IoT Security Flashcards
Why does IoT security fail?
Most IoT companies are mostly focus on the device and production, and thereby does not focus on the user’s privacy and security, or legistration (as there are almost none).
Why is IoT beneficial for the attackers?
There are a huge amount of devices, where most of them does not have security. They are easy to find/infect, because of this. They are also hard to update/patch, which makes no security update.
What are the key findings (statistics) of security problems within IoT security?
98% of IoT traffic is unencrypted.
57% of IoT devices are vulnerabe to medium/high-level attacks
Which enterprise IoT devices have the most security problems?
Cameras and printers.
Cameras had easy-to-brute-force default passwords during 2016 Mirai attack. Printers also part of DDoS attack, but also because attacker can access print logs.
Medical IoT devices have Imaging systems as the devices with most security problems.
Discuss how a physical attack can happen in IoT.
RFID / NFC can be attacked. A card can have a unique ID, which can be read and thereby copied/duplicated. The reader will see it as the original card. Can almost be stolen just by taking a photo of the card (with the number on it).
Discuss Botnets, and the difference of centralized and decentralized botnets.
DDoS attack on IoT devices where botmaster will infect devices (bots), and these will follow the commands of the botmaster. Mirai infected mostly home routers and IP cameras. Attack traffic up to 1.x Tbps.
Centralized: Single point of faliure, all connected to the botmaster. Uses C2 (Command and control) servers.
Decentralized: Bots are interconnected, commands will be send hop-by-hop. No C2 servers.
Discuss the Botnet operation steps.
The internet is scanned for devices, where the devices are brute forced by default logins. Infected bots will let the botmaster know they are infected. Through the C&C server, the botmaster can attack specified devices. Malware is sent by selecting its target.
Discuss the Hide’n’Seek botnet, and its functionalities.
HnS mostly copied the mechanics from Mirai attack; scans open ports, brute force the devices. Targets Routers, IP cameras, database softwares, webservers, Android phones.
It is persistent, and will just restart when rebooting the device.
Funtions: Steal user information, use for DDoS attack.
What is Shodan?
“Google” but for IoT devices, kinda gray area of legal as it is constantly scanning the internet.
Discuss CIA(A)
Confidentiality: Our data should be private/encrypted
Integrity: Our data should not be altered from the original form
Availability: if our data is transmitted, it should be on time. To prevent denial of acces to services.
Authenticity: The information is only shown for someone trusted / verified.
Many attackers dont target the protocol. What do they focus on?
User information. They attack and brute force passwords. Also they attack the implementation of the device.
Shortly discuss Bluetooth security.
There are Security mode from 1 to 4 (low to high security), where security mode 4 have 0 to 4 levels of security requirements (low to many requirements). Has some security, but still several issues - mostly because of compatability reasons.
Mention MQTT, Telnet & CoAP protocol
MQTT, Message Queuing Telemetry Transport: Transports messages between devices. Data is in plaintext: TLS is suggested.
Telnet: Very old.. TCP port 23. Dont use it! All plaintext, no authentication.
CoAP, Constrained application control: Lightweight. Similar to HTTP (request/reply). Have four modes of security - all use DTLS.
Telnet security bad, but most protocols use TLS or DTLS for security.
