Secure your "Things" in Internet of Things
Hack Zone Tunisia 2016, Tunisia
Who am I ?
Amine
aka Yuri laaziz
Security Engineer Intern at Sifaris
Co Founder of Hackerspace Djerba
contact@yurilz.com
What is IoT?
The Internet of Things (IoT) is the network of physical objects devices, vehicles, buildings and other items—embedded with electronics, software, sensors, and network connectivity that enables these objects to collect and exchange data (Wikipedia)
What is IoT?
What is IoT?
XenPonic, LeLoop, Paris
http://wiki.leloop.org/index.php/XenPonic
What is IoT?
What is IoT?
Hmm, I don't see security
Drone ?
Everyone likes drone :), I know
Drone delivery
Military use of drones
Nothing, Just taking selfies :p
Drone Investigation
What I found ?
Authentication :
Anyone can take control over the drone with his free app from another device
Open FTP server :
Could be exploited by an attacker to remotely access, delete and replace videos (for advanced Hacker !) gathered by the drone.
GPS signal :
The return-home function implemented by the drone controller fails
Demo :D
https://www.youtube.com/watch?v=XTiAYjsycKI
www.infineon.com, 2016
Secured drone
> This is not IoT !
Surveillance cameras sold on Amazon infected with malware
USB Debug mode enabled
RubberDucky USB drive scripted to automate hacking
SNCF Trains :D
AVISource("video.avi")
The decoder reads past the end of the input buffer by a small amount
https://www.rapid7.com/db/vulnerabilities/debian-DSA-3003
SNCF Trains :D
Are We Secure in Tunisia
And this year has made clearer than ever before that this Internet of Things introduces all the vulnerabilities of the digital world into our real world.
Follow Me
@asker_amine
Thanks
Securing Thing in Internet of things
By Yuri Laaziz
