4 IoT Systems, 4 Threat Modelling Failures

Thursday, July 16, 2020

11:00 AM - 12:00 PM PDT

60 minutes, including Q&A

The IoT is hugely diverse: home assistants, fitness trackers, medical devices, home security, kid trackers, smart TVs, industrial equipment, crypto wallets, car alarms and even sex toys. We've seen security and privacy failures in nearly all these systems, some trivial, some serious. In today's IoT, security failures in these systems might seem trivial, but in 10 years, these systems will be ruling our lives.

We suspect that the developers of the products failed to predict which threats they needed to protect against. Unless security is considered during the design of these systems, they will never be truly secure.

We'll look at 4 practical examples where lessons can be learned:

  1. Crypto-wallets that didn't take into account physical access.
  2. A telematics unit in a car that allowed us to take control of the corporate network.
  3. An EV car charger that relied on the security of a Raspberry Pi.
  4. Police body cameras that place confidentiality above authenticity of data.

Hopefully you'll be able to see the mistakes that were made, alongside the simple solutions to these issues.

Brought to you by:

nCipher Security, an Entrust Datacard company

Guest Presenter:

Andrew Tierney

Hardware Team Leader

Pen Test Partners

Andrew leads the hardware team at Pen Test Partners. He covers all systems that aren't general purpose computers: IoT, phones, cars, ships, planes and industrial control. On the offensive side, he has spent many years reverse engineering, researching and finding vulnerabilities in these systems.

On the defensive side, he takes the knowledge gained from research and advises companies on how to build secure products. This ranges from the nitty-gritty of securing devices against physical attack, through to developing complete connected platforms that make use of defence-in-depth so that they can stay secure through the entire lifecycle of the product.

He trains people how to attack and defend hardware, with customers ranging from medical device manufacturers through to police forensics teams.

Sponsor Presenter:

John Grimm

Vice President Strategy

nCipher Security, an Entrust Datacard company

John Grimm is Vice President of Strategy and Business Development at nCipher Security, an Entrust Datacard company, and a world leader in hardware security modules (HSMs). nCipher empowers world-leading organizations by delivering trust, integrity and control to their business critical information and applications.

Sustaining Partners