Secure your "Things" in Internet of Things




Hack Zone Tunisia 2016, Tunisia
Who am I ?



Amine
aka Yuri laaziz
Security Engineer Intern at Sifaris
Co Founder of Hackerspace Djerba



contact@yurilz.com
What is IoT?




The Internet of Things (IoT) is the network of physical objects devices, vehicles, buildings and other items—embedded with electronics, software, sensors, and network connectivity that enables these objects to collect and exchange data (Wikipedia)
What is IoT?




What is IoT?




XenPonic, LeLoop, Paris
http://wiki.leloop.org/index.php/XenPonic
What is IoT?




What is IoT?




Hmm, I don't see security
Drone ?




Everyone likes drone :), I know
Drone delivery




Military use of drones




Nothing, Just taking selfies :p




Drone Investigation




What I found ?
Authentication :
Anyone can take control over the drone with his free app from another device
Open FTP server :
Could be exploited by an attacker to remotely access, delete and replace videos (for advanced Hacker !) gathered by the drone.
GPS signal :
The return-home function implemented by the drone controller fails



Demo :D




https://www.youtube.com/watch?v=XTiAYjsycKI




www.infineon.com, 2016
Secured drone




> This is not IoT !




Surveillance cameras sold on Amazon infected with malware





USB Debug mode enabled




RubberDucky USB drive scripted to automate hacking




SNCF Trains :D




AVISource("video.avi")
The decoder reads past the end of the input buffer by a small amount
https://www.rapid7.com/db/vulnerabilities/debian-DSA-3003
SNCF Trains :D




Are We Secure in Tunisia
















And this year has made clearer than ever before that this Internet of Things introduces all the vulnerabilities of the digital world into our real world.




Follow Me
@asker_amine

Thanks



Securing Thing in Internet of things
By Yuri Laaziz
Securing Thing in Internet of things
- 2,488