the and devices and you need to know these things about every device he wants to protect so the hammering sure what to do now and my however feeling this at the OK so in 1 way on or another I already mentioned all this but this is
a summary so 1st of all if you want your device to be secure and this is also a both on the manufacture or consumer perspective you need to care about security of on each stage of development is more on the manufacture aside so you need better called if you cannot afford to best specialist atleast use some well-known tested frameworks so those lower possibility of bytes and failures or
artist obvious box of standards for interoperability this is important because there are so many devices now on market and they use so many different are operating systems transportation layers like some use Wi-Fi summers we'll pull some news z-wave if someone some use it and others an NFC z and so on there's us plenty of them but at some point constant wants to put them together to to walk together and this leads to create some in the top of RDT layouts and these Our sometimes or from my experience most of the time just about called this is called in sight of a company which has at ad-hoc needs to just put something together so they Hough some Python scripts together just to make it work with no a security mind with no and testing can mine and so on they just want to quickly to work so if we had some standards there we could avoid some of the problems of this certification and so I these 2 new topic but there was no discussion at this moment at his nothing serious about certifications we all knew no doubt for example our our credit cards spending hours are certified and they wouldn't be held on market if they are not certified maybe we should have something like this we file to devices so to be sure that they just said or written and save them so there is also some special kind of an embedded or to devices which are so tiny and their function is so uh maybe not minor about a little that they can just the disposable so if we can create very low-cost devise very inexpensive devices this could solve some problems with objects for example if and we we have some bottom this device can just throw it out and buy a new 1 uh and that's 1 of them In what 1 of the solutions to update sometimes if we can afford this of course and Fog computing this is something between local computing can and cloud computing so instead of connecting all our little devices our tools clout directly there is this fall computing which down is something conference into the organization level so is set of directly connecting to to plant we have some intermediate layer where all of our maybe less secure devices are connected and these are never exposed to also toward that may also be sometimes solution so there are also some
other ways I would then together on another slide because apparently I don't remove them but some people just add advised them so dedicated closed system and this is smallest security and by Hoechst obscurity again with the same
with the transportation layers but it at some point it might help but this is only if the device is probably not very popular among users of or just inside organizations on and so on but you can go for it it works for you so if we know
what we need to do we also need to
do what prevents us from doing q so box on all my everybody who works with and knows that there are spikes and there are always going to be box and to solve them just provide objects but that's pretty tricky sometimes especially in the embedded devices where there is maybe not all the time connection internet connection maybe there's some things that you have enough
computing power to to Donald this uh all or unlock the these uh of it's sometimes there might be not enough computing power to decrypt them or what or vortex signature so you have to take it into account if you are going to provide of this and you should you should do we provide updates you need to ensure that you can do it in a proper way like not break devices like not accepting cannot signed um updates and so on Our so again folks time probably these devices cannot defend themselves so as you have to on worry about and you have to keep an eye on them in different ways so maybe putting them all together is some protected parts of network and maybe Dr. to expose them directly to the cloud and so on and you need to know how they work what are they drawbacks what are the limitations to know how to care about them and this is very often neglected somehow even in organisations not only at home at an and devices are publicly available so direct physical access when you can just come with your wires which of the by the and whatever uh it's really hard to to protect versus against this kind of attacks by of at least if it's for ample safety infrastructure you should try I'll again lack of this
compatibility doesn't help I will not go through it again and users should not be forced to provide their own article compatibility and lack of experienced professionals and other time I'm repeating myself so if you cannot afford to specialized maybe just use try to use something which is best that's all other
problems and these are abstract somehow but also important OK so we have centralized electricity grids so if you want a device to be long running it either has to have our good starting we all do you really our good at power-saving can so on so you can't just put your device in the middle of the desert so that that also needs to be keep in mind our dependence of
smartphones some guidance especially wearable depend on false and this also is kind of but maybe not a problem but some things to do some thinking you to uh care about and something which can is completely different distinct topic ethical and legal problems I believe today or tomorrow there's going to be so presentation fully on this topic I'm just going to say that there are these problems and we I T at the current legal and for example Our NSA uh director so he does admit that some time last year that NSA is uh hiking can biometrical devices to proper prevent tool to help uh preventing the terrorism order of their different examples like for example is fully is allowed to are tune request information from our home devices for example to testify for or against us if we the had our alibi lake where we have a home or we we're not what what do our devices say about this and or some of those like can our at our coffee machine is close our over a usage of coffee to issuance company or can our as that StatCounter disclose that we just moved to do too few to our doctor or whatever so this this is completely at distinct but also in its to be taken into account the and really
quick now I think it would have little time so when you let's not repeat also this information but I just wanted to say that you can
always you have some impact on the situation and you can just vote which your wallet like in ultimately if it
was last year old and that even previous 1 of them died there was survey among on car owners support the future owners and most of them said that they care about security and they are all afraid doubt their common might be hacked so ultimately if in US there was alliance that they just have their own money while as they have been uh conferences to speak about this tool to have a good and uh overview of this topic and after this all right there we started to care somehow
all there are some of uh tries to own do it from legal away like this European Network and Information Security Agency this is very new 1 and they admit that there needs to be some law and behind the usage of this uh IOT and 2 other connected devices but that there was only some proposals you can see them the also the science of Internet of Things innovation the system initiated by the European Commission as well but this is this is not a commercial organization but this is supported for like half of the Fortune for of hundred companies uh there are not strictly for security but is there is something which consolidates and uh to work together for prompt for but uh how to
devices and there are some guide books like like what should you do to have your devices more secure you can also read them if you are interested in the 1st and that seats
arms not sure if you have time for questions well thank you for your
attention waste thanks to without here in OK so we would have some time so if you have some questions his husband no the in OK and sorry I was 1 of the few it this was in the original and all you by the other I the things here in the world today and the 1st of the a in OK if I understood correctly this was uh somehow and discussions started at all uh certification possibilities and the and the concerns about the uh so yeah I agree that in our certification is something which takes much much time but In the end this is on the way you could forests something because our I said before if manufacturers are left on their own and they just says that the devices and the 1 which is easier to use the sold over the other and if there is no need for certification there's no need to keep some level of security but this is probably not going to happen unless there are some serious consequences of having no security and so yes I agree that this takes time and we may be running out of time but but the sooner than I mean but later than never and in the meantime maybe some other so some of the factors can do on their own but at some point maybe in 2 years maybe in 5 years there is some baseline to stick to that's what I believe so now we just have to vote with our wallets so impose something on the manufacturer's when their legal parties like European Union where actually there are not at this moment but maybe they will and that would be and there but it will but better situation for now it's rather up to us and to say or to to show which devices which was also are not OK kind of like the the you the name of the we use the unit this work and on if I knew or maybe we wouldn't be here because said there would be no problem I the security but if you cannot convince them so a sacrifice to devote some resources like man hours maybe you can try to convince them to use something which is already tested like frameworks or an operating systems which are meant to be an to be of generic and secure I have some of that this some of these are protocol some of
these are even a full-blown operating systems some of them are just frameworks but if the company doesn't want to devote all their resources
tools security maybe that's the idea to do something which is already somehow tested and somehow more secure does it help some of human and that the the this is the author of the the
OK so thank you very much for the
nice thing you don't need me I