This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
4 IoT Systems, 4 Threat Modelling Failures
The IoT is hugely diverse: home assistants, fitness trackers, medical devices, home security, kid trackers, smart TVs, industrial equipment, crypto wallets, car alarms and even sex toys. We've seen security and privacy failures in nearly all these systems, some trivial, some serious. In today's IoT, security failures in these systems might seem trivial, but in 10 years, these systems will be ruling our lives.
We suspect that the developers of the products failed to predict which threats they needed to protect against. Unless security is considered during the design of these systems, they will never be truly secure.
We'll look at 4 practical examples where lessons can be learned:
- Crypto-wallets that didn't take into account physical access.
- A telematics unit in a car that allowed us to take control of the corporate network.
- An EV car charger that relied on the security of a Raspberry Pi.
- Police body cameras that place confidentiality above authenticity of data.
Hopefully you'll be able to see the mistakes that were made, alongside the simple solutions to these issues.
Hardware Team Leader
Pen Test Partners
Andrew leads the hardware team at Pen Test Partners. He covers all systems that aren't general purpose computers: IoT, phones, cars, ships, planes and industrial control. On the offensive side, he has spent many years reverse engineering, researching and finding vulnerabilities in these systems.
On the defensive side, he takes the knowledge gained from research and advises companies on how to build secure products. This ranges from the nitty-gritty of securing devices against physical attack, through to developing complete connected platforms that make use of defence-in-depth so that they can stay secure through the entire lifecycle of the product.
He trains people how to attack and defend hardware, with customers ranging from medical device manufacturers through to police forensics teams.
Vice President Strategy
nCipher Security, an Entrust Datacard company
John Grimm is Vice President of Strategy and Business Development at nCipher Security, an Entrust Datacard company, and a world leader in hardware security modules (HSMs). nCipher empowers world-leading organizations by delivering trust, integrity and control to their business critical information and applications.