iot (in)security - hte · 2016-11-10 · iot (in)security (a pessimistic view on the future...
TRANSCRIPT
![Page 1: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS](https://reader036.vdocument.in/reader036/viewer/2022081405/5f09412d7e708231d425f46d/html5/thumbnails/1.jpg)
IoT (in)security(a pessimistic view on the Future Internet)
Levente Buttyán, PhD
Laboratory of Cryptography and System Security (CrySyS Lab)
Department of Networked Systems and Services
Budapest University of Technology and Economics
www.crysys.hu
![Page 2: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS](https://reader036.vdocument.in/reader036/viewer/2022081405/5f09412d7e708231d425f46d/html5/thumbnails/2.jpg)
CrySyS Lab, Budapest
www.crysys.hu2
![Page 3: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS](https://reader036.vdocument.in/reader036/viewer/2022081405/5f09412d7e708231d425f46d/html5/thumbnails/3.jpg)
CrySyS Lab, Budapest
www.crysys.hu
”If you’re a researcher on this book thing and you were on Earth,
you must have been gathering material on it.”
”Well, I was able to extend the original entry a bit, yes.”
”Let me see what it says in this edition, then. I’ve got to see it.”
... ”What? Harmless! Is that all it’s got to say? Harmless! One word!
... Well, for God's sake I hope you managed to rectify that a bit.”
”Oh yes, well I managed to transmit a new entry off to the editor. He
had to trim it a bit, but it’s still an improvement.”
”And what does it say now?” asked Arthur.
”Mostly harmless,” admitted Ford with a slightly embarrassed
cough.
3
![Page 4: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS](https://reader036.vdocument.in/reader036/viewer/2022081405/5f09412d7e708231d425f46d/html5/thumbnails/4.jpg)
CrySyS Lab, Budapest
www.crysys.hu4
![Page 5: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS](https://reader036.vdocument.in/reader036/viewer/2022081405/5f09412d7e708231d425f46d/html5/thumbnails/5.jpg)
CrySyS Lab, Budapest
www.crysys.hu
still
5
2016
![Page 6: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS](https://reader036.vdocument.in/reader036/viewer/2022081405/5f09412d7e708231d425f46d/html5/thumbnails/6.jpg)
CrySyS Lab, Budapest
www.crysys.hu6
![Page 7: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS](https://reader036.vdocument.in/reader036/viewer/2022081405/5f09412d7e708231d425f46d/html5/thumbnails/7.jpg)
CrySyS Lab, Budapest
www.crysys.hu
Smart homes
7
![Page 8: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS](https://reader036.vdocument.in/reader036/viewer/2022081405/5f09412d7e708231d425f46d/html5/thumbnails/8.jpg)
CrySyS Lab, Budapest
www.crysys.hu
Smart vehicles (aka connected cars)
8
![Page 9: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS](https://reader036.vdocument.in/reader036/viewer/2022081405/5f09412d7e708231d425f46d/html5/thumbnails/9.jpg)
CrySyS Lab, Budapest
www.crysys.hu
Smart factories (aka Industry 4.0)
9
![Page 10: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS](https://reader036.vdocument.in/reader036/viewer/2022081405/5f09412d7e708231d425f46d/html5/thumbnails/10.jpg)
CrySyS Lab, Budapest
www.crysys.hu
How about security?
10
![Page 11: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS](https://reader036.vdocument.in/reader036/viewer/2022081405/5f09412d7e708231d425f46d/html5/thumbnails/11.jpg)
CrySyS Lab, Budapest
www.crysys.hu
How about security?
11
![Page 12: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS](https://reader036.vdocument.in/reader036/viewer/2022081405/5f09412d7e708231d425f46d/html5/thumbnails/12.jpg)
CrySyS Lab, Budapest
www.crysys.hu
IoT from a hacker’s perspective
12
Internet of Things
cheap (in every sense)
computers easy to compromise
now easily searchable and
accessible remotely
![Page 13: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS](https://reader036.vdocument.in/reader036/viewer/2022081405/5f09412d7e708231d425f46d/html5/thumbnails/13.jpg)
CrySyS Lab, Budapest
www.crysys.hu13
![Page 14: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS](https://reader036.vdocument.in/reader036/viewer/2022081405/5f09412d7e708231d425f46d/html5/thumbnails/14.jpg)
CrySyS Lab, Budapest
www.crysys.hu
It could really be a nightmare...
14
![Page 15: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS](https://reader036.vdocument.in/reader036/viewer/2022081405/5f09412d7e708231d425f46d/html5/thumbnails/15.jpg)
CrySyS Lab, Budapest
www.crysys.hu
It could really be a nightmare...
15
![Page 16: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS](https://reader036.vdocument.in/reader036/viewer/2022081405/5f09412d7e708231d425f46d/html5/thumbnails/16.jpg)
CrySyS Lab, Budapest
www.crysys.hu
It could really be a nightmare...
16
![Page 17: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS](https://reader036.vdocument.in/reader036/viewer/2022081405/5f09412d7e708231d425f46d/html5/thumbnails/17.jpg)
CrySyS Lab, Budapest
www.crysys.hu
IoT devices became the weakest link
17
![Page 18: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS](https://reader036.vdocument.in/reader036/viewer/2022081405/5f09412d7e708231d425f46d/html5/thumbnails/18.jpg)
CrySyS Lab, Budapest
www.crysys.hu
Default passwords
18
![Page 19: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS](https://reader036.vdocument.in/reader036/viewer/2022081405/5f09412d7e708231d425f46d/html5/thumbnails/19.jpg)
CrySyS Lab, Budapest
www.crysys.hu
Unpatched vulnerabilities
19
![Page 20: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS](https://reader036.vdocument.in/reader036/viewer/2022081405/5f09412d7e708231d425f46d/html5/thumbnails/20.jpg)
CrySyS Lab, Budapest
www.crysys.hu
Factory made backdoors
20
![Page 21: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS](https://reader036.vdocument.in/reader036/viewer/2022081405/5f09412d7e708231d425f46d/html5/thumbnails/21.jpg)
CrySyS Lab, Budapest
www.crysys.hu
Firewall bypass as a feature
21
source: IoT security is a nightm
are. But w
hat is the real risk?
Hactivity 2016 talk by Zoltán Balázs
![Page 22: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS](https://reader036.vdocument.in/reader036/viewer/2022081405/5f09412d7e708231d425f46d/html5/thumbnails/22.jpg)
CrySyS Lab, Budapest
www.crysys.hu22
![Page 23: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS](https://reader036.vdocument.in/reader036/viewer/2022081405/5f09412d7e708231d425f46d/html5/thumbnails/23.jpg)
CrySyS Lab, Budapest
www.crysys.hu23
![Page 24: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS](https://reader036.vdocument.in/reader036/viewer/2022081405/5f09412d7e708231d425f46d/html5/thumbnails/24.jpg)
CrySyS Lab, Budapest
www.crysys.hu
Security economics
24
vendors build
cheap devices
maximize profit
minimize time to market
more features, no security
consumers buy
cheap devices
optimize price/value ratio
don’t understand the risk
can’t identify quality
misplaced incentives
makes no sense to build
secure devices
lemon market:
information asymmetry
consumers will pay average price
quality vendors leave the market
![Page 25: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS](https://reader036.vdocument.in/reader036/viewer/2022081405/5f09412d7e708231d425f46d/html5/thumbnails/25.jpg)
CrySyS Lab, Budapest
www.crysys.hu
Have you seen this before?
25
![Page 26: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS](https://reader036.vdocument.in/reader036/viewer/2022081405/5f09412d7e708231d425f46d/html5/thumbnails/26.jpg)
CrySyS Lab, Budapest
www.crysys.hu26
”History is just new people making old mistakes.”— Sigmund Freud
![Page 27: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS](https://reader036.vdocument.in/reader036/viewer/2022081405/5f09412d7e708231d425f46d/html5/thumbnails/27.jpg)
CrySyS Lab, Budapest
www.crysys.hu
still
27
2016
![Page 28: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS](https://reader036.vdocument.in/reader036/viewer/2022081405/5f09412d7e708231d425f46d/html5/thumbnails/28.jpg)
CrySyS Lab, Budapest
www.crysys.hu28
will remain
2016
![Page 29: IoT (in)security - HTE · 2016-11-10 · IoT (in)security (a pessimistic view on the Future Internet) Levente Buttyán, PhD Laboratory of Cryptography and System Security (CrySyS](https://reader036.vdocument.in/reader036/viewer/2022081405/5f09412d7e708231d425f46d/html5/thumbnails/29.jpg)
Laboratory of Cryptography and System Security (CrySyS Lab)
Department of Networked Systems and Services
Budapest University of Technology and Economics
www.crysys.hu
contact:
Levente Buttyán, PhD
Associate Professor, Head of the CrySyS Lab