Secure your "Things" in Internet of Things

Hack Zone Tunisia 2016, Tunisia

Who am I ?

Amine

aka Yuri laaziz

Security Engineer Intern at Sifaris

 

Co Founder of Hackerspace Djerba

 

contact@yurilz.com

What is IoT?

The Internet of Things (IoT) is the network of physical objects devices, vehicles, buildings and other items—embedded with electronics, software, sensors, and network connectivity that enables these objects to collect and exchange data (Wikipedia)

What is IoT?

What is IoT?

XenPonic, LeLoop, Paris
http://wiki.leloop.org/index.php/XenPonic

What is IoT?

What is IoT?

Hmm, I don't see security

Drone ?

Everyone likes drone :), I know

 Drone delivery

Military use of drones

Nothing, Just taking selfies :p

Drone Investigation

What I found ?

Authentication :
Anyone can take control over the drone with his free app from another device

 

Open FTP server :

Could be exploited by an attacker to remotely access, delete and replace videos (for advanced Hacker !) gathered by the drone.

 

GPS signal :

The return-home function implemented by the drone controller fails

Demo :D

https://www.youtube.com/watch?v=XTiAYjsycKI

www.infineon.com, 2016

Secured drone

> This is not IoT !

Surveillance cameras sold on Amazon infected with malware

USB Debug mode enabled

RubberDucky USB drive scripted to automate hacking

SNCF Trains :D

AVISource("video.avi")

 

The decoder reads past the end of the input buffer by a small amount

https://www.rapid7.com/db/vulnerabilities/debian-DSA-3003

SNCF Trains :D

Are We Secure in Tunisia 

And this year has made clearer than ever before that this Internet of Things introduces all the vulnerabilities of the digital world into our real world.

Follow Me
@asker_amine

Thanks

Securing Thing in Internet of things

By Yuri Laaziz

Securing Thing in Internet of things

  • 2,241