IoT Security And Privacy Challenges
2y ago
72 Views
1 Downloads
7.19 MB
59 Pages
Report/dmca
Download PDF

Transcription

IoT Security and privacy challengesAdel Abdel Moneim, MBAITU-ARCC Cyber Security ExpertSCCISP ,CISSP, CISM, CRISC, CISA, CGEIT, CCISO,SABSA-SCF, CEH, CCSK,CHFI, EDRP,CSA ,ECSA, LPT,CND, ECES, CCFP-EU,PECB MS Auditor, SMSP,ECIH, Master ISO27001, ISO27005LRM , ISO31000, ISO27032 Lead Cybersecurity Manager, ISO27035 LIM, ISO38500 Lead IT CorporateGovernance Manager,ISO24762 LDRM, CLSSP, ISO 29100 Lead Privacy Implementer, Lead Forensic Examiner, Certified Cyber IntelligenceProfessional (CCIP)

Definition of IoT[WIKIPEDIA ] The Internet of Things (IoT) is thenetwork of physical objects or "things" embedded withelectronics, software, sensorsand connectivity to enable it to achieve greater valueand service by exchanging data with the manufacturer,operator and/or other connected devices.[ OXFORD ] A proposed development of the Internet inwhich everyday objects have network connectivity,allowing them to send and receive data.

The internet of Things moves in

IOT Attack newsADEL ABDEL MONEIM [ adelnet2k@gmail.com ]4

IOT Attack ttacks-cost-the-uk-economy-1-billion/5

IOT Attack news6

IOT Attack news7

IOT Attack news8

IOT Attack news9

10

Smart Home &Wearable devices

IoT in Health

IoTin Agriculture

IoTin Education

IoTin Traffic

IoT in Retail

IoT in Smart City

IoTBasedWasteCollection

IoT Based Pollution Control

Smart Dust Bin in London

Smart Dust Bin in London (Cont.)

Smart Dust Bin in London (Cont.)

IoT Application Areas and Devices

IoT Application Areas and Devices

IoTAttackSurfaceAreasDevice Memory Cleartextcredentials Third-partycredentials Encryption keysEcosystem(general)Device PhysicalInterfaces Implicit trustbetweencomponents Enrollmentsecurity Decommissioningsystem Lost accessprocedures Firmwareextraction User CLI Admin CLI Privilegeescalation Reset to insecurestate Removal ofstorage media TamperresistanceDevice WebInterface SQL injection Cross-sitescripting Cross-siteRequest Forgery Usernameenumeration Weak passwords Account lockout Known defaultcredentialsDevice Firmware Hardcodedcredentials Encryption keys Encryption(Symmetric,Asymmetric) Sensitiveinformation Sensitive URLdisclosure Firmware versiondisplay and/orlast update date

IoTAttackSurfaceAreasDevice NetworkServicesAdministrativeInterface Informationdisclosure User CLI Administrative CLI Injection and Denialof Service UnencryptedServices Poorly implementedencryption UPnP Vulnerable UDPServices SQL injection Cross-site scripting Security/encryptionoptions Logging options Two-factorauthentication Inability to wipedeviceLocal DataStorageCloud WebInterfaceThird-partyBackend APIs Unencrypted data Data encrypted withdiscovered keys Lack of data integritychecks SQL injection Cross-site scripting Transport encryption Insecure passwordrecovery mechanism Two-factorauthentication Unencrypted PII sent Encrypted PII sent Device informationleaked Location leaked

ionVendor BackendAPIsEcosystemCommunication Update is notencrypted Updates notsigned Update locationwritable Updateverification &authentication Missing updatemechanism No manualupdatemechanism Implicitlytrusted bydevice or cloud Usernameenumeration Account lockout Known defaultcredentials Weak pass Transportencryption Insecurerecoverymechanism Inherent trustof cloud ormobileapplication Weakauthentication Weak accesscontrols Injection attacks Hidden services Health checks Heartbeats Ecosystemcommands Deprovisioning Pushing updatesNetwork Traffic LAN LAN to Internet Short range Non-standard

IoT Security is the T services, encryption, firewall, input authN, authZ, input validation, etc. insecure APIs, lack of encryption, etc. AuthSessionAccess net app mobile cloud IoT

IoT Technologies and Protocols

IoT Communication Models

IoT : How IoT Works

Data Leakage & Users Privacy Issues

Data Leakage & Users Privacy Issues

Data Leakage & Users Privacy Issues

Google Services

Google Services (Cont.)

Google Services (Cont.)

Google Services (Cont.)

Google Services (Cont.)

Google Services (Cont.)

Google Services (Cont.)

Google Services (Cont.)

Google Services (Cont.)

Google Services (Cont.)

Samsung Health App

Samsung Health App

Samsung Health App (Cont.)

Samsung Health App (Cont.)

Samsung Health App (Cont.)

NIST Cyber Security Framework

56

Contact eim

Questions?

Account lockout Known default credentials Weak pass Transport encryption Insecure recovery mechanism Vendor Backend APIs Inherent trust of cloud or mobile application Weak authentication Weak access controls Injection attacks Hidden services Ecosystem Communication Health checks Heartbeats Ecosystem commands

Related Books

PRODUCT LIFE CYCLE IN THE AGE OF IoT IN THE AGE OF IOT

PRODUCT LIFE CYCLE IN THE AGE OF IoT IN THE AGE OF IOT

Internet of Things (IOT): Research Challenges and Future .

Internet of Things (IOT): Research Challenges and Future .

Final Program AI/ML. Autonomous Vehicles. Security. IoT .

Final Program AI/ML. Autonomous Vehicles. Security. IoT .

PRIVACY, SECURITY, RISK AND THE DIGITAL REVOLUTION

PRIVACY, SECURITY, RISK AND THE DIGITAL REVOLUTION

Guidelines on security and privacy in public cloud . - NIST

Guidelines on security and privacy in public cloud . - NIST

HIPAA – Privacy and Security

HIPAA – Privacy and Security

HIPAA Basics for Providers: Privacy, Security, and Breach .

HIPAA Basics for Providers: Privacy, Security, and Breach .

Online social networks security and privacy: comprehensive .

Online social networks security and privacy: comprehensive .

A Privacy and Information Security Guide for UCLA Workforce

A Privacy and Information Security Guide for UCLA Workforce

US Privacy and Data Security Law Overview

US Privacy and Data Security Law Overview

Data Privacy Security Insider - R C

Data Privacy Security Insider - R C

ICT infrastructure, privacy & security

ICT infrastructure, privacy & security

PopularTags

Recent Views