IoT VILLAGE - Exploiting the IoT hub: What happened to my home

Video thumbnail (Frame 0) Video thumbnail (Frame 2083) Video thumbnail (Frame 3002) Video thumbnail (Frame 4488) Video thumbnail (Frame 5169) Video thumbnail (Frame 6970) Video thumbnail (Frame 10739) Video thumbnail (Frame 12381) Video thumbnail (Frame 13411) Video thumbnail (Frame 15052) Video thumbnail (Frame 15827) Video thumbnail (Frame 18578) Video thumbnail (Frame 20903) Video thumbnail (Frame 22182) Video thumbnail (Frame 23184) Video thumbnail (Frame 23993) Video thumbnail (Frame 25181) Video thumbnail (Frame 25882) Video thumbnail (Frame 26703) Video thumbnail (Frame 27641) Video thumbnail (Frame 28332) Video thumbnail (Frame 29658) Video thumbnail (Frame 30534) Video thumbnail (Frame 31440) Video thumbnail (Frame 32461) Video thumbnail (Frame 33131) Video thumbnail (Frame 34002) Video thumbnail (Frame 34977) Video thumbnail (Frame 35668) Video thumbnail (Frame 36726) Video thumbnail (Frame 37471) Video thumbnail (Frame 38272) Video thumbnail (Frame 38998) Video thumbnail (Frame 39925) Video thumbnail (Frame 41354) Video thumbnail (Frame 42117) Video thumbnail (Frame 43695) Video thumbnail (Frame 45397) Video thumbnail (Frame 46313) Video thumbnail (Frame 47010) Video thumbnail (Frame 50485)
Video in TIB AV-Portal: IoT VILLAGE - Exploiting the IoT hub: What happened to my home

Formal Metadata

IoT VILLAGE - Exploiting the IoT hub: What happened to my home
Title of Series
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Release Date

Content Metadata

Subject Area
In the home IoT service, the IoT hub is an important device that links users and various things in the house. What are the security threats to these hubs and are they securely configured? This presentation explores the importance of targeting IoT hubs in the home IoT environment and the role and features of the IoT hub in the IoT environment. We will explain the analysis process and related issues about the vulnerabilities of various IoT hubs discovered through the research, and present the threat scenarios that may arise in the home IoT service. Finally, we will talk about what security factors to consider in a home IoT environment, including the IoT hub, and how to solve them. We found various 0-days (Buffer Overflow, Command Injection, Local Privilege Escalation, Backdoor etc) for IoT hubs in terms of STRIDE threat model. In addition, we can show the practical threats in modern smart home by exploiting the IoT hub.
Cybersex Trail Presentation of a group Open source Expert system Student's t-test Computer programming Software Electronic meeting system Cuboid Theory of everything Information security Computing platform
Type theory Vulnerability (computing) Presentation of a group Different (Kate Ryan album) Real number Mathematical analysis Plastikkarte Mathematical analysis Data structure Virtual reality Thermal conductivity Vulnerability (computing)
Ocean current Authentication Injektivität Game controller Process modeling Denial-of-service attack Code Number Internetworking Software Internetworking Personal digital assistant Website Router (computing) Proxy server Router (computing) Personal area network Vulnerability (computing)
Server (computing) Code Online help Plastikkarte Element (mathematics) Different (Kate Ryan album) Internetworking Flag Data structure Traffic reporting Vulnerability (computing) Area Mobile Web Injektivität Host Identity Protocol Information Mathematical analysis Plastikkarte Multilateration Data management Software Integrated development environment Personal digital assistant Data structure Resultant
Authentication Server (computing) Service (economics) Multiplication sign GUI widget Plastikkarte Funktionalanalysis Cartesian coordinate system Exploit (computer security) Connected space Process (computing) Telecommunication Spherical cap Diagram Smartphone Quicksort Communications protocol Communications protocol Computing platform Wireless LAN Router (computing)
Point (geometry) Injektivität Server (computing) Service (economics) Remote administration Proxy server Stress (mechanics) Sheaf (mathematics) Plastikkarte Mathematical analysis Control flow Mereology Chain Read-only memory Well-formed formula Personal digital assistant Semiconductor memory Chain Communications protocol Wireless LAN
Injektivität Information Personal digital assistant 1 (number) Sheaf (mathematics) Cartesian coordinate system
Default (computer science) Dataflow Server (computing) Key (cryptography) Divisor Sheaf (mathematics) Process modeling Stress (mechanics) Bodenwelle Line (geometry) Process (computing) Data flow diagram Circle Table (information) Communications protocol Metropolitan area network Computing platform
Addition Vulnerability (computing) Strategy game Mathematical analysis Mathematical analysis Instance (computer science) Vulnerability (computing)
Multiplication sign Process modeling Image registration Public key certificate Web 2.0 Semiconductor memory Information Process (computing) Vulnerability (computing) Flash memory Binary code Data storage device Funktionalanalysis Process modeling Connected space Web application Data management Telecommunication Remote procedure call Slide rule Server (computing) Mobile app Service (economics) Computer-generated imagery Flash memory Virtual machine Exploit (computer security) Mathematical analysis Product (business) Twitter 2 (number) Well-formed formula Wide area network Gastropod shell Queue (abstract data type) Firmware Form (programming) Computer architecture Addition Vulnerability (computing) Information Key (cryptography) Plastikkarte Core dump File Transfer Protocol Uniform resource locator Personal digital assistant Gastropod shell Internet der Dinge Wireless LAN Communications protocol
Default (computer science) Demon Computer file Variety (linguistics) Debugger Password Login Funktionalanalysis Binary file Login Type theory Uniform resource locator Telnet Different (Kate Ryan album) Well-formed formula Function (mathematics) Password Personal digital assistant Gastropod shell Configuration space Gastropod shell Reverse engineering Vulnerability (computing) Default (computer science)
Equaliser (mathematics) Flash memory Login Computer configuration Root Computer configuration Password Gastropod shell Gastropod shell Booting Error message Task (computing) Physical system
Random number Scripting language Proxy server Computer file Authentication Process modeling Coroutine Computer programming Web 2.0 Uniform resource locator Forest Process (computing) Local ring Proxy server Vulnerability (computing) Buffer overflow Data type Authentication Validity (statistics) Mereology Funktionalanalysis Cartesian coordinate system Category of being Uniform resource locator Process (computing) Software Personal digital assistant Network topology Partial derivative Backdoor (computing) Computer worm
Injektivität Authentication Email Injektivität Proxy server Code Authentication Parameter (computer programming) Parameter (computer programming) Funktionalanalysis Focus (optics) 2 (number) Uniform resource locator Medical imaging Uniform resource locator Function (mathematics) String (computer science) Remote procedure call output Proxy server Physical system Router (computing) Vulnerability (computing) Physical system
Injektivität Dataflow Principle of maximum entropy Parameter (computer programming) Stack (abstract data type) Funktionalanalysis Code Force Medical imaging Function (mathematics) Memory management Vulnerability (computing) Physical system Buffer overflow
Point (geometry) Constraint (mathematics) View (database) Software developer Programmable read-only memory Funktionalanalysis Parameter (computer programming) Directory service Perspective (visual) Personal digital assistant Function (mathematics) Backdoor (computing) Physical system Backdoor (computing)
Scripting language Scripting language Serial port Computer file Process modeling Set (mathematics) Login Root Root Logic Kernel (computing) System programming Normal (geometry) Arrow of time Gastropod shell Local ring Physical system Partition (number theory) Local ring Vulnerability (computing) Physical system
Authentication Dataflow Server (computing) Game controller Proxy server Demo (music) Code Software developer Element (mathematics) Process modeling Connected space Product (business) Coding theory Gastropod shell Gastropod shell Remote procedure call Proxy server Address space Buffer overflow Reverse engineering Vulnerability (computing) Computer architecture Data buffer
Authentication Dataflow Statistics Demo (music) Gastropod shell Remote procedure call Traffic reporting Proxy server Connected space
Proof theory Web service Computer file Code Demo (music) Gastropod shell Content (media) Flag Remote procedure call Exploit (computer security)
Point (geometry) Authentication Wave Game controller Wave Information Telecommunication Authentication Communications protocol Control flow Vulnerability (computing)
Game controller Mobile app Process (computing) Demo (music) Information File format Control flow Cartesian coordinate system Mereology Open set Computer worm
Mobile app Service (economics) Information Demo (music) Computer configuration Demo (music) Process modeling Cartesian coordinate system
Scripting language Proof theory Game controller Demo (music) Demo (music) Musical ensemble Connected space
Point (geometry) Telecommunication Server (computing) Demo (music) Personal digital assistant Encryption Control flow Message passing
Server (computing) Key (cryptography) Information Server (computing) Demo (music) Control flow Telecommunication Personal digital assistant Telecommunication Personal digital assistant Encryption Message passing Metropolitan area network
Area Server (computing) Algorithm Information Key (cryptography) Code Shared memory Control flow Proof theory Message passing Personal digital assistant Encryption Encryption Asynchronous Transfer Mode Physical system Data buffer
Vulnerability (computing) Dependent and independent variables Server (computing) Information Demo (music) System administrator Internet service provider Computer network Leak Data management Connected space Message passing Password Information Communications protocol Communications protocol
Point (geometry) Service (economics) Server (computing) Information Demo (music) Server (computing) System administrator Weight Demo (music) Electronic mailing list Password Denial-of-service attack Web 2.0 Category of being Mathematics Root Personal digital assistant Permanent Password String (computer science) Information Communications protocol Physical system
Pairwise comparison Default (computer science) Mathematics Password Weight Absolute value Hacker (term) Density of states Pole (complex analysis) Default (computer science)
Web page Data mining Personal digital assistant Radon transform Code System administrator Computer hardware Data mining Open set Device driver Mereology Vulnerability (computing)
Digital filter Presentation of a group Dependent and independent variables Password Rule of inference Code Software bug Revision control Goodness of fit Hacker (term) Visualization (computer graphics) File system Uniqueness quantification Office suite output Information security Software bug Serial port Meta element Dependent and independent variables Uniqueness quantification Mathematical analysis Maxima and minima Visualization (computer graphics) Password Self-organization Encryption Information security Firmware
Presentation of a group Pattern recognition Machine learning Service (economics) Time evolution Computer-generated imagery Plastikkarte Information security Information security Form (programming)
so hello thank you for coming to our presentation we're going to talk about exploiting the IOT hub which includes attacking this merger by compromising IOT devices and some countermeasures for this attack and I know that the article is also running dirty track and see a track and maybe this toe is healthier for those who are participating the Tres
so my name is Finley and I'm a graduate student of HL lab at Korea University and I like to play CDF and I'm currently participating at F consider final as deaf karate and I've been researching on open source software targeted for seeing and contribute to software security by reporting the found box and I got some CVS and I'm also interested in embedded security such as IOT and SCADA and so forth and we are also mentio best of the past also known as b.o.b program which is a cyber security expert educating platform in Korea hello my name is Chanyeol I'm working in a cyber security consulting team at the company UI Korea I'm a graduate student of a sunken Khan University and I'm so excited but also a little nervous keeping my first overseas presentation thank you thank you
so now we'll introduce our agenda of this presentation we briefly explain the structure of smart home after the introduction of just over at all and we'll analyze real world history of press they may arise in the virtual environment nest will conduct vulnerability analysis for different IOT devices we found 20 vulnerabilities and we'll describe their types and will suggest visible text scenarios by training these vulnerabilities then we'll briefly outline the countermeasures required to prevent these attacks and conclude this talk so
no let's get sorry in 2016 there are
mental infections targeting IP cameras and home routers the attack target against a large number of Adar connected devices to or network which was used for large-scale DDoS attack in fact the availability use for this attack is quite simple but fairly critical attackers can easily compromised the those devices just by prefer seeing the pastor of italia with meas that there was no secret consideration in IOT devices in 2017 a new internet things bond network called Persei has been discovered targeting over 1,000 IP current models the useful of it for this attack was command injection with authentication bypass and approximately 120,000 IP cameras were found vulnerable however the worst is many of these vulnerable users didn't recognize that their IP cameras were exposed to the internet there are the cases of text on
different routers which are used widely in the world even the exploit codes were released on the exploitive website these are tech insists of only two vulnerabilities as well command injection and authentication bypass where you needed to compromise the routers likewise attackers can download and execute a mole on the device and build up sensible Network to fully take control of the devices remotely so now
let's focus on the secret of smart home you know the IOT hub which connects all the small things the same network area and communicate with the remote server for management is considered as vital element in the in smart environment the hip hop device is also connected to the Internet which means it can be attacked as the previous ayat exploit cases if an external access report is open or attackers can access the same lateral area in fact Cisco Telus intelligence recently released for mobility analysis results on Samsung smartthings hub device the fund Bonneville is included command injection / follow information leakage and this follow beliefs can be chained together to form a false flag code compromising the help device so as you know the allottee threats are still ongoing and countermeasures for these threats you could consider urgently I think so we have conducted free analysis and found many vulnerabilities for they have devices and way from different manufacturers and we want to share the results from now on yes next I will talk
about the structure of smart home
according to this diagram smart home services can be broken down into application platform server IOT hub I all the things there are times when there is no need for a IOT hub but it is present embossed smart homes I will now
explain more about the IOT hub in detail IOT hub manages small devices in the smart home I supports wireless protocol like the za ZB Wi-Fi Bluetooth and Sarah also to connect to a flatworm server Aug Stivers provisioning protocols this protocol includes tr-069 MQTT CoAP HTTP on m2m and custom protocols yeah next is the process of IOT ha the IOT whole process is composed 4 steps oppressed smartphone Sbisa we register the IOT hub with the server and second the IOT hub proposal user authentication to the server sort the IOT hub and the things consider the process of pairing finally the users is able to access the things through the application so far we have covered the functions of the IOT hub in smart homes and now we will bring why we chose the IOT hub as our target our first listen is the was the IOT hub is taken over e to some very possible to take over everything connect to the hi because of this there would be many possible scenarios are like louder exploitation furthermore we may sit through the exploitation of the IOT hub we would be able to have typical wireless protocol such as Siri or lastly our most important reason for choosing our target as the idea was for Bonnie
now we will find out more about the smart home huh and the price per ear stress disappearance shows that existing
smart home services I have separate the threat into two crafts the external parts which is outside the home and the internal parts which is inside the home I have only include the points that were important in my opinion yeah yeah in the Easterner section the primary threat to supply chain attack or formula server and see user as by pests and men in the middle and the e2 intersection there are memory corruption command injection where PE more many domitor and very important threat is remote control of things and now we will consider clear example of a strap in each section this case is on mobile
application on example of a strap at a Kanako outside outside the home one is able to control another devices using one's own application
there are two example in the internal section we will first examine the one concerning the IOT hub or recently many availability is helping case covered in the Samsung IOT hub this increasing threat is RCE thus information this creature and injection this one was discovers in the
sea in the sea wave which is a wireless protocol it is using the default encryption key man in the middle attack was possible and now the first has been Patchett let us take a closer look at
the IOT hub children more precisely and carefree into potential threat of the IOT hub we do tread model based on stride as you can see in the flow diagram the IOT hub indicated by the dotted line is connect to the other section include the platform server platform server and things the IOT hub was many processes and flow so process process is a circle just line is post applause lot of stress and other factors exist because of this yes in the table
below which strategy explained now we will talk about this in detail Sudama story 2 is the potential likable in fulfill addition or preparing we will now present a specific example of an instance when t-strap was properly exploited my partner p1 we take will take it from here yeah so from now on
I'm going to talk about vulnerability analysis for IOT hub we analyzed what
are for products for each product the MC or architecture is classified as a ramm it's also a Jew a Wi-Fi politics and RAF are used for wireless communication between IOT hub and smart devices and the IDF transmits the trace status information of the device such as for information certificates and secured keys and so on to the server we are provisioning so that the remote server can't manage the device such as automatic update device registration connection and communication with mobile application so company a uses TRL 69 as provisioning that is customer premises equipment wide area network management protocol also known as it wmp and this will be is play more detail in later on on our slide and company uses the MQTT protocol and PTT is a machine to machine Internet of Things connectivity protocol and it was design is an extremely lightweight publish/subscribe messaging transport to manage the iot of devices there are management services in the form of web application or something else and when a web applications are usually developed based on officers such as ma go-ahead for web server and light httpd but nowadays it seems to be a trend to customize the source or develop the service directly from the manufacturer in addition we confirmed whether it can access to the debugging shell for remote or you are CRT body port as you can see we can get a debugging shell by you are for all of the target devices so there are six
steps to analyse IOT of devices first of all it's check the former because the functions need to be analyzed are usually embedded in the former second acquire command shell for debugging when you assess the shell you will notice which processes are running as a queue all those who mainly handles lots of requests and once the main binary is extracted we can analyze the vulnerabilities and finally exploiting there are roughly three ways to instruct a farmer through the provisioning their remote storage has the formula button of the hub device and performs automatic update when diversity is not up-to-date at the same time the updating formula URL information can be obtained and the firmware can be downloaded another way to get the formula is using the you are debugging port as it can run all commands in the debugging shell we can instruct the desire binary through commands like TFTP FTP care currency and so on also we can use JTAG instead of the you are but we'll skip it because it's too expensive so if the both methods are impossible there is a way to dump the flash memory directly there are many ways to dumping the flash memory in our case we used Arduino Uno Tom we don't equipment in addition we can also remove the flash memory chip through the disordering for memory Tom next we did
you acquire a debugger shell usually using the URL method sometimes it's easy to get a shell if telnet or SSH is opened and it says it set as a default account which can be easily cracked and the variety exploit is type of vulnerability and usually a
login account is required as you know when accessing via you are or tell it then how to log into the shell let's suppose the formula is extracted already obtained in a different way yeah we can search the hard-coded password or check the password T by reversing the relevant binary containing the location related functions sometimes the passer is written in the config file and we can find it easily now what if
you cannot get the formula or do not know the password is there a way to locate even if you put spoodle a option is set to zero you know you boot is a boot loader pending lots of tasks such as system initialization current loading and execution normally if they put the late option is set to enough we can get it to put a lot of prompt and change the corner in is a booting option but otherwise we'll have to shorten and flash chip is the principle that connects between ground PD and the particular pin of the land ship because it's and current loading error and can lead to pull all the prompt after Ettore Bugatti prompt we
can put a argyus options by adding indeed equal P in SS 3 and then we boot then looking at the UART upon the shell with the root account
next identify may process since the program startup commands are usual defined in the start of street file we can easily find the main process the network status check command tells you which approaches are open and which processes are running there are five
categories of vulnerabilities we have found let's take a closer look at each one when sending a payload to a web
application we usually validate the session value and we can bypass the authentication with a simple you are a tree as you can see if the URL if the request URL and the inta CSS that gif jpg and etc the function of validation per session is not cold which means we can bypass authentication routine in some cases the program itself creates a session value with non-random in this case we can bypass the authentication by generating a forest session value in
fact this is one of the vulnerabilities using the recently released you from our exploit as you can see the first vulnerability is authentication bypass this was done by putting customer images strings at the end of the URL attackers could easily bypass authentication by inserting certain keywords into the entity URL and succeeded in remote code execution with the second vulnerability command injection
the most common but fatal vulnerabilities command injection the vulnerabilities could be implemented literally by inserting arbitrary commands into certain headers or parameters this can be this can reliably execute echoes without the need for bypassing mitigations like DP and a0 as you can see in the image if you inject a comment into a certain parameter it is passed as an argument of the system function without sanitization the resulting command injection so as you
can see one simple command injection makes it possible to access to the system remotely this is the most attractive vulnerability for attackers
now this is the very typical vulnerability perfil flow in fact many of the IT devices we are analyze it and have secure coding applied so we focus on the vulnerable functions like searching copy s printf mem copy and so on to find powerful flow as can be see from the image below the functions are used quite a lot now on some devices we
could find functions that simply ask your commands this function is assumed to be used for debugging from the perspective of developer however it is considered as a backdoor from attackers point of view I like most cases even this picture the name of the function is too clear that it is a backdoor however the function is usually hidden and some constraints should be mapped to it skip commands
likewise you can control the device very easily as you can see we assert to command creating directory on command parameter then we can create the directory successfully
Lesley local previously escalation vulnerability there are many ways to elevate privileges on Linux embedded systems sometimes in an embedded system the privileges are separated as root and user so they have certain processes running with normal user account in the account access to tell it is a normal user account elevation of privilege is required to SQL commands instead of least current partition will show you privilege escalation by using a logic or park which is user own script file executed as a root account as you
can see the user account is Lynn arrow it's a normal account and the are Sita local file is a startup script that is executed with root permission and it executes serial Dallas's file as a command however the serial data set is a user owns file and can be modified as normal user account if it a command to change the pastor of the root account into the serial diocese file then we can access to the system with root account in root account successfully based on the found
vulnerabilities we can develop a final exploit before flow can be exploited to remote code execution to do this our technique and Charcot development are needed so you can run shell code by chaining three gadgets that control specific registers get the address of the shell code on the stack and jump to the shell code this code is a reverse TCP connection chakra for MIPS architecture that allows you to execute commands from a remotely connect to the server so we have developed a complete
exploit for company a hub product and we will demonstrate that we can fully take control to have device by combining the authentication bypass we have buffer overflow so in first demo will show you
the company a scuf device is fully compromised by perfil flow and authentication bypass so mmm the left side is attacker sigh so we have to open the port Alice report from remote liver statistic connection and the right side is a tell accession
for checking the our exploit is success and this is the UART debugging shell also checking the exploit its accessibility and the middle
side is attacker side and execute exploit code by setting target IP the target IP is a web service of the hub
device and we can get a remote shell for proof of concept we create a flag pile
as content pond and as you can see the flap file is created successfully and the content is the same and also in the URI pony show so as you can see we can
execute any commands as you want so we compromised the hop device successfully
so now let's look at which attack scenarios by scenarios are possible with the identified vulnerabilities first it
is the scenario that controls the themes if an attacker gains control of device all IOT device is connected to the hub can be controlled usually hubs and devices communicate wirelessly by jet wave GP and RF but there is no authentication between them so we can leverage these points too many plate command packets to control devices or for status information
as you can see the huff device recognizes the specific part of the packet as control cold and based on this it gives a certain command to the relevant devices also if the main process is implemented as job application you can see that the payload is also sent in a specific format so by delivery packets based on these formats we can control the devices as you want so this is second demo this is door
opens answer in this demo we will show that we can for status information of the smart things and it can lead to false information on mobile application because the company the company only
service for Korean customers so the mobile application supports only Korea so please understand there and we have subtitle as English so as you can see the application tells the door opens sensor is open however if we send the packet that includes close the information for the sensor and you can see that the
application status information it's just first but still the tour processor is option and the next demo we can
disconnect the Smarties by sending this connection packet to the hoth device so [Music] yeah as I said before demo you can disconnect the device and we can also
control the smart balls is the P Leafs to bridge and the smoke light if you compromise the hop device you can analyze many common packets and some counter packet to the connected smart things for the proof of concept we developed Python script yeah to control the light pole at first we can turn on the light so and also you
can adjust the brightness of the light pole and so if you said oh sorry sorry
if you said the point is s middle the the prime is you will be team and also you can turn off the light and you can
flash the light bulb also so this means
you can control the device as you want
if we compromise the hub device then
let's look at the cases encrypted communication between the server and the hub since the up-to-date devices are communicating with servers as in created as SSL or TLS there is no useful information to be structured in the case of man in the middle however one of the devices we have analyzed uses kiemce that the IOT hub itself generates as toward the encryption key in the device which means that the packet can be decrypted if the if the hobby is compromised
so we analyzed the in Christian algorithm and found that it is a is 128 ECB mode this is a symmetric key ciphers so the server and the hub share the same key coincidentally there was a perfect
for permeability in the hub device which you could take over the system and instructor 16 pi decryption key so as
you can see the data area the packet is encrypted for proof of concept ace a year's 103 and 28 is to be modification algorithm was written in C code and the corresponding message is decrypted by entering the extracted key values this can be used as a scenario for disconnecting a hot device by sending a first information to the server so my personal channel will tell continuously
hi I'm Bacchus this scenario is the merit of better or some ID Hobbs uses TR o-69 protocol for provisioning with the server when the server and I article shall communicate the HTTP response message is changed this post with the hops critical information we will show the admin where passwords in the next demo oh sorry
yeah TR o system protocol is associate we are two HTTP discussed with the server after ossification change the HTTP list past this point yeah change just as the server ask for information this will as Hubble is disclose the property Ottoman web passwords and the string is more sorry this is a web admin password and we dropped a packet it's so simple men in the middle demo these
probabilities may be used in planet because it's IOT devices are connected to internet which means that those can be you use purple net not open that have a cold since the be ripe on the case yes
let me take a closer look at the IOT pond that it detail firsts IOT pole net is increasing upon the such as we're i Hajime and the moon continued to be found last year Barry I would more way were discovered second the IOT attack math salt includes Saturday on the Atome bap one day on the oppressors and this comparation like the same password default password and sir the attack purpose is evolving in the beginning I owed upon that use tit?s but today use used as PTO's land somewhere and by the poor finally many countries causing damages like Veerappan net so how about
the IOT hub will be found we search with this searched through each other we haven't found much 70 soldiers devices has been exposed also to the
vulnerabilities of IOT hub can be used as a mining pool there are cases where Bitcoin was mined through open wrt premier of course you need hardware supports for my knee it is just one of the many scenario two weeks ago the
article came out it was binding through micro fee devices according to this article there was a minor code on the admin web page micro tech devices like this example my nipples can't damaging devices or users maybe the IOT hub is also possible final parts of our
presentation will tip IOT security how
should you be security I think just just I think there are three necessary steps to follow device security and compliance and detect of anomalies and trap the first is device security each device indeed each its unique password at amoeba and the Wi-Fi password most all with different issue following password rules debugging ports like yurt je t'ai must be T said for cost developed individually secure coding is absolutely necessary and if we have an officer's it must always be updated to its latest version we are able to easily carry out our analysis because three out of the four cooperation had not encrypted in their respective premiers and then even it put a hacker obtain the premier the file system is will not easily be obtained second about compliance IOT security guideline meta international organization must be followed it is good to keep this guideline as a reference because they explain the security of the IOT ecosystem good guideline to follow it is least ir a 200 made by nist about we should not stop here terror Tokai drain or minima as security must constantly be maintained third one must be already one must be ready to deal with anomalies and stretch attention to detect anomalies and threat one was to develop following data collection called intelligence analysis as automated response and visualization so is
conclusion over our target our talk sorry our talk to level our presentation
we found many different threat the IOT ha and smart home services increasing to to technology like the voice recognition AI and machine learning furthermore the IOT hub is evolving to the forms of AI speakers and WordPad this is good news for us we have plenty of research to do in the IOT security we're afraid that more findings and research about security in the future here are the rarest and special thanks to an Astra tsingy Bonnie and boomba Park thank you for thank you for listening to our presentation if you have any question we are happy to take that when you come to us please yeah we are always open thank you [Applause]