Scribd Logo
Upload

Welcome to Scribd!

  • 4 - 1 - Cyber Security

    Uploaded by

    Login Techbd
    12 views59 pages
    Cyber security

    Original Title

    4_1_Cyber Security

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Cyber security

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    12 views59 pages

    4 - 1 - Cyber Security

    Uploaded by

    Login Techbd
    Cyber security

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 59

    IoT Security and privacy challenges

    Adel Abdel Moneim, MBA


    ITU-ARCC Cyber Security Expert
    SCCISP ,CISSP, CISM, CRISC, CISA, CGEIT, CCISO,SABSA-SCF, CEH, CCSK,CHFI, EDRP,CSA ,ECSA, LPT,CND, ECES, CCFP-EU,PECB MS Auditor, SMSP,
    ECIH, Master ISO27001, ISO27005LRM , ISO31000, ISO27032 Lead Cybersecurity Manager, ISO27035 LIM, ISO38500 Lead IT Corporate
    Governance Manager,ISO24762 LDRM, CLSSP, ISO 29100 Lead Privacy Implementer, Lead Forensic Examiner, Certified Cyber Intelligence
    Professional (CCIP)
    Definition of IoT
    [WIKIPEDIA ] The Internet of Things (IoT) is the
    network of physical objects or "things" embedded with
    electronics, software, sensors
    and connectivity to enable it to achieve greater value
    and service by exchanging data with the manufacturer,
    operator and/or other connected devices.

    [ OXFORD ] A proposed development of the Internet in


    which everyday objects have network connectivity,
    allowing them to send and receive data.
    The internet of Things moves in
    IOT Attack news

    ADEL ABDEL MONEIM [ adelnet2k@gmail.com ] 4


    IOT Attack news

    https://gdpr.report/news/2019/05/24/iot-
    cyber-attacks-cost-the-uk-economy-1-billion/

    5
    IOT Attack news

    6
    IOT Attack news

    7
    IOT Attack news

    8
    IOT Attack news

    9
    10
    Smart Home &Wearable devices
    IoT in Health
    IoTin Agriculture
    IoTin Education
    IoTin Traffic
    IoT in Retail
    IoT in Smart City
    IoTBasedWasteCollection
    IoT Based Pollution Control
    Smart Dust Bin in London
    Smart Dust Bin in London (Cont.)
    Smart Dust Bin in London (Cont.)
    IoT Application Areas and Devices
    IoT Application Areas and Devices
    IoTAttackSurfaceAreas
    Ecosystem Device Physical Device Web
    Device Memory Device Firmware
    (general) Interfaces Interface
    • Cleartext • Implicit trust • Firmware • SQL injection • Hardcoded
    credentials between extraction • Cross-site credentials
    • Third-party components • User CLI scripting • Encryption keys
    credentials • Enrollment • Admin CLI • Cross-site • Encryption
    • Encryption keys security • Privilege Request Forgery (Symmetric,
    • Decommissioning escalation • Username Asymmetric)
    system • Reset to insecure enumeration • Sensitive
    • Lost access state • Weak passwords information
    procedures • Removal of • Account lockout • Sensitive URL
    storage media • Known default disclosure
    • Tamper credentials • Firmware version
    resistance display and/or
    last update date
    IoTAttackSurfaceAreas
    Device Network Administrative Local Data Cloud Web Third-party
    Services Interface Storage Interface Backend APIs
    • Information • SQL injection • Unencrypted data • SQL injection • Unencrypted PII sent
    disclosure • Cross-site scripting • Data encrypted with • Cross-site scripting • Encrypted PII sent
    • User CLI • Security/encryption discovered keys • Transport encryption • Device information
    • Administrative CLI options • Lack of data integrity • Insecure password leaked
    • Injection and Denial • Logging options checks recovery mechanism • Location leaked
    of Service • Two-factor • Two-factor
    • Unencrypted authentication authentication
    Services • Inability to wipe
    • Poorly implemented device
    encryption
    • UPnP
    • Vulnerable UDP
    Services
    IoTAttackSurfaceAreas
    Update Mobile Vendor Backend Ecosystem
    Network Traffic
    Mechanism Application APIs Communication
    • Update is not • Implicitly • Inherent trust • Health checks • LAN
    encrypted trusted by of cloud or • Heartbeats • LAN to Internet
    • Updates not device or cloud mobile • Ecosystem • Short range
    signed • Username application commands • Non-standard
    • Update location enumeration • Weak • Deprovisioning
    writable • Account lockout authentication
    • Pushing updates
    • Update • Known default • Weak access
    verification & credentials controls
    authentication • Weak pass • Injection attacks
    • Missing update • Transport • Hidden services
    mechanism encryption
    • No manual • Insecure
    update recovery
    mechanism mechanism
    IoT Security is the Worst-of-All-Worlds
    Network • services, encryption, firewall, input…

    Application • authN, authZ, input validation, etc.

    Mobile • insecure APIs, lack of encryption, etc.

    Cloud • AuthSessionAccess

    IoT • net + app + mobile + cloud = IoT


    IoT Technologies and Protocols
    IoT Communication Models
    IoT : How IoT Works
    Data Leakage & Users Privacy Issues
    Data Leakage & Users Privacy Issues
    Data Leakage & Users Privacy Issues
    Google Services
    Google Services (Cont.)
    Google Services (Cont.)
    Google Services (Cont.)
    Google Services (Cont.)
    Google Services (Cont.)
    Google Services (Cont.)
    Google Services (Cont.)
    Google Services (Cont.)
    Google Services (Cont.)
    Samsung Health App
    Samsung Health App
    Samsung Health App (Cont.)
    Samsung Health App (Cont.)
    Samsung Health App (Cont.)
    NIST Cyber Security Framework
    56
    Contact Information
    adelnet2k@gmail.com

    @adelnet2k

    www.facebook.com/adelnet2k

    www.linkedin.com/in/Adel-Abdel-Moneim
    Questions?

    You might also like