Internet of Things Security | Ken Munro | TEDxDornbirn

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] hi my name's Ken and I am a security researcher an ethical hacker if you like and we're the good guys another job is to carry out there and break things to make them better now I'm gonna be talking today about the Internet of Things and by that I mean the smart tech in your your home so your smart thermostats your smart door lock maybe or perhaps your Smart vehicle but unfortunately security and the internet things aren't often found in the same place they're really vulnerable and we see huge problems with people's personal data their privacy being invaded and maybe even their data being locked up and encrypted because IOT manufacturers don't spend enough time looking at security now don't get me wrong I think IOT the Internet of Things has a huge benefits to us I think we can be more beneficial with the use of our resources with smart thermostats and smart control of our heating I think medical advances using continuous monitoring with IOT fantastic and also assisted living for the elderly brilliant IOT can bring all those but unfortunately it's not safe until it's secure now my job what I get to do I get to break smart things I love my job because I get to take things apart and break them make them better and I don't always have to put them back together again either which is great a project we're doing right now we're working on a Tesla Model S for our own interest so we've got a hold of a vehicle very expensive vehicle seventy thousand pounds and we took it apart and we found lots of fun things which I'll publish later on in the year but then we put it back together and my colleagues said it's all fine can you can drive it it's good just watch out for the brakes okay now most of the time organizations bring us stuff so we can break it we can help them make it better but sometimes we do work on our own back so we buy our own technology and start taking it apart to see what we can find and that's what I'm going to share with you today got lots of examples of some really not quite so smart things now this is the first one I'd like to introduce you it's actually inside my kettle don't worry we'll see if we can find it this is a smart fingerprint padlock now I think the idea of a smart padlock is great because how often do you go around looking for your keys and you can't find them well I lose my keys I forget my keys but I don't forget my fingers very often I usually have those with me and this is a cool idea it's a cap lock it's a fingerprint padlock the idea you put your finger on there and it unlocks brilliant absolutely fantastic now a youtuber found an issue with this they discovered that with enough force you could actually unscrew the back of the lock and open it and it turned out it was a manufacturing flaw in one lock it was just one issue with one of them but we were interested we wanted to know are there more problems so we bought some and I discovered that it doesn't just open from your finger you can also use bluetooth so you can get hold of your smartphone and one of my colleagues noticed that he could actually pick up an unlock the lock to order and here's how he did it he looked at the mobile app he took it apart he reverse engineered it to understand how it worked and then there he discovered it needed a key it need an electronic key to unlock this device but the key to unlock it was the Bluetooth ID of the lock the Bluetooth MAC address it's the one thing that is sent out by this lock it's a bit like leaving the keys to your lock next to it it's unbelievable we videoed it here so with something as simple as a phone or a laptop you could unlock any lock to order there it goes it unlocks we've now got that attack so fast we can do it in less than 0.8 of a second that's crazy right but then it got worse because what chance I'm going to find one of these and another cool researcher a guy called Vangelis Dickus looked at the cloud service at the mobile app talked to and realize that you could discover from that where all the locks were he could pull your address so now you had the perfect ticket to find out where the locks were and on than to order that's crazy really crazy this is a interesting product it was um funded part funded through a TV show called dragons down in Canada it like the shark tank in the USA but some I think their backers might have some questions now have a next place your home Wi-Fi you have a Wi-Fi password right now if I can get hold of that password if a hacker can get hold of that password they can get on your Wi-Fi network and they can start to listen and intercept and redirect the data so the data you're sending to social networks may be the data you're sending to your bank so how could I owe two litre problems like that well I want to introduce what the very first IOT device I ever looked at and this is my Wi-Fi kettle anyone got a Wi-Fi kettle no you need one that great the idea is you put it in your kitchen you leave it in the kitchen then you get your cell phone you go to bed and you wake up in the morning you press the button on the app and by the time you get to your kitchen you've got a kettle full of boiling water Wow saving you 30 seconds of your day 100 pounds now I looked at this with some of my colleagues I thought I wonder cannot be secured and I thought I'd show you how we went about hacking it so the first thing I needed to do was connect to it and we discovered you connect to the kettle over Wi-Fi but it's okay it's got a password now without the password I can't go any further I'm stuck but I thought I wonder what we can do so we took the kettle apart and then there we found some chips and that's the manual for the chips I thought I wonder why don't we have a little look through the manual for the chips for the word password and there we go system password is six zeros surely hacking is more difficult than this right so one two three four five six Wow now I'm talking kettle excellent but I still haven't achieved anything I haven't done anything yet so I then read further in the manual we reverse engineer the mobile app and we discovered a command that scared me we discovered you could do this I could recover your Wi-Fi password from your kettle so now I'm on your home Wi-Fi network I can listen to everything you're doing it I can redirect your passwords your data steal things everything just because you wanted to boil your kettle from your bed but again it's this wasn't the end of it it still got worse there's a feature of Wi-Fi a large number of really cool security researchers have put together a project called wardriving where they drive around listening to all the Wi-Fi networks out there and then they map them and as a result of that you can go and query their databases and their searches for the addresses of certain Wi-Fi devices so there are the kettle's in the west of London so I can now know where I have to go to hack someone's house and get their Wi-Fi key crazy now in fairness the manufacturers has now got their security in hand they're doing a good job and their latest product the kettle's 3.0 you're actually really secure so they got there in the end but it was such a shame that they have the security issues along the way so if you want to boil water remotely that's the way to do it cool now another error look at an area that really bothers me is that around smart toys every holiday season we see more smart technology coming to market and unfortunately the security of those toys is often appalling and this is my favorite IOT device this is my friend Kayla Kayla she's awesome she's an interactive speaking kids doll she has a microphone in the speaker she can speak to your smartphone over Bluetooth so all the processing goes on over here and she can listen to what your kids are saying and she can respond to their questions he's interactive she's really cool now how does she work while Kayla is awesome microphone speaker bluetooth she is a hands-free headset you can make telephone calls on the doll if you wish you get some very weird looks and as I'm sure you know it's it's illegal to drive with your phone to your ear but not with adult your ear so I understand so yeah we'll come back to her but what interested me first was that when I saw her in the store there were some logos in the boxer said Internet safe child friendly well that's a big claim to make that's a red rag to me the ethical hacker and also suggested that if you swore at the doll she would not reply to the child and tell him to go and speak to their parents I thought I wonder could I make this thing sweat oh no now the bit that I found creepy was when you connect your smartphone to your vehicle you have to put in a pin right and that sets up a type of frequency hopping which gives you security however when you connect your phone to the doll there is no pin which means that anyone in Bluetooth range so 30 40 50 meters can connect to the Charles doll microphone speaker which means that someone outside on the street or in the next house can listen to the microphone and spy on your kids or can talk to them as well and I find that really really creepy now in terms of swear we had some fun we look to see how she swore don't worry I'm not going to embarrass you and we discovered a database in the mobile app of 1536 really good swear words so he deleted them and now she swears like a docker but that's just really creepy we'll come back to Kayla in a bit the next part I want to go to is around home video now this is a wireless home security camera it's really cool it's battery operated and it has a really good battery life and you can stick it in your house or you can stick it in them outside your home and you can see your house and your security cameras remotely from your phone and unfortunately we found some security flaws with it that when you access the cloud service that the mobile the mobile phones hooks do and interacts with the the cameras unfortunately you can switch it to someone else's cameras just by messing around with the camera IDs and you can see someone else's footage it's got a microphone - so you can listen as well now the good news about this one is it got fixed very quickly the manufacturer was really responsive and they fixed it really fast which is great but this products been on the market for about nine months it was only us coming along that resulted in the vulnerability being found and I think that's really worrying now that's a wireless camera this one is slightly different this is a wide security camera it takes power and it sends its feed not over Wi-Fi but over a cable and it goes to a recorder called a digital video recorder and these are many of many DS around the world in offices in homes and a computer hacker found a vulnerability in the recorders and he realized they could connect to them all and make them all start attacking other websites nearly 300-thousand IOT digital video recorders started attacking various social networks in October 2016 they took it offline they took Twitter offline for two hours I didn't know what to do crazy so we have weapons from the IOT in our house now maybe you've been unlucky maybe you've had data held to ransom maybe your photographs your family photographs have been encrypted by bad guys and held to ransom now we wanted to explore whether it was possible to hold IOT to ransom and we started off by looking at a smart thermostat this is a brand that's quite popular over over in the US started looking at his security to understand how it worked and the first thing we did is we got the code out of the chips it's called firmware and we analyzed that to see if there are any security flaws in there but along the way we found some crazy stuff one of the routines that deals with making an encrypted SSL connection so HTTPS the padlock the developer called the state on the routine this the unhandled SSL bleep status this is production product but it also has the facility for you to upload family photographs to act as a a wallpaper so you can have photos of your family and kids on the thermostat and the process that deals with that was called son of a mode wow this is production product out there in people's homes and that's how weird the code was we found a bunch of security flaws unsurprisingly this code was so oddly put together with so many weird references and we discovered we could actually hold someone's thermostat their heating in the air-conditioning to ransom now that was a bit silly so why would you encrypt someone's thermostat fine but what if that was your vehicle and your vehicle wouldn't start unless you paid a ransom this is all very possible and that's what really worries me about the state of IOT right now it's really quite concerning but then I realized the same attack could do something really nasty the problem with IOT it's not your I Oh T it's everyone's IOT has all got the same problem so every instance of that thermostat could be used by a hacker what if they could trigger everyone's heating or air cooling at the same time you can create spikes on the power grid it doesn't take very much to trip a power cut so our desire to put smart technology in our houses as inadvertently exposed the stability of our nation's I think that's really worrying there is some good news not very much there's been some good efforts to try and get vulnerable poor insecure IOT banned and some work by the Norwegian consumers Council and also the European consumer organization resulted in my friend Kayla being withdrawn from sale in numerous European countries a German privacy lawyer successfully got Kayla banned in Germany for breaking a couple of laws which is why I had to fly here vis Eirik not munich so she's been withdrawn from sale from numerous places unfortunately progress by governments is slow on the left there was a really good bill put forward in the US Senate it's still in committee stage I haven't heard anything more about it in the past year but it's a start it's about trying to regulate certain standards for the US government buying smart technology and I'm really sad to say that the EU was making great progress with this but just last week I believe their new standards for IOT security have now been agreed to be voluntary for consumer IOT I think that's a real shame and I think we can do best from that what about you though what about us what can we do how can we improve things well there are some things that we can all do and the first thing I want you all to do is go and actually fix yourselves you don't need to be a cool hacker to hack people if your passwords are weak easy to guess or blank or the default one make them long and strong use a password manager make sure the pins on your mobile phones aren't four digits makes you a less six or eight and then patches apply patches to your phones and your computers to make them stay secure and the next thing I ot you can put it on a separate network at home if you don't know how to do that go and read up if you don't want to do that don't buy IOT let's be safe but I think also as consumers we can make a difference too if we don't buy product that we're not sure about the security of we're going to force the hands of manufacturers directionally prove it's secure and make it safe for us the problem is this there are far too many IOT products out there there aren't enough organizations and people like me out there doing research and exposing it's poor practice and there are very few IT vendors actually care about security there are some good examples but by and large I security is really poor and sadly I think we have to face it is there is a serious problem with security and IOT the point I think we almost need to be afraid of IOT thank you [Applause] [Music]

Info

Channel: TEDx Talks

Views: 79,729

Rating: 4.927526 out of 5

Keywords: TEDxTalks, English, Technology, Coding, Cyber, Data, Digital, Education, Fear, Future, Hack, Ideas, Innovation, Intelligence, Internet, Research, Security, Smartphone, Software

Id: pGtnC1jKpMg

Channel Id: undefined

Length: 17min 8sec (1028 seconds)

Published: Thu Sep 20 2018