insecurity in a connected planet - mtug · insecurity in a connected planet rear admiral bill...
TRANSCRIPT
![Page 1: Insecurity in a Connected Planet - MTUG · Insecurity in a Connected Planet Rear Admiral Bill Leigher (USN-Ret) ... Bio-Hacking? Well Sort Of Hacker Implants NFC Chip In His Hand](https://reader034.vdocument.in/reader034/viewer/2022042620/5ac3ca017f8b9a220b8c311d/html5/thumbnails/1.jpg)
Insecurity in a Connected Planet
Rear Admiral Bill Leigher (USN-Ret) 2015 MTUG Summit and Tradeshow
28 May 2015
![Page 2: Insecurity in a Connected Planet - MTUG · Insecurity in a Connected Planet Rear Admiral Bill Leigher (USN-Ret) ... Bio-Hacking? Well Sort Of Hacker Implants NFC Chip In His Hand](https://reader034.vdocument.in/reader034/viewer/2022042620/5ac3ca017f8b9a220b8c311d/html5/thumbnails/2.jpg)
Or perhaps…
Why You Really Need to Worry About Internet
Security
![Page 3: Insecurity in a Connected Planet - MTUG · Insecurity in a Connected Planet Rear Admiral Bill Leigher (USN-Ret) ... Bio-Hacking? Well Sort Of Hacker Implants NFC Chip In His Hand](https://reader034.vdocument.in/reader034/viewer/2022042620/5ac3ca017f8b9a220b8c311d/html5/thumbnails/3.jpg)
But remember…
It’s Not the Internet of Things;
It’s a Business Case
![Page 4: Insecurity in a Connected Planet - MTUG · Insecurity in a Connected Planet Rear Admiral Bill Leigher (USN-Ret) ... Bio-Hacking? Well Sort Of Hacker Implants NFC Chip In His Hand](https://reader034.vdocument.in/reader034/viewer/2022042620/5ac3ca017f8b9a220b8c311d/html5/thumbnails/4.jpg)
Agenda • The Problem Space • The Attack Surface
o Basic access controls o Industrial systems o Automobiles o Aircraft o Health care
• What you can do
![Page 5: Insecurity in a Connected Planet - MTUG · Insecurity in a Connected Planet Rear Admiral Bill Leigher (USN-Ret) ... Bio-Hacking? Well Sort Of Hacker Implants NFC Chip In His Hand](https://reader034.vdocument.in/reader034/viewer/2022042620/5ac3ca017f8b9a220b8c311d/html5/thumbnails/5.jpg)
My View of the Internet During my Navy Career
![Page 6: Insecurity in a Connected Planet - MTUG · Insecurity in a Connected Planet Rear Admiral Bill Leigher (USN-Ret) ... Bio-Hacking? Well Sort Of Hacker Implants NFC Chip In His Hand](https://reader034.vdocument.in/reader034/viewer/2022042620/5ac3ca017f8b9a220b8c311d/html5/thumbnails/6.jpg)
A Different View of the Internet
![Page 7: Insecurity in a Connected Planet - MTUG · Insecurity in a Connected Planet Rear Admiral Bill Leigher (USN-Ret) ... Bio-Hacking? Well Sort Of Hacker Implants NFC Chip In His Hand](https://reader034.vdocument.in/reader034/viewer/2022042620/5ac3ca017f8b9a220b8c311d/html5/thumbnails/7.jpg)
A Matter of Perspective
![Page 8: Insecurity in a Connected Planet - MTUG · Insecurity in a Connected Planet Rear Admiral Bill Leigher (USN-Ret) ... Bio-Hacking? Well Sort Of Hacker Implants NFC Chip In His Hand](https://reader034.vdocument.in/reader034/viewer/2022042620/5ac3ca017f8b9a220b8c311d/html5/thumbnails/8.jpg)
Fundamentally, it’s About Access to Your Network
Source: http://searchsecurity.techtarget.com/news/2240237020/Survey-Guest-network-security-lacking-at-many-businesses
Survey: Guest network security lacking at many businesses
• 71% of businesses don’t implement measures such as providing unique, temporary passwords to users connecting to guest networks
• More than 50% of those businesses don’t monitor for malicious traffic or malware
• And this doesn’t account for your employees’ behaviors
![Page 9: Insecurity in a Connected Planet - MTUG · Insecurity in a Connected Planet Rear Admiral Bill Leigher (USN-Ret) ... Bio-Hacking? Well Sort Of Hacker Implants NFC Chip In His Hand](https://reader034.vdocument.in/reader034/viewer/2022042620/5ac3ca017f8b9a220b8c311d/html5/thumbnails/9.jpg)
Data and Applications at Risk
Source: http://www.popsci.com/most-sophisticated-malware-ever-can-infect-hard-drive-firmware
The World's Most Sophisticated Malware Ever Infects Hard Drive Firmware
• Dubbed “Equation” by Kaspersky Labs • Delivered by Trojan Horse. • Rewrite the firmware of hard drives making it
virtually impossible to detect, let alone remove. • Infections in more than 40 nations.
![Page 10: Insecurity in a Connected Planet - MTUG · Insecurity in a Connected Planet Rear Admiral Bill Leigher (USN-Ret) ... Bio-Hacking? Well Sort Of Hacker Implants NFC Chip In His Hand](https://reader034.vdocument.in/reader034/viewer/2022042620/5ac3ca017f8b9a220b8c311d/html5/thumbnails/10.jpg)
Stuxnet
Source: http://www.langner.com/en/wp-content/uploads/2013/11/To-kill-a-centrifuge.pdfion
Langner: To Kill a Centrifuge • SCADA: Supervisory Control And Data Acquisition, a
category of computer programs used to display and analyze process conditions.
• IT Layer: propagate via networks, OS and applications • Control layer: manipulate via controllers and sub-controllers • Physical layer: damage specific equipment.
![Page 11: Insecurity in a Connected Planet - MTUG · Insecurity in a Connected Planet Rear Admiral Bill Leigher (USN-Ret) ... Bio-Hacking? Well Sort Of Hacker Implants NFC Chip In His Hand](https://reader034.vdocument.in/reader034/viewer/2022042620/5ac3ca017f8b9a220b8c311d/html5/thumbnails/11.jpg)
Physical Destruction – Not Just a Nation State Threat
Source: http://www.wired.com/2015/01/german-steel-mill-hack-destruction
A Cyberattack Has Caused Confirmed Physical Damage for the Second Time Ever
• Manipulated and disrupted control system so that a blast furnace could not be properly shut down resulting in “massive” damage.
• Infiltrated corporate network via a spear phishing attack. • “Failures accumulated in individual control components or
entire systems.
![Page 12: Insecurity in a Connected Planet - MTUG · Insecurity in a Connected Planet Rear Admiral Bill Leigher (USN-Ret) ... Bio-Hacking? Well Sort Of Hacker Implants NFC Chip In His Hand](https://reader034.vdocument.in/reader034/viewer/2022042620/5ac3ca017f8b9a220b8c311d/html5/thumbnails/12.jpg)
Planes, Trains & Automobiles
The Next Cybersecurity Concern: Your Car • 14 year-old with $15 of parts from Radio Shack
accesses a car’s computer, unlocks the doors, starts the engine, streams music.
• Consequence of OnStar, mBrace, SYNC…and oh yeah, Bluetooth.
• Throttle, steering, braking and collision avoidance in play
Source: record-eagle.com · by Jim Koscs 3/4/15
![Page 13: Insecurity in a Connected Planet - MTUG · Insecurity in a Connected Planet Rear Admiral Bill Leigher (USN-Ret) ... Bio-Hacking? Well Sort Of Hacker Implants NFC Chip In His Hand](https://reader034.vdocument.in/reader034/viewer/2022042620/5ac3ca017f8b9a220b8c311d/html5/thumbnails/13.jpg)
Planes, Trains & Automobiles
FBI Claims security researcher took control of plane • Admitted that he has taken control of networks
‘around’ 15 times, solely for the purpose of observation.
• "exploited/gained access to the [in-flight entertainment] system, overwrote code on the airplane's Thrust Management Computer while aboard a flight and commanded the system he had accessed to issue the climb command.
Source: http://www.cnet.com/news/fbi-claims-security-researcher-took-control-of-plane/
![Page 14: Insecurity in a Connected Planet - MTUG · Insecurity in a Connected Planet Rear Admiral Bill Leigher (USN-Ret) ... Bio-Hacking? Well Sort Of Hacker Implants NFC Chip In His Hand](https://reader034.vdocument.in/reader034/viewer/2022042620/5ac3ca017f8b9a220b8c311d/html5/thumbnails/14.jpg)
Planes, Trains & Automobiles
United Airlines offers air miles as bug bounty reward
• Low-severity-rated vulnerabilities, are worth 50,000 air miles. High-severity vulnerabilities related to remote code execution are worth a maximum of 1,000,000 air miles.
• Testing on in-flight systems will result in disqualification and possible criminal investigation.
Source: http://www.zdnet.com/article/united-offers-air-miles-as-bug-bounty-reward/
![Page 15: Insecurity in a Connected Planet - MTUG · Insecurity in a Connected Planet Rear Admiral Bill Leigher (USN-Ret) ... Bio-Hacking? Well Sort Of Hacker Implants NFC Chip In His Hand](https://reader034.vdocument.in/reader034/viewer/2022042620/5ac3ca017f8b9a220b8c311d/html5/thumbnails/15.jpg)
Medical Device Vulnerability
It’s Insanely Easy to Hack Hospital Equipment • Everything Was Tested, And Most Of It Was Hackable:
drug infusion pumps, Bluetooth-enabled defibrillators, remote access to X-rays, blood and drug storage refrigerators storing and digital medical records.
• Open systems often with web interfaces to facilitate communication. Hardcoded passwords
• Hackers could gain access via a phishing attack, then exploring the internal network simply plug his laptop into the network to discover and attack vulnerable systems. --“Once you get a foothold into the network … you can scan and find almost all of these devices, and it’s fairly easy to get on these networks.”
Source: http://www.wired.com/2014/04/hospital-equipment-vulnerable/
![Page 16: Insecurity in a Connected Planet - MTUG · Insecurity in a Connected Planet Rear Admiral Bill Leigher (USN-Ret) ... Bio-Hacking? Well Sort Of Hacker Implants NFC Chip In His Hand](https://reader034.vdocument.in/reader034/viewer/2022042620/5ac3ca017f8b9a220b8c311d/html5/thumbnails/16.jpg)
Bio-Hacking? Well Sort Of Hacker Implants NFC Chip In His Hand To Bypass
Security Scans And Exploit Android Phones • Think the NFC chip in your pet. • Pings and Android device and asks to install a
(malicious) file. • Can be remotely controlled
Source: http://www.forbes.com/sites/thomasbrewster/2015/04/27/implant-android-attack//
![Page 17: Insecurity in a Connected Planet - MTUG · Insecurity in a Connected Planet Rear Admiral Bill Leigher (USN-Ret) ... Bio-Hacking? Well Sort Of Hacker Implants NFC Chip In His Hand](https://reader034.vdocument.in/reader034/viewer/2022042620/5ac3ca017f8b9a220b8c311d/html5/thumbnails/17.jpg)
Six Fundamental Questions About Connected Cevices.
• Do the devices store and transmit data securely? • Do they accept software security updates to address
new risks? • Do they provide a new avenue to unauthorized access of
data? • Do they provide a new way to steal data? • Do they connect to the institution's existing IT
infrastructure in a way that puts data stored there are greater risk?
• Are the APIs – through which software and devices connect – secure?
It’s Not the Internet of Things; It’s a Business Case
![Page 18: Insecurity in a Connected Planet - MTUG · Insecurity in a Connected Planet Rear Admiral Bill Leigher (USN-Ret) ... Bio-Hacking? Well Sort Of Hacker Implants NFC Chip In His Hand](https://reader034.vdocument.in/reader034/viewer/2022042620/5ac3ca017f8b9a220b8c311d/html5/thumbnails/18.jpg)
Questions Thank You