SlideShare a Scribd company logo

Transforming Smart Building Cybersecurity Strategy for the Age of IoT

Forescout Technologies Inc
Forescout Technologies Inc

Using a smart building as their case study, Forescout Research Labs investigated how IoT devices can be leveraged as an entry point to a building’s network, where legacy OT assets, IT systems and IoT devices all intersect. Key findings from our research include: • How the IoT is impacting the organizational threat landscape • The additional risks that IoT devices introduce • How to evolve your cybersecurity strategy for the age of IoT

1 of 24
Download to read offline
RISE OF THE MACHINES Transforming Cybersecurity Strategy for the Age of IoT This report from the Forescout Research Team explores how IoT devices can be leveraged by attackers in a building’s network, where legacy OT assets, IT systems and IoT devices all intersect. 
2 [1] ABI Research, Internet of Everything Market Tracker, QTR 3, 2018 [2] M. Hung, “Leading the IoT: Gartner Insights on How to Lead in a Connected World,” Gartner, 2017. [Online]. Available: https://www.gartner.com/imagesrv/books/iot/iotEbook_ digital.pdf 2 New Risks from IoT Devices The number of IoT devices in organizational networks is rapidly increasing. These devices are mostly unmanaged, come from a multitude of vendors, use non-standard operating systems, support a diversity of (often insecure) protocols and may dynamically connect to other devices inside or outside the organization’s network. The IoT has already experienced significant growth in the past decade and is expected to reach more than 30 billion connected devices by 2022[1] BY 2020, more than 25% of identified attacks in enterprises will involve the IoT [2]
3 The Internet of Things (IoT) in a Smart Building Consumer-grade IoT devices are entering, and reshaping, the building automation industry. Below is an illustration of IoT devices found within a typical smart building network and how these systems communicate with one another. Workstations IoT Platform Building Management Workstations VIDEO SURVEILLANCE SYSTEM ACCESS CONTROL SYSTEM SMART LIGHTING SYSTEMIoT SYSTEM HVAC SYSTEM IP Camera Building Controller Building Controller Lighting Bridge Smart TV IoT Gateway IoT Gateway NVR Wearable Medical Device Smart Plug Sensor Display Badge Reader Door Lock Thermostat Fan Smart Light Motion Sensor Network Switch TYPICAL SMART BUILDING NETWORK
4 Smart Buildings: Where OT, IT and IoT All Intersect To better understand the current risk landscape for smart buildings and its implications, the Forescout Research Team investigated how video surveillance systems (VSS), smart lighting systems, and other IoT devices could be used by cyber criminals to infiltrate a building network. Video Surveillance System (VSS) Smart Lighting System IoT System
Key Findings How the IoT impacts the cybersecurity landscape for today’s organizations, focusing on the interplay between IoT and legacy OT devices The abuse of a smart building network by exploiting vulnerabilities in a VSS, Philips Hue and the MQTT protocol in a lab setting Specific security challenges from the vulnerabilities in devices like video surveillance systems (VSS), smart lighting systems and IoT systems What organizations can do to reduce risk and better protect their enterprise networks in the age of IoT 5
6 Security Challenges of IoT Devices​ IoT systems, including devices, gateways, and platforms, are notoriously vulnerable to cyberattacks. Attacks against these systems could include: • Exploitation of default or weak credentials: This is notoriously common and simple way for a hacker to gain access to a device or network.​ • Web application and API attacks: This category encompasses methods like database and command injections, directory traversal, and cross-site scripting. These represent the low-hanging fruit for an attacker targeting an IoT device and can be performed in a semi- automatic fashion using available open source tools. ​ • Lower-level exploits: This method targets firmware using tactics like a buffer overflow or memory corruption issues to disable the device or allow arbitrary code execution. ​ • Protocol-based attacks: Attackers can use these to exploit vulnerabilities like the lack of authentication, encryption, and integrity validation to sniff and exfiltrate or tamper with sensitive data. [1]​ [1] Forescout, Rise of the Machines: Transforming Cybersecurity Strategy for the Age of IoT, 2019: https://www.forescout.com/places-in-network/building-automation-system-bas/trans- forming-cybersecurity-strategy-for-the-iot/
7 3 Simple Strategies to Tear Down a Building Network​ To demonstrate how an attacker would exploit vulnerabilities to enter a smart building network using IoT devices, the Forescout team’s lab setup included three systems, video surveillance, smart lighting, and an IoT system. ​ Network Switch AttackerInternet SMART LIGHTING SYSTEMIoT SYSTEM VIDEO SURVEILLANCE SYSTEM IP Camera IP Camera IP Camera IoT Gateway Lighting Bridge Smart Light Motion Sensor Smart Light LAB SETUP
8 Strategy 1: Video Surveillance Systems The precursors of modern video surveillance systems (VSS) were closed-circuit television (CCTV) systems that use analog signals and coax cables to communicate in a closed network. As technology advanced, digital cameras supporting IP communication were integrated into VSSs. Today, many buildings have a hybrid VSS architecture that is quite complex, containing a variety of legacy and new systems.​ Switches / Routers Analog CameraI P Camera (with VMS) Video Encoder DVR NVR IP Camera (with VMS) Analog Camera Analog Camera Analog Camera Analog Camera IP Camera IP Camera IP CameraVideo Decoder MonitorL ocal Server Local Monitoring PC Remote Monitoring PC Remote Server Internet
9 Video Surveillance Systems: The Protocols​ RTSP RTP 9 • Real-time Transport Protocol, usually over UDP​ • Designed for real-time transfer of audio and video data​ • Unidirectional from server (camera) to client (NVR)​ • Secure version SRTP available, but rarely used​ • Real Time Streaming Protocol, usually over TCP​ • Very similar to HTTP​ • Designed to control stream parameters, not deliver the data​ • RTSP communication mandatory before starting to stream​
1010 Video Surveillance Systems: The Vulnerabilities​ Some of the vulnerabilities found in many VSS commonly used in large organizations were:​ Use of unencrypted video streams via RTP/RTSP​ Unwanted communication links between the IT network and the VSS caused by firewall misconfiguration​ Unwanted services and insecure protocols enabled, including FTP and UPnP Weak passwords to access IP cameras Vulnerable cameras [1]​ [1] Forescout, Rise of the Machines: Transforming Cybersecurity Strategy for the Age of IoT, 2019: https://www.forescout.com/places-in-network/building-automation-system-bas/ transforming-cybersecurity-strategy-for-the-iot/
11 Video Surveillance Systems: The Attacks​ Assuming a man-in-the-middle attacker (an attacker inside the network that can sniff and, when necessary, modify packets), the Forescout team successfully carried out two attacks: denial of service and footage replay.​ Denial of service Footage replayLAB
12 Anatomy of the Footage Replay Attack ​ 1. Establish a man in the middle 2. Eavesdrop the traffic and record the video footage 3. Replace RTSP command <get param> with <teardown> 4. Replay the pre-captured stream to the NVR
13 Strategy 2: Smart Lighting Smart lighting systems are connected to a network, which allows them to be monitored and controlled from a central system or via the cloud. For this experiment, the Forescout Research Team used a Philips Hue.​ ​ Wi-Fi Network ZigBee Network Philip Hue System Wi-Fi Router Hue Bridge Smart Light Motion SensorSmart Light
14 Smart Lighting: The Vulnerabilities​ • The Philips Hue uses a dedicated bridge device that connects all lights on its own network. ​ • In order to work with remote systems, the bridge must be connected to a Wi-Fi router, providing a potential network entry point for a malicious actor.​ Wi-Fi Network ZigBee Network Philip Hue System Wi-Fi Router Hue Bridge Smart Light Motion SensorSmart Light
15 Attacking The Philips Hue​ The Philips Hue supports an API that allows a user to interact with a bridge, and therefore the lights, using RESTful HTTP requests. [1]​ Using this API, the Forescout team devised and implemented two types of attacks with a physical consequence: denial of service by switching off the lights and a platform reconfiguration. [1] PenTestPartners, “Hijacking Philips Hue,” [Online]. Available: https://www.pentestpartners.com/security-blog/hijacking-philips-hue/.​ Denial of service Platform reconfiguration LAB
16 Anatomy of the Attacks 1. Sniff a valid API token transmitted in cleartext HTTP 2. Send an HTTP PUT request with the sniffed token and the “off” command:​ PUT http://<bridge_addr>/api/<token>/lights/<number>/state {“on”:false} 3. Automate the request above via script for lights continuously off 4. Optional: use the same valid token to reconfigure the platform and use it as an entry point into the network:​ PUT http://<bridge_addr>/api/<token>/config {“ipaddress”:<ip_addr>, “dhcp”:false, “netmask”:<netmask>, “gateway”:<gtw>} ​
17 Strategy 3: IoT System​ When planning their attack on the IoT system, the Forescout Research Team decided to focus on the messaging (application) layer, specifically on the most widely used protocol in IoT systems, MQTT. [1]​ Publisher Publisher MQTT Broker Subscriber Subscriber MQTT [1] Eclipse IoT Working Group, AGILE IoT, IEEE, and Open Mobile Alliance, “IoT Developer Survey 2018,” 2018. [Online]. Available: https://iot.eclipse.org/resources/iot-developer-survey/ iot-developer-survey-2018.pdf.​
1818 The Vulnerabilities: MQTT​ • MQTT is an M2M connectivity protocol, designed to be lightweight, and is therefore unencrypted.​ • Because of this, it’s highly recommended to use an encrypted transport layer security (TLS) stream on MQTT communications, since unencrypted traffic may disclose sensitive information, including topics, values of data points or even credentials. • However, there are thousands of MQTT servers not using TLS, disclosing sensitive information, as well as allowing remote control, to any client who remotely subscribes to a topic. [1] [2]​ [1] V. Pasknel, “Hacking the IoT with MQTT,” 2017. [Online]. Available: https://morphuslabs.com/hacking-the-iot-with-mqtt-8edaf0d07b9b.​ [2] M. Hron, “Are smart homes vulnerable to hacking?,” Avast, 2018. [Online]. Available: https://blog.avast.com/mqtt-vulnerabilities-hacking-smart-homes.​
19 Exploiting MQTT​ Like the attacks on the video surveillance system, for the case of the IoT system, the Forescout Research Team leveraged a protocol (MQTT), rather than specific devices. Using this method, they devised and implemented two types of attacks: information gathering and denial of service. ​ Information gathering Denial of serviceLAB
20 MQTT: Anatomy of the Attacks​ Information gathering: An attacker can gather information about the IoT network, such as available assets and their ​location, configuration information or even sensitive information like credentials by either passively sniffing traffic or ​ subscribing to interesting topics and receiving published messages. ​ Denial of service: An attacker can flood a broker with connection attempts or heavy payloads, which can be amplified by requiring a higher Quality-of-Service level in the protocol.​
21 CONCLUSION In the age of IoT, legacy security solutions like endpoint agents, antivirus, and traditional IT intrusion detection systems are not enough because either they are unsupported by embedded devices or they are incapable of understanding the network traffic generated by these devices. ​ ​Organizations need to implement solutions that empower them with fully automated visibility and control across their entire enterprise.​ Cybersecurity Strategy Fully automated complete visibility Operational Technology Campus Data Center and Cloud IoT 21
2222 This presentation is a brief summary of an in-depth research report detailing the growth of IoT, possible business risks and cybersecurity strategy planning. ​ ​ Download the “Rise of the Machines: Transforming Cybersecurity Strategy for the Age of IoT” report from the Forescout Research Team to learn more.​ READ THE FULL REPORT Still Curious?
23 About the Researchers Daniel dos Santos holds a PhD in computer science from the University of Trento and has experience in security consulting and research. He is a researcher at Forescout, focusing on vulnerability research and the development of innovative features for SilentDefense.​ Mario Dagrada holds a PhD in computational physics from the University Pierre Marie Curie in Paris and has experience in high performance software development, security and research. He is a researcher at Forescout, focusing on medical device security and the development of innovative features for SilentDefense.​ Michael Yeh holds a joint master’s degree in cybersecurity from the Technical University of Eindhoven and the Radboud University. He worked as an intern at Forescout during the development of this research project.​ Martín Pérez Rodríguez has studied Computer Science & Engineering at the Universidad Politécnica de Madrid and the Technical University of Eindhoven. After his internship, he started working as a DevOps Engineer at Forescout.​ Elisa Costante Elisa Costante holds a PhD in computer science from the Eindhoven University of Technology. She is an expert in IT and OT security and privacy. As director of the Industrial and OT Innovation Technology at Forescout, she drives the execution of pioneering theoretical and experimental work addressing the cyber security challenges posed by the IT/OT convergence. Her tasks include the generation of original content to boost awareness and thought leadership and the identification, building and testing of prototypes for innovative products and services in line with the overall product strategy.
24 About Forescout Connect with us Forescout Technologies is the leader in device visibility and control. Our unified security platform enables enterprises and government agencies to gain complete situational awareness of their extended enterprise environments and orchestrate actions to reduce cyber and operational risk. Forescout products deploy quickly with agentless, real-time discovery and classification, as well as continuous posture assessment. www.forescout.com @Forescout Forescout Technologies

More Related Content

What's hot

Throughwave Day 2015 - ForeScout Automated Security Control
Throughwave Day 2015 - ForeScout Automated Security ControlThroughwave Day 2015 - ForeScout Automated Security Control
Throughwave Day 2015 - ForeScout Automated Security Control
Aruj Thirawat
 
DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (Forescout)
DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (Forescout)DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (Forescout)
DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (Forescout)
Andris Soroka
 
Shining a Light on Shadow Devices
Shining a Light on Shadow DevicesShining a Light on Shadow Devices
Shining a Light on Shadow Devices
Forescout Technologies Inc
 
Top 7 Security Measures for IoT Systems
Top 7 Security Measures for IoT Systems Top 7 Security Measures for IoT Systems
Top 7 Security Measures for IoT Systems
Zoe Gilbert
 
Next-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space AgeNext-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space Age
Block Armour
 
Zero Trust Cybersecurity for Microsoft Azure Cloud
Zero Trust Cybersecurity for Microsoft Azure Cloud Zero Trust Cybersecurity for Microsoft Azure Cloud
Zero Trust Cybersecurity for Microsoft Azure Cloud
Block Armour
 
NAC Solution Taarak
NAC Solution TaarakNAC Solution Taarak
NAC Solution Taarak
Mohit8780
 
Solution: Block Armour Secure Remote Access for WFH
Solution: Block Armour Secure Remote Access for WFHSolution: Block Armour Secure Remote Access for WFH
Solution: Block Armour Secure Remote Access for WFH
Block Armour
 
Block Armour Unified Secure Access Solution (based on Zero Trust principles)
Block Armour Unified Secure Access Solution (based on Zero Trust principles)Block Armour Unified Secure Access Solution (based on Zero Trust principles)
Block Armour Unified Secure Access Solution (based on Zero Trust principles)
Block Armour
 
Network Access Control Market Trends, Technological Analysis and Forecast Rep...
Network Access Control Market Trends, Technological Analysis and Forecast Rep...Network Access Control Market Trends, Technological Analysis and Forecast Rep...
Network Access Control Market Trends, Technological Analysis and Forecast Rep...
natjordan6
 
Iot(security)
Iot(security)Iot(security)
Iot(security)
Shreya Pohekar
 
LIFT OFF 2017: Transforming Security
LIFT OFF 2017: Transforming SecurityLIFT OFF 2017: Transforming Security
LIFT OFF 2017: Transforming Security
Robert Herjavec
 
CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...
CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...
CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...
Block Armour
 
IOT Security
IOT SecurityIOT Security
IOT Security
Sylvain Martinez
 
Securing Smart Cities with Blockchain-enabled Zero Trust Cybersecuity
Securing Smart Cities with Blockchain-enabled Zero Trust CybersecuitySecuring Smart Cities with Blockchain-enabled Zero Trust Cybersecuity
Securing Smart Cities with Blockchain-enabled Zero Trust Cybersecuity
Block Armour
 
IoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalIoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 final
Frank Siepmann
 
Nozomi networks-solution brief
Nozomi networks-solution briefNozomi networks-solution brief
Nozomi networks-solution brief
Nozomi Networks
 
Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18
Nozomi Networks
 
CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2
David Spinks
 
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks
 

What's hot (20)

Throughwave Day 2015 - ForeScout Automated Security Control
Throughwave Day 2015 - ForeScout Automated Security ControlThroughwave Day 2015 - ForeScout Automated Security Control
Throughwave Day 2015 - ForeScout Automated Security Control
 
DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (Forescout)
DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (Forescout)DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (Forescout)
DSS ITSEC Webinars 2013 - Network Access Control + Mobile Security (Forescout)
 
Shining a Light on Shadow Devices
Shining a Light on Shadow DevicesShining a Light on Shadow Devices
Shining a Light on Shadow Devices
 
Top 7 Security Measures for IoT Systems
Top 7 Security Measures for IoT Systems Top 7 Security Measures for IoT Systems
Top 7 Security Measures for IoT Systems
 
Next-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space AgeNext-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space Age
 
Zero Trust Cybersecurity for Microsoft Azure Cloud
Zero Trust Cybersecurity for Microsoft Azure Cloud Zero Trust Cybersecurity for Microsoft Azure Cloud
Zero Trust Cybersecurity for Microsoft Azure Cloud
 
NAC Solution Taarak
NAC Solution TaarakNAC Solution Taarak
NAC Solution Taarak
 
Solution: Block Armour Secure Remote Access for WFH
Solution: Block Armour Secure Remote Access for WFHSolution: Block Armour Secure Remote Access for WFH
Solution: Block Armour Secure Remote Access for WFH
 
Block Armour Unified Secure Access Solution (based on Zero Trust principles)
Block Armour Unified Secure Access Solution (based on Zero Trust principles)Block Armour Unified Secure Access Solution (based on Zero Trust principles)
Block Armour Unified Secure Access Solution (based on Zero Trust principles)
 
Network Access Control Market Trends, Technological Analysis and Forecast Rep...
Network Access Control Market Trends, Technological Analysis and Forecast Rep...Network Access Control Market Trends, Technological Analysis and Forecast Rep...
Network Access Control Market Trends, Technological Analysis and Forecast Rep...
 
Iot(security)
Iot(security)Iot(security)
Iot(security)
 
LIFT OFF 2017: Transforming Security
LIFT OFF 2017: Transforming SecurityLIFT OFF 2017: Transforming Security
LIFT OFF 2017: Transforming Security
 
CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...
CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...
CASE STUDY: How Block Armour enabled secure remote access to on- premise as ...
 
IOT Security
IOT SecurityIOT Security
IOT Security
 
Securing Smart Cities with Blockchain-enabled Zero Trust Cybersecuity
Securing Smart Cities with Blockchain-enabled Zero Trust CybersecuitySecuring Smart Cities with Blockchain-enabled Zero Trust Cybersecuity
Securing Smart Cities with Blockchain-enabled Zero Trust Cybersecuity
 
IoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalIoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 final
 
Nozomi networks-solution brief
Nozomi networks-solution briefNozomi networks-solution brief
Nozomi networks-solution brief
 
Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18Nozomi Fortinet Accelerate18
Nozomi Fortinet Accelerate18
 
CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2CSIRS ICS BCS 2.2
CSIRS ICS BCS 2.2
 
Nozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company IntroductionNozomi Networks Q1_2018 Company Introduction
Nozomi Networks Q1_2018 Company Introduction
 

Similar to Transforming Smart Building Cybersecurity Strategy for the Age of IoT

Development of web-based surveillance system for Internet of Things (IoT) app...
Development of web-based surveillance system for Internet of Things (IoT) app...Development of web-based surveillance system for Internet of Things (IoT) app...
Development of web-based surveillance system for Internet of Things (IoT) app...
journalBEEI
 
IoT Vulnerability Analysis and IOT In security Controls
IoT Vulnerability Analysis and IOT In security ControlsIoT Vulnerability Analysis and IOT In security Controls
IoT Vulnerability Analysis and IOT In security Controls
Jay Nagar
 
Survey of Operating Systems for the IoT Environment
Survey of Operating Systems for the IoT EnvironmentSurvey of Operating Systems for the IoT Environment
Survey of Operating Systems for the IoT Environment
Eswar Publications
 
Io t first(1)
Io t first(1)Io t first(1)
Io t first(1)
MuhammadAbduArRahman
 
Unauthorized Access Detection in IoT using Canary Token Algorithm
Unauthorized Access Detection in IoT using Canary Token AlgorithmUnauthorized Access Detection in IoT using Canary Token Algorithm
Unauthorized Access Detection in IoT using Canary Token Algorithm
IJSRED
 
IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...
IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...
IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...
Seungjoo Kim
 
Backdoor Entry to a Windows Computer
Backdoor Entry to a Windows ComputerBackdoor Entry to a Windows Computer
Backdoor Entry to a Windows Computer
IRJET Journal
 
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
IJCSIS Research Publications
 
What is an IoT Gateway Device & Why It's Important?
What is an IoT Gateway Device & Why It's Important?What is an IoT Gateway Device & Why It's Important?
What is an IoT Gateway Device & Why It's Important?
Embitel Technologies (I) PVT LTD
 
Review of Home Automation Systems and Network Security using IoT
Review of Home Automation Systems and Network Security using IoTReview of Home Automation Systems and Network Security using IoT
Review of Home Automation Systems and Network Security using IoT
ijtsrd
 
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdfNXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
ssuser57b3e5
 
UBIQUITOUS NETWORK TECHNICAL ROOM MONITORING SYSTEM MODEL USING WEB SERVICE
UBIQUITOUS NETWORK TECHNICAL ROOM MONITORING SYSTEM MODEL USING WEB SERVICE UBIQUITOUS NETWORK TECHNICAL ROOM MONITORING SYSTEM MODEL USING WEB SERVICE
UBIQUITOUS NETWORK TECHNICAL ROOM MONITORING SYSTEM MODEL USING WEB SERVICE
cscpconf
 
Supply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoTSupply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoT
Source Code Control Limited
 
Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices
IJECEIAES
 
Showcase poster
Showcase posterShowcase poster
Showcase poster
Christopher Dubois
 
Karsten Held: Internet Of Things (IOT), SmartBuilding & SmartHome Research (J...
Karsten Held: Internet Of Things (IOT), SmartBuilding & SmartHome Research (J...Karsten Held: Internet Of Things (IOT), SmartBuilding & SmartHome Research (J...
Karsten Held: Internet Of Things (IOT), SmartBuilding & SmartHome Research (J...
Karsten Held
 
IoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIoT Security Challenges and Solutions
IoT Security Challenges and Solutions
Intel® Software
 
Drobics trustworthy io-t-for-industrial-applications
Drobics trustworthy io-t-for-industrial-applicationsDrobics trustworthy io-t-for-industrial-applications
Drobics trustworthy io-t-for-industrial-applications
Mario Drobics
 
Aca presentation arm_
Aca presentation arm_Aca presentation arm_
Aca presentation arm_
Mudassar Mehmud
 
IRJET- Home Automation using IoT: Review
IRJET- Home Automation using IoT: ReviewIRJET- Home Automation using IoT: Review
IRJET- Home Automation using IoT: Review
IRJET Journal
 

Similar to Transforming Smart Building Cybersecurity Strategy for the Age of IoT (20)

Development of web-based surveillance system for Internet of Things (IoT) app...
Development of web-based surveillance system for Internet of Things (IoT) app...Development of web-based surveillance system for Internet of Things (IoT) app...
Development of web-based surveillance system for Internet of Things (IoT) app...
 
IoT Vulnerability Analysis and IOT In security Controls
IoT Vulnerability Analysis and IOT In security ControlsIoT Vulnerability Analysis and IOT In security Controls
IoT Vulnerability Analysis and IOT In security Controls
 
Survey of Operating Systems for the IoT Environment
Survey of Operating Systems for the IoT EnvironmentSurvey of Operating Systems for the IoT Environment
Survey of Operating Systems for the IoT Environment
 
Io t first(1)
Io t first(1)Io t first(1)
Io t first(1)
 
Unauthorized Access Detection in IoT using Canary Token Algorithm
Unauthorized Access Detection in IoT using Canary Token AlgorithmUnauthorized Access Detection in IoT using Canary Token Algorithm
Unauthorized Access Detection in IoT using Canary Token Algorithm
 
IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...
IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...
IoT Device Hacking and New Direction of IoT Security Evaluation Using Common ...
 
Backdoor Entry to a Windows Computer
Backdoor Entry to a Windows ComputerBackdoor Entry to a Windows Computer
Backdoor Entry to a Windows Computer
 
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
 
What is an IoT Gateway Device & Why It's Important?
What is an IoT Gateway Device & Why It's Important?What is an IoT Gateway Device & Why It's Important?
What is an IoT Gateway Device & Why It's Important?
 
Review of Home Automation Systems and Network Security using IoT
Review of Home Automation Systems and Network Security using IoTReview of Home Automation Systems and Network Security using IoT
Review of Home Automation Systems and Network Security using IoT
 
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdfNXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
 
UBIQUITOUS NETWORK TECHNICAL ROOM MONITORING SYSTEM MODEL USING WEB SERVICE
UBIQUITOUS NETWORK TECHNICAL ROOM MONITORING SYSTEM MODEL USING WEB SERVICE UBIQUITOUS NETWORK TECHNICAL ROOM MONITORING SYSTEM MODEL USING WEB SERVICE
UBIQUITOUS NETWORK TECHNICAL ROOM MONITORING SYSTEM MODEL USING WEB SERVICE
 
Supply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoTSupply Chain Security and Compliance for Embedded Devices & IoT
Supply Chain Security and Compliance for Embedded Devices & IoT
 
Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices Augmentation of a SCADA based firewall against foreign hacking devices
Augmentation of a SCADA based firewall against foreign hacking devices
 
Showcase poster
Showcase posterShowcase poster
Showcase poster
 
Karsten Held: Internet Of Things (IOT), SmartBuilding & SmartHome Research (J...
Karsten Held: Internet Of Things (IOT), SmartBuilding & SmartHome Research (J...Karsten Held: Internet Of Things (IOT), SmartBuilding & SmartHome Research (J...
Karsten Held: Internet Of Things (IOT), SmartBuilding & SmartHome Research (J...
 
IoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIoT Security Challenges and Solutions
IoT Security Challenges and Solutions
 
Drobics trustworthy io-t-for-industrial-applications
Drobics trustworthy io-t-for-industrial-applicationsDrobics trustworthy io-t-for-industrial-applications
Drobics trustworthy io-t-for-industrial-applications
 
Aca presentation arm_
Aca presentation arm_Aca presentation arm_
Aca presentation arm_
 
IRJET- Home Automation using IoT: Review
IRJET- Home Automation using IoT: ReviewIRJET- Home Automation using IoT: Review
IRJET- Home Automation using IoT: Review
 

Recently uploaded

find out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challengesfind out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challenges
huseindihon
 
Cookies program to display the information though cookie creation
Cookies program to display the information though cookie creationCookies program to display the information though cookie creation
Cookies program to display the information though cookie creation
shanthidl1
 
7 Most Powerful Solar Storms in the History of Earth.pdf
7 Most Powerful Solar Storms in the History of Earth.pdf7 Most Powerful Solar Storms in the History of Earth.pdf
7 Most Powerful Solar Storms in the History of Earth.pdf
Enterprise Wired
 
Implementations of Fused Deposition Modeling in real world
Implementations of Fused Deposition Modeling in real worldImplementations of Fused Deposition Modeling in real world
Implementations of Fused Deposition Modeling in real world
Emerging Tech
 
Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...
Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...
Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...
Erasmo Purificato
 
How Social Media Hackers Help You to See Your Wife's Message.pdf
How Social Media Hackers Help You to See Your Wife's Message.pdfHow Social Media Hackers Help You to See Your Wife's Message.pdf
How Social Media Hackers Help You to See Your Wife's Message.pdf
HackersList
 
Quality Patents: Patents That Stand the Test of Time
Quality Patents: Patents That Stand the Test of TimeQuality Patents: Patents That Stand the Test of Time
Quality Patents: Patents That Stand the Test of Time
Aurora Consulting
 
論文紹介:A Systematic Survey of Prompt Engineering on Vision-Language Foundation ...
論文紹介:A Systematic Survey of Prompt Engineering on Vision-Language Foundation ...論文紹介:A Systematic Survey of Prompt Engineering on Vision-Language Foundation ...
論文紹介:A Systematic Survey of Prompt Engineering on Vision-Language Foundation ...
Toru Tamaki
 
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptxRPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
SynapseIndia
 
Pigging Solutions Sustainability brochure.pdf
Pigging Solutions Sustainability brochure.pdfPigging Solutions Sustainability brochure.pdf
Pigging Solutions Sustainability brochure.pdf
Pigging Solutions
 
Research Directions for Cross Reality Interfaces
Research Directions for Cross Reality InterfacesResearch Directions for Cross Reality Interfaces
Research Directions for Cross Reality Interfaces
Mark Billinghurst
 
Coordinate Systems in FME 101 - Webinar Slides
Coordinate Systems in FME 101 - Webinar SlidesCoordinate Systems in FME 101 - Webinar Slides
Coordinate Systems in FME 101 - Webinar Slides
Safe Software
 
The Rise of Supernetwork Data Intensive Computing
The Rise of Supernetwork Data Intensive ComputingThe Rise of Supernetwork Data Intensive Computing
The Rise of Supernetwork Data Intensive Computing
Larry Smarr
 
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdfBT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
Neo4j
 
Fluttercon 2024: Showing that you care about security - OpenSSF Scorecards fo...
Fluttercon 2024: Showing that you care about security - OpenSSF Scorecards fo...Fluttercon 2024: Showing that you care about security - OpenSSF Scorecards fo...
Fluttercon 2024: Showing that you care about security - OpenSSF Scorecards fo...
Chris Swan
 
Best Programming Language for Civil Engineers
Best Programming Language for Civil EngineersBest Programming Language for Civil Engineers
Best Programming Language for Civil Engineers
Awais Yaseen
 
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
Kief Morris
 
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdfWhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
ArgaBisma
 
Password Rotation in 2024 is still Relevant
Password Rotation in 2024 is still RelevantPassword Rotation in 2024 is still Relevant
Password Rotation in 2024 is still Relevant
Bert Blevins
 
DealBook of Ukraine: 2024 edition
DealBook of Ukraine: 2024 editionDealBook of Ukraine: 2024 edition
DealBook of Ukraine: 2024 edition
Yevgen Sysoyev
 

Recently uploaded (20)

find out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challengesfind out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challenges
 
Cookies program to display the information though cookie creation
Cookies program to display the information though cookie creationCookies program to display the information though cookie creation
Cookies program to display the information though cookie creation
 
7 Most Powerful Solar Storms in the History of Earth.pdf
7 Most Powerful Solar Storms in the History of Earth.pdf7 Most Powerful Solar Storms in the History of Earth.pdf
7 Most Powerful Solar Storms in the History of Earth.pdf
 
Implementations of Fused Deposition Modeling in real world
Implementations of Fused Deposition Modeling in real worldImplementations of Fused Deposition Modeling in real world
Implementations of Fused Deposition Modeling in real world
 
Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...
Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...
Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...
 
How Social Media Hackers Help You to See Your Wife's Message.pdf
How Social Media Hackers Help You to See Your Wife's Message.pdfHow Social Media Hackers Help You to See Your Wife's Message.pdf
How Social Media Hackers Help You to See Your Wife's Message.pdf
 
Quality Patents: Patents That Stand the Test of Time
Quality Patents: Patents That Stand the Test of TimeQuality Patents: Patents That Stand the Test of Time
Quality Patents: Patents That Stand the Test of Time
 
論文紹介:A Systematic Survey of Prompt Engineering on Vision-Language Foundation ...
論文紹介:A Systematic Survey of Prompt Engineering on Vision-Language Foundation ...論文紹介:A Systematic Survey of Prompt Engineering on Vision-Language Foundation ...
論文紹介:A Systematic Survey of Prompt Engineering on Vision-Language Foundation ...
 
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptxRPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx
 
Pigging Solutions Sustainability brochure.pdf
Pigging Solutions Sustainability brochure.pdfPigging Solutions Sustainability brochure.pdf
Pigging Solutions Sustainability brochure.pdf
 
Research Directions for Cross Reality Interfaces
Research Directions for Cross Reality InterfacesResearch Directions for Cross Reality Interfaces
Research Directions for Cross Reality Interfaces
 
Coordinate Systems in FME 101 - Webinar Slides
Coordinate Systems in FME 101 - Webinar SlidesCoordinate Systems in FME 101 - Webinar Slides
Coordinate Systems in FME 101 - Webinar Slides
 
The Rise of Supernetwork Data Intensive Computing
The Rise of Supernetwork Data Intensive ComputingThe Rise of Supernetwork Data Intensive Computing
The Rise of Supernetwork Data Intensive Computing
 
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdfBT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf
 
Fluttercon 2024: Showing that you care about security - OpenSSF Scorecards fo...
Fluttercon 2024: Showing that you care about security - OpenSSF Scorecards fo...Fluttercon 2024: Showing that you care about security - OpenSSF Scorecards fo...
Fluttercon 2024: Showing that you care about security - OpenSSF Scorecards fo...
 
Best Programming Language for Civil Engineers
Best Programming Language for Civil EngineersBest Programming Language for Civil Engineers
Best Programming Language for Civil Engineers
 
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf
 
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdfWhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
WhatsApp Image 2024-03-27 at 08.19.52_bfd93109.pdf
 
Password Rotation in 2024 is still Relevant
Password Rotation in 2024 is still RelevantPassword Rotation in 2024 is still Relevant
Password Rotation in 2024 is still Relevant
 
DealBook of Ukraine: 2024 edition
DealBook of Ukraine: 2024 editionDealBook of Ukraine: 2024 edition
DealBook of Ukraine: 2024 edition
 

Transforming Smart Building Cybersecurity Strategy for the Age of IoT

  • 1. RISE OF THE MACHINES Transforming Cybersecurity Strategy for the Age of IoT This report from the Forescout Research Team explores how IoT devices can be leveraged by attackers in a building’s network, where legacy OT assets, IT systems and IoT devices all intersect. 
  • 2. 2 [1] ABI Research, Internet of Everything Market Tracker, QTR 3, 2018 [2] M. Hung, “Leading the IoT: Gartner Insights on How to Lead in a Connected World,” Gartner, 2017. [Online]. Available: https://www.gartner.com/imagesrv/books/iot/iotEbook_ digital.pdf 2 New Risks from IoT Devices The number of IoT devices in organizational networks is rapidly increasing. These devices are mostly unmanaged, come from a multitude of vendors, use non-standard operating systems, support a diversity of (often insecure) protocols and may dynamically connect to other devices inside or outside the organization’s network. The IoT has already experienced significant growth in the past decade and is expected to reach more than 30 billion connected devices by 2022[1] BY 2020, more than 25% of identified attacks in enterprises will involve the IoT [2]
  • 3. 3 The Internet of Things (IoT) in a Smart Building Consumer-grade IoT devices are entering, and reshaping, the building automation industry. Below is an illustration of IoT devices found within a typical smart building network and how these systems communicate with one another. Workstations IoT Platform Building Management Workstations VIDEO SURVEILLANCE SYSTEM ACCESS CONTROL SYSTEM SMART LIGHTING SYSTEMIoT SYSTEM HVAC SYSTEM IP Camera Building Controller Building Controller Lighting Bridge Smart TV IoT Gateway IoT Gateway NVR Wearable Medical Device Smart Plug Sensor Display Badge Reader Door Lock Thermostat Fan Smart Light Motion Sensor Network Switch TYPICAL SMART BUILDING NETWORK
  • 4. 4 Smart Buildings: Where OT, IT and IoT All Intersect To better understand the current risk landscape for smart buildings and its implications, the Forescout Research Team investigated how video surveillance systems (VSS), smart lighting systems, and other IoT devices could be used by cyber criminals to infiltrate a building network. Video Surveillance System (VSS) Smart Lighting System IoT System
  • 5. Key Findings How the IoT impacts the cybersecurity landscape for today’s organizations, focusing on the interplay between IoT and legacy OT devices The abuse of a smart building network by exploiting vulnerabilities in a VSS, Philips Hue and the MQTT protocol in a lab setting Specific security challenges from the vulnerabilities in devices like video surveillance systems (VSS), smart lighting systems and IoT systems What organizations can do to reduce risk and better protect their enterprise networks in the age of IoT 5
  • 6. 6 Security Challenges of IoT Devices​ IoT systems, including devices, gateways, and platforms, are notoriously vulnerable to cyberattacks. Attacks against these systems could include: • Exploitation of default or weak credentials: This is notoriously common and simple way for a hacker to gain access to a device or network.​ • Web application and API attacks: This category encompasses methods like database and command injections, directory traversal, and cross-site scripting. These represent the low-hanging fruit for an attacker targeting an IoT device and can be performed in a semi- automatic fashion using available open source tools. ​ • Lower-level exploits: This method targets firmware using tactics like a buffer overflow or memory corruption issues to disable the device or allow arbitrary code execution. ​ • Protocol-based attacks: Attackers can use these to exploit vulnerabilities like the lack of authentication, encryption, and integrity validation to sniff and exfiltrate or tamper with sensitive data. [1]​ [1] Forescout, Rise of the Machines: Transforming Cybersecurity Strategy for the Age of IoT, 2019: https://www.forescout.com/places-in-network/building-automation-system-bas/trans- forming-cybersecurity-strategy-for-the-iot/
  • 7. 7 3 Simple Strategies to Tear Down a Building Network​ To demonstrate how an attacker would exploit vulnerabilities to enter a smart building network using IoT devices, the Forescout team’s lab setup included three systems, video surveillance, smart lighting, and an IoT system. ​ Network Switch AttackerInternet SMART LIGHTING SYSTEMIoT SYSTEM VIDEO SURVEILLANCE SYSTEM IP Camera IP Camera IP Camera IoT Gateway Lighting Bridge Smart Light Motion Sensor Smart Light LAB SETUP
  • 8. 8 Strategy 1: Video Surveillance Systems The precursors of modern video surveillance systems (VSS) were closed-circuit television (CCTV) systems that use analog signals and coax cables to communicate in a closed network. As technology advanced, digital cameras supporting IP communication were integrated into VSSs. Today, many buildings have a hybrid VSS architecture that is quite complex, containing a variety of legacy and new systems.​ Switches / Routers Analog CameraI P Camera (with VMS) Video Encoder DVR NVR IP Camera (with VMS) Analog Camera Analog Camera Analog Camera Analog Camera IP Camera IP Camera IP CameraVideo Decoder MonitorL ocal Server Local Monitoring PC Remote Monitoring PC Remote Server Internet
  • 9. 9 Video Surveillance Systems: The Protocols​ RTSP RTP 9 • Real-time Transport Protocol, usually over UDP​ • Designed for real-time transfer of audio and video data​ • Unidirectional from server (camera) to client (NVR)​ • Secure version SRTP available, but rarely used​ • Real Time Streaming Protocol, usually over TCP​ • Very similar to HTTP​ • Designed to control stream parameters, not deliver the data​ • RTSP communication mandatory before starting to stream​
  • 10. 1010 Video Surveillance Systems: The Vulnerabilities​ Some of the vulnerabilities found in many VSS commonly used in large organizations were:​ Use of unencrypted video streams via RTP/RTSP​ Unwanted communication links between the IT network and the VSS caused by firewall misconfiguration​ Unwanted services and insecure protocols enabled, including FTP and UPnP Weak passwords to access IP cameras Vulnerable cameras [1]​ [1] Forescout, Rise of the Machines: Transforming Cybersecurity Strategy for the Age of IoT, 2019: https://www.forescout.com/places-in-network/building-automation-system-bas/ transforming-cybersecurity-strategy-for-the-iot/
  • 11. 11 Video Surveillance Systems: The Attacks​ Assuming a man-in-the-middle attacker (an attacker inside the network that can sniff and, when necessary, modify packets), the Forescout team successfully carried out two attacks: denial of service and footage replay.​ Denial of service Footage replayLAB
  • 12. 12 Anatomy of the Footage Replay Attack ​ 1. Establish a man in the middle 2. Eavesdrop the traffic and record the video footage 3. Replace RTSP command <get param> with <teardown> 4. Replay the pre-captured stream to the NVR
  • 13. 13 Strategy 2: Smart Lighting Smart lighting systems are connected to a network, which allows them to be monitored and controlled from a central system or via the cloud. For this experiment, the Forescout Research Team used a Philips Hue.​ ​ Wi-Fi Network ZigBee Network Philip Hue System Wi-Fi Router Hue Bridge Smart Light Motion SensorSmart Light
  • 14. 14 Smart Lighting: The Vulnerabilities​ • The Philips Hue uses a dedicated bridge device that connects all lights on its own network. ​ • In order to work with remote systems, the bridge must be connected to a Wi-Fi router, providing a potential network entry point for a malicious actor.​ Wi-Fi Network ZigBee Network Philip Hue System Wi-Fi Router Hue Bridge Smart Light Motion SensorSmart Light
  • 15. 15 Attacking The Philips Hue​ The Philips Hue supports an API that allows a user to interact with a bridge, and therefore the lights, using RESTful HTTP requests. [1]​ Using this API, the Forescout team devised and implemented two types of attacks with a physical consequence: denial of service by switching off the lights and a platform reconfiguration. [1] PenTestPartners, “Hijacking Philips Hue,” [Online]. Available: https://www.pentestpartners.com/security-blog/hijacking-philips-hue/.​ Denial of service Platform reconfiguration LAB
  • 16. 16 Anatomy of the Attacks 1. Sniff a valid API token transmitted in cleartext HTTP 2. Send an HTTP PUT request with the sniffed token and the “off” command:​ PUT http://<bridge_addr>/api/<token>/lights/<number>/state {“on”:false} 3. Automate the request above via script for lights continuously off 4. Optional: use the same valid token to reconfigure the platform and use it as an entry point into the network:​ PUT http://<bridge_addr>/api/<token>/config {“ipaddress”:<ip_addr>, “dhcp”:false, “netmask”:<netmask>, “gateway”:<gtw>} ​
  • 17. 17 Strategy 3: IoT System​ When planning their attack on the IoT system, the Forescout Research Team decided to focus on the messaging (application) layer, specifically on the most widely used protocol in IoT systems, MQTT. [1]​ Publisher Publisher MQTT Broker Subscriber Subscriber MQTT [1] Eclipse IoT Working Group, AGILE IoT, IEEE, and Open Mobile Alliance, “IoT Developer Survey 2018,” 2018. [Online]. Available: https://iot.eclipse.org/resources/iot-developer-survey/ iot-developer-survey-2018.pdf.​
  • 18. 1818 The Vulnerabilities: MQTT​ • MQTT is an M2M connectivity protocol, designed to be lightweight, and is therefore unencrypted.​ • Because of this, it’s highly recommended to use an encrypted transport layer security (TLS) stream on MQTT communications, since unencrypted traffic may disclose sensitive information, including topics, values of data points or even credentials. • However, there are thousands of MQTT servers not using TLS, disclosing sensitive information, as well as allowing remote control, to any client who remotely subscribes to a topic. [1] [2]​ [1] V. Pasknel, “Hacking the IoT with MQTT,” 2017. [Online]. Available: https://morphuslabs.com/hacking-the-iot-with-mqtt-8edaf0d07b9b.​ [2] M. Hron, “Are smart homes vulnerable to hacking?,” Avast, 2018. [Online]. Available: https://blog.avast.com/mqtt-vulnerabilities-hacking-smart-homes.​
  • 19. 19 Exploiting MQTT​ Like the attacks on the video surveillance system, for the case of the IoT system, the Forescout Research Team leveraged a protocol (MQTT), rather than specific devices. Using this method, they devised and implemented two types of attacks: information gathering and denial of service. ​ Information gathering Denial of serviceLAB
  • 20. 20 MQTT: Anatomy of the Attacks​ Information gathering: An attacker can gather information about the IoT network, such as available assets and their ​location, configuration information or even sensitive information like credentials by either passively sniffing traffic or ​ subscribing to interesting topics and receiving published messages. ​ Denial of service: An attacker can flood a broker with connection attempts or heavy payloads, which can be amplified by requiring a higher Quality-of-Service level in the protocol.​
  • 21. 21 CONCLUSION In the age of IoT, legacy security solutions like endpoint agents, antivirus, and traditional IT intrusion detection systems are not enough because either they are unsupported by embedded devices or they are incapable of understanding the network traffic generated by these devices. ​ ​Organizations need to implement solutions that empower them with fully automated visibility and control across their entire enterprise.​ Cybersecurity Strategy Fully automated complete visibility Operational Technology Campus Data Center and Cloud IoT 21
  • 22. 2222 This presentation is a brief summary of an in-depth research report detailing the growth of IoT, possible business risks and cybersecurity strategy planning. ​ ​ Download the “Rise of the Machines: Transforming Cybersecurity Strategy for the Age of IoT” report from the Forescout Research Team to learn more.​ READ THE FULL REPORT Still Curious?
  • 23. 23 About the Researchers Daniel dos Santos holds a PhD in computer science from the University of Trento and has experience in security consulting and research. He is a researcher at Forescout, focusing on vulnerability research and the development of innovative features for SilentDefense.​ Mario Dagrada holds a PhD in computational physics from the University Pierre Marie Curie in Paris and has experience in high performance software development, security and research. He is a researcher at Forescout, focusing on medical device security and the development of innovative features for SilentDefense.​ Michael Yeh holds a joint master’s degree in cybersecurity from the Technical University of Eindhoven and the Radboud University. He worked as an intern at Forescout during the development of this research project.​ Martín Pérez Rodríguez has studied Computer Science & Engineering at the Universidad Politécnica de Madrid and the Technical University of Eindhoven. After his internship, he started working as a DevOps Engineer at Forescout.​ Elisa Costante Elisa Costante holds a PhD in computer science from the Eindhoven University of Technology. She is an expert in IT and OT security and privacy. As director of the Industrial and OT Innovation Technology at Forescout, she drives the execution of pioneering theoretical and experimental work addressing the cyber security challenges posed by the IT/OT convergence. Her tasks include the generation of original content to boost awareness and thought leadership and the identification, building and testing of prototypes for innovative products and services in line with the overall product strategy.
  • 24. 24 About Forescout Connect with us Forescout Technologies is the leader in device visibility and control. Our unified security platform enables enterprises and government agencies to gain complete situational awareness of their extended enterprise environments and orchestrate actions to reduce cyber and operational risk. Forescout products deploy quickly with agentless, real-time discovery and classification, as well as continuous posture assessment. www.forescout.com @Forescout Forescout Technologies