SlideShare a Scribd company logo

IoT-Home fails

OMM Solutions GmbH
OMM Solutions GmbH

This document summarizes a talk on how home IoT devices often fail to secure user data properly. It provides examples of toys, appliances, locks, medical devices, cameras, and guns that have been hacked, with some hacked using simple methods. Specific examples discussed include a connected doll that can pair with any device nearby, a cloud-based teddy bear service where 800,000 customers' data was leaked, pacemakers that can be hacked within 3 meters, and smart locks and guns that can be unlocked with cheap tools or magnets. The document warns that nearly every IoT device category has been hacked and many are far less secure than computers.

Technology
1 of 16
Download to read offline
www.tech-talks.eu OMM Solutions TECHtalks #20 1< OMM Solutions GmbH >
www.tech-talks.eu Einmal im Monat ist TECHtalk Zeit! First come first served! < OMM Solutions GmbH > 2
www.tech-talks.eu Talk: Home IoT Fails - How to NOT secure a device. Or: Why you probably shouldn’t buy just any “smart device” Speaker: Olaf Horstmann 3< OMM Solutions GmbH >
www.tech-talks.eu What is IoT? 4 Quelle: https://www.youtube.com/watch?v=v2kV6pgJxuo
www.tech-talks.eu • 26 bn connected devices (75 bn until 2025) • estimations are, that at least 50-60% can be hacked with simple methods and ready-to-buy tools/hardware … and not very secure IoT is already massive … 5 Quelle: https://www.statista.com/statistics/471264/iot-number- of-connected-devices-worldwide/
www.tech-talks.eu • the doll contains a microphone and a speaker • once the original paired device is out of range or turned off, any other device and pair with Cayla • we’d barely call this “hacking”, more like “insecurely implemented” … is not so loyal once the owner is out of sight My friend Cayla 6 Quelle: https://www.cleankids.de/wp-content/uploads/2017/02/rofu1-17 4x300.jpg
www.tech-talks.eu • Database was hacked in 2017 • userdata of 800.000 customers leaked • including custom voice-messages between parents and their children CloudPets 7 Quelle: https://www.idgcdn.com.au/article/images/740x500/dimg/scree n-shot-2017-02-27-at-43408-pm-100710841-orig.jpg
www.tech-talks.eu Merlin@Home • device is used to wirelessly monitor the pacemaker and transmit data to the physician • attackers could connect to the pacemaker within a 3 meter radius • 465.000 devices affected • can be patched via software, but must be done in the doctors office • even with a chance of only 0.001% risk of complications (hypothetical number) there are 5 people that might suffer consequences Even pacemakers are connected today 8 Quelle: http://professional.sjm.com/~/media/galaxy/hcp/featured-produ cts/crm/merlin-at-home-transmitter/merlin-at-home-1.jpg
www.tech-talks.eu Smart Locks 9 Secure locks are rare • 12 of 16 tested locks insecure • can be “hacked” in 2 seconds with an Android-App • can be opened with a screwdriver • signal can be recorded and replayed at any time (basically a 1990s garage opener insecurity) • there are secure locks, but they are rare Quelle: https://your-smarthome.com/blog/wp-content/uploads/2016/11/ Goji-T%C3%BCrschloss-150x150.jpg
www.tech-talks.eu • the gun was developed to be only usable when wearing the smart wristband • the gun can also be “unlocked”(“hacked”) with a 10€ magnet … outsmarted with a cheap magnet Smart Gun … 10 Quelle: https://static.designboom.com/wp-content/uploads/2014/02/sm artwatch-controlled-pistol-designboom05.jpg https://scr3.golem.de/screenshots/1402/Armatix-iP1/thumb620 /80d17cd287.jpg
www.tech-talks.eu • between 600.000 and 2.5mil infected devices* (mostly CCTV Cameras and DVRs) • used to create DDoS** attacks in 2016 with traffic-spikes of up to 1.2Tbps (~150GB of data or ~25h of 4K video / second) • allegedly created by the owner of a DDoS Mitigation Company to “boost his business” probably the best known quantitative attack Mirai Botnet 11 *https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-antonakakis.pdf, https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mirai-botnet-creates-army-iot-orcs/ **DDoS (Distributed Denial of Service): Many single devices try to connect to a central service (e.g. omm-solutions.de -> that services will go offline due to the high load Quelle: https://www.incapsula.com/blog/wp-content/uploads/2016/10/ mirai-botnet-map.png
www.tech-talks.eu Sadly but true • there has been no device category yet, that has not yet been hacked • children’s toys • appliances • tools • locks • medical devices • cameras • guns • bedroom/adult toys • smart tvs • computers are still not top secured, but IoT devices are way easier to “hack” In essence 12
www.tech-talks.eu • There are tons of unsecured cameras openly accessible on the web • http://www.insecam.org/ Security Cameras 13
www.tech-talks.eu Vielen Dank für Eure Aufmerksamkeit! 14< OMM Solutions GmbH >
www.tech-school.eu OMM Solutions GmbH Vor dem Lauch 19 70567 Stuttgart Germany Fragen oder Interesse? 15< OMM Solutions GmbH > Ihr persönlicher Ansprechpartner Olaf Horstmann Geschäftsführer Technologie OMM Solutions GmbH Vor dem Lauch 19 70567 Stuttgart Germany oh@omm-solutions.de +49 (0)711 995 985-75
www.tech-talks.eu 16< OMM Solutions GmbH > OMM Solutions GmbH Vor dem Lauch 19 70567 Stuttgart Geschäftsführer Martin Allmendinger Malte Horstmann Olaf Horstmann Kontakt Telefon: +49 711 995 985 80 E-Mail: info@omm-solutions.de Umsatzsteuer-ID: DE295716572 Sitz der Gesellschaft: Stuttgart Amtsgericht Stuttgart, HRB 749562 Impressum

Recommended

Evil Twin
Evil TwinEvil Twin
Evil Twinn|u - The Open Security Community
 
Secure Your Mobile Apps
Secure Your Mobile AppsSecure Your Mobile Apps
Secure Your Mobile Appsprimomh
 
The (Io)Things you don't even need to hack. Should we worry?
The (Io)Things you don't even need to hack. Should we worry?The (Io)Things you don't even need to hack. Should we worry?
The (Io)Things you don't even need to hack. Should we worry?SecuRing
 
IoT - Rise of New Zombies Army
IoT - Rise of New Zombies ArmyIoT - Rise of New Zombies Army
IoT - Rise of New Zombies ArmyMuhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
So you want to be a wireless hacker
So you want to be a wireless hackerSo you want to be a wireless hacker
So you want to be a wireless hackerCasey Dunham
 
Security B Sides Puerto Rico - Weaponizing your Drone
Security B Sides Puerto Rico - Weaponizing your DroneSecurity B Sides Puerto Rico - Weaponizing your Drone
Security B Sides Puerto Rico - Weaponizing your DroneJose L. Quiñones-Borrero
 
MIRAI: What is It, How Does it Work and Why Should I Care?
MIRAI: What is It, How Does it Work and Why Should I Care?MIRAI: What is It, How Does it Work and Why Should I Care?
MIRAI: What is It, How Does it Work and Why Should I Care?Memoori
 
Mickey pacsec2016_final
Mickey pacsec2016_finalMickey pacsec2016_final
Mickey pacsec2016_finalPacSecJP
 

Recommended

Evil Twin
Evil TwinEvil Twin
Evil Twinn|u - The Open Security Community
 
Secure Your Mobile Apps
Secure Your Mobile AppsSecure Your Mobile Apps
Secure Your Mobile Appsprimomh
 
The (Io)Things you don't even need to hack. Should we worry?
The (Io)Things you don't even need to hack. Should we worry?The (Io)Things you don't even need to hack. Should we worry?
The (Io)Things you don't even need to hack. Should we worry?SecuRing
 
IoT - Rise of New Zombies Army
IoT - Rise of New Zombies ArmyIoT - Rise of New Zombies Army
IoT - Rise of New Zombies ArmyMuhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
So you want to be a wireless hacker
So you want to be a wireless hackerSo you want to be a wireless hacker
So you want to be a wireless hackerCasey Dunham
 
Security B Sides Puerto Rico - Weaponizing your Drone
Security B Sides Puerto Rico - Weaponizing your DroneSecurity B Sides Puerto Rico - Weaponizing your Drone
Security B Sides Puerto Rico - Weaponizing your DroneJose L. Quiñones-Borrero
 
MIRAI: What is It, How Does it Work and Why Should I Care?
MIRAI: What is It, How Does it Work and Why Should I Care?MIRAI: What is It, How Does it Work and Why Should I Care?
MIRAI: What is It, How Does it Work and Why Should I Care?Memoori
 
Mickey pacsec2016_final
Mickey pacsec2016_finalMickey pacsec2016_final
Mickey pacsec2016_finalPacSecJP
 
The Insecurity of Industrial Things
The Insecurity of Industrial ThingsThe Insecurity of Industrial Things
The Insecurity of Industrial ThingsSenrio
 
Opening the IoT - Joe Fortey - IoT Midlands Meet Up - 29/07/14
Opening the IoT - Joe Fortey - IoT Midlands Meet Up - 29/07/14Opening the IoT - Joe Fortey - IoT Midlands Meet Up - 29/07/14
Opening the IoT - Joe Fortey - IoT Midlands Meet Up - 29/07/14WMG, University of Warwick
 
Latest slide intro for TRUSTLESS.AI
Latest slide intro for TRUSTLESS.AILatest slide intro for TRUSTLESS.AI
Latest slide intro for TRUSTLESS.AITRUSTLESS.AI
 
IoThings you don't even need to hack
IoThings you don't even need to hackIoThings you don't even need to hack
IoThings you don't even need to hackSlawomir Jasek
 
The Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatThe Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatDuo Security
 
Security challenges for IoT
Security challenges for IoTSecurity challenges for IoT
Security challenges for IoTWSO2
 
TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of I...
TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of I...TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of I...
TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of I...Priyanka Aash
 
Introduction to the Internet of Things
Introduction to the Internet of ThingsIntroduction to the Internet of Things
Introduction to the Internet of Thingsardiri
 
IoT Devices Security Threats in 2023. How to Protect Your IoT Ecosystem?
IoT Devices Security Threats in 2023. How to Protect Your IoT Ecosystem?IoT Devices Security Threats in 2023. How to Protect Your IoT Ecosystem?
IoT Devices Security Threats in 2023. How to Protect Your IoT Ecosystem?Utah Tech Labs
 
IoT overview 2014
IoT overview 2014IoT overview 2014
IoT overview 2014Mirko Presser
 
CONFidence 2017: Hackers vs SOC - 12 hours to break in, 250 days to detect (G...
CONFidence 2017: Hackers vs SOC - 12 hours to break in, 250 days to detect (G...CONFidence 2017: Hackers vs SOC - 12 hours to break in, 250 days to detect (G...
CONFidence 2017: Hackers vs SOC - 12 hours to break in, 250 days to detect (G...PROIDEA
 
Take Down
Take DownTake Down
Take DownProf John Walker FRSA Purveyor Dark Intelligence
 
Countering Cybersecurity Risk in Today's IoT World
Countering Cybersecurity Risk in Today's IoT WorldCountering Cybersecurity Risk in Today's IoT World
Countering Cybersecurity Risk in Today's IoT WorldBrad Nicholas
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Claus Cramon Houmann
 
Exfiltrating Data through IoT
Exfiltrating Data through IoTExfiltrating Data through IoT
Exfiltrating Data through IoTPriyanka Aash
 
IoT World - creating a secure robust IoT reference architecture
IoT World - creating a secure robust IoT reference architectureIoT World - creating a secure robust IoT reference architecture
IoT World - creating a secure robust IoT reference architecturePaul Fremantle
 
A Reference Architecture for IoT: How to create a resilient, secure IoT cloud
A Reference Architecture for IoT: How to create a resilient, secure IoT cloudA Reference Architecture for IoT: How to create a resilient, secure IoT cloud
A Reference Architecture for IoT: How to create a resilient, secure IoT cloudWSO2
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCloudIDSummit
 
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014Brian Knopf
 
ITrust Company Overview EN
ITrust Company Overview ENITrust Company Overview EN
ITrust Company Overview ENITrust - Cybersecurity as a Service
 
Growth Hacking
Growth HackingGrowth Hacking
Growth HackingOMM Solutions GmbH
 
Mythos und Realität des Intrapreneurs - Wer ist er und welche organisatorisch...
Mythos und Realität des Intrapreneurs - Wer ist er und welche organisatorisch...Mythos und Realität des Intrapreneurs - Wer ist er und welche organisatorisch...
Mythos und Realität des Intrapreneurs - Wer ist er und welche organisatorisch...OMM Solutions GmbH
 

More Related Content

Similar to IoT-Home fails

The Insecurity of Industrial Things
The Insecurity of Industrial ThingsThe Insecurity of Industrial Things
The Insecurity of Industrial ThingsSenrio
 
Opening the IoT - Joe Fortey - IoT Midlands Meet Up - 29/07/14
Opening the IoT - Joe Fortey - IoT Midlands Meet Up - 29/07/14Opening the IoT - Joe Fortey - IoT Midlands Meet Up - 29/07/14
Opening the IoT - Joe Fortey - IoT Midlands Meet Up - 29/07/14WMG, University of Warwick
 
Latest slide intro for TRUSTLESS.AI
Latest slide intro for TRUSTLESS.AILatest slide intro for TRUSTLESS.AI
Latest slide intro for TRUSTLESS.AITRUSTLESS.AI
 
IoThings you don't even need to hack
IoThings you don't even need to hackIoThings you don't even need to hack
IoThings you don't even need to hackSlawomir Jasek
 
The Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatThe Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatDuo Security
 
Security challenges for IoT
Security challenges for IoTSecurity challenges for IoT
Security challenges for IoTWSO2
 
TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of I...
TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of I...TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of I...
TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of I...Priyanka Aash
 
Introduction to the Internet of Things
Introduction to the Internet of ThingsIntroduction to the Internet of Things
Introduction to the Internet of Thingsardiri
 
IoT Devices Security Threats in 2023. How to Protect Your IoT Ecosystem?
IoT Devices Security Threats in 2023. How to Protect Your IoT Ecosystem?IoT Devices Security Threats in 2023. How to Protect Your IoT Ecosystem?
IoT Devices Security Threats in 2023. How to Protect Your IoT Ecosystem?Utah Tech Labs
 
CONFidence 2017: Hackers vs SOC - 12 hours to break in, 250 days to detect (G...
CONFidence 2017: Hackers vs SOC - 12 hours to break in, 250 days to detect (G...CONFidence 2017: Hackers vs SOC - 12 hours to break in, 250 days to detect (G...
CONFidence 2017: Hackers vs SOC - 12 hours to break in, 250 days to detect (G...PROIDEA
 
Countering Cybersecurity Risk in Today's IoT World
Countering Cybersecurity Risk in Today's IoT WorldCountering Cybersecurity Risk in Today's IoT World
Countering Cybersecurity Risk in Today's IoT WorldBrad Nicholas
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Claus Cramon Houmann
 
Exfiltrating Data through IoT
Exfiltrating Data through IoTExfiltrating Data through IoT
Exfiltrating Data through IoTPriyanka Aash
 
IoT World - creating a secure robust IoT reference architecture
IoT World - creating a secure robust IoT reference architectureIoT World - creating a secure robust IoT reference architecture
IoT World - creating a secure robust IoT reference architecturePaul Fremantle
 
A Reference Architecture for IoT: How to create a resilient, secure IoT cloud
A Reference Architecture for IoT: How to create a resilient, secure IoT cloudA Reference Architecture for IoT: How to create a resilient, secure IoT cloud
A Reference Architecture for IoT: How to create a resilient, secure IoT cloudWSO2
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCloudIDSummit
 
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014Brian Knopf
 

Similar to IoT-Home fails (20)

The Insecurity of Industrial Things
The Insecurity of Industrial ThingsThe Insecurity of Industrial Things
The Insecurity of Industrial Things
 
Opening the IoT - Joe Fortey - IoT Midlands Meet Up - 29/07/14
Opening the IoT - Joe Fortey - IoT Midlands Meet Up - 29/07/14Opening the IoT - Joe Fortey - IoT Midlands Meet Up - 29/07/14
Opening the IoT - Joe Fortey - IoT Midlands Meet Up - 29/07/14
 
Latest slide intro for TRUSTLESS.AI
Latest slide intro for TRUSTLESS.AILatest slide intro for TRUSTLESS.AI
Latest slide intro for TRUSTLESS.AI
 
IoThings you don't even need to hack
IoThings you don't even need to hackIoThings you don't even need to hack
IoThings you don't even need to hack
 
The Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatThe Internet of Things: We've Got to Chat
The Internet of Things: We've Got to Chat
 
Security challenges for IoT
Security challenges for IoTSecurity challenges for IoT
Security challenges for IoT
 
TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of I...
TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of I...TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of I...
TRITON: How it Disrupted Safety Systems and Changed the Threat Landscape of I...
 
Introduction to the Internet of Things
Introduction to the Internet of ThingsIntroduction to the Internet of Things
Introduction to the Internet of Things
 
IoT Devices Security Threats in 2023. How to Protect Your IoT Ecosystem?
IoT Devices Security Threats in 2023. How to Protect Your IoT Ecosystem?IoT Devices Security Threats in 2023. How to Protect Your IoT Ecosystem?
IoT Devices Security Threats in 2023. How to Protect Your IoT Ecosystem?
 
IoT overview 2014
IoT overview 2014IoT overview 2014
IoT overview 2014
 
CONFidence 2017: Hackers vs SOC - 12 hours to break in, 250 days to detect (G...
CONFidence 2017: Hackers vs SOC - 12 hours to break in, 250 days to detect (G...CONFidence 2017: Hackers vs SOC - 12 hours to break in, 250 days to detect (G...
CONFidence 2017: Hackers vs SOC - 12 hours to break in, 250 days to detect (G...
 
Take Down
Take DownTake Down
Take Down
 
Countering Cybersecurity Risk in Today's IoT World
Countering Cybersecurity Risk in Today's IoT WorldCountering Cybersecurity Risk in Today's IoT World
Countering Cybersecurity Risk in Today's IoT World
 
Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015Keynote at the Cyber Security Summit Prague 2015
Keynote at the Cyber Security Summit Prague 2015
 
Exfiltrating Data through IoT
Exfiltrating Data through IoTExfiltrating Data through IoT
Exfiltrating Data through IoT
 
IoT World - creating a secure robust IoT reference architecture
IoT World - creating a secure robust IoT reference architectureIoT World - creating a secure robust IoT reference architecture
IoT World - creating a secure robust IoT reference architecture
 
A Reference Architecture for IoT: How to create a resilient, secure IoT cloud
A Reference Architecture for IoT: How to create a resilient, secure IoT cloudA Reference Architecture for IoT: How to create a resilient, secure IoT cloud
A Reference Architecture for IoT: How to create a resilient, secure IoT cloud
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
 
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
IoT_and_the_Impact_on_Security_Brian_Knopf_ISSA-OC_July-2014
 
ITrust Company Overview EN
ITrust Company Overview ENITrust Company Overview EN
ITrust Company Overview EN
 

More from OMM Solutions GmbH

Mythos und Realität des Intrapreneurs - Wer ist er und welche organisatorisch...
Mythos und Realität des Intrapreneurs - Wer ist er und welche organisatorisch...Mythos und Realität des Intrapreneurs - Wer ist er und welche organisatorisch...
Mythos und Realität des Intrapreneurs - Wer ist er und welche organisatorisch...OMM Solutions GmbH
 
How everyone can program a browser to quickly automate research and analyst-t...
How everyone can program a browser to quickly automate research and analyst-t...How everyone can program a browser to quickly automate research and analyst-t...
How everyone can program a browser to quickly automate research and analyst-t...OMM Solutions GmbH
 
How we automate tasks and processes at OMM
How we automate tasks and processes at OMMHow we automate tasks and processes at OMM
How we automate tasks and processes at OMMOMM Solutions GmbH
 
The possibilities of information that can be extracted from seemingly simpel ...
The possibilities of information that can be extracted from seemingly simpel ...The possibilities of information that can be extracted from seemingly simpel ...
The possibilities of information that can be extracted from seemingly simpel ...OMM Solutions GmbH
 
Industrie 4.0: State of the art
Industrie 4.0: State of the artIndustrie 4.0: State of the art
Industrie 4.0: State of the artOMM Solutions GmbH
 
How AI will affect individuals
How AI will affect individualsHow AI will affect individuals
How AI will affect individualsOMM Solutions GmbH
 
Quantum computing - the next big thing
Quantum computing - the next big thingQuantum computing - the next big thing
Quantum computing - the next big thingOMM Solutions GmbH
 
How AI will affect individuals
How AI will affect individuals How AI will affect individuals
How AI will affect individuals OMM Solutions GmbH
 
Industry ready software ecosystems how to attract software development part...
Industry ready software ecosystems how to attract software development part...Industry ready software ecosystems how to attract software development part...
Industry ready software ecosystems how to attract software development part...OMM Solutions GmbH
 
Wie Edtech das Lernen der Zukunft verändert
Wie Edtech das Lernen der Zukunft verändertWie Edtech das Lernen der Zukunft verändert
Wie Edtech das Lernen der Zukunft verändertOMM Solutions GmbH
 
How AI will effect individuals
How AI will effect individualsHow AI will effect individuals
How AI will effect individualsOMM Solutions GmbH
 
Agile Software Development – Why all the fuzz?
Agile Software Development – Why all the fuzz?Agile Software Development – Why all the fuzz?
Agile Software Development – Why all the fuzz?OMM Solutions GmbH
 
The state of AI & ML Hype or potential – what‘s possible, how the future will...
The state of AI & ML Hype or potential – what‘s possible, how the future will...The state of AI & ML Hype or potential – what‘s possible, how the future will...
The state of AI & ML Hype or potential – what‘s possible, how the future will...OMM Solutions GmbH
 
Scaling Blockchain Transaction Are 1000000 Transactions / second really possi...
Scaling Blockchain Transaction Are 1000000 Transactions / second really possi...Scaling Blockchain Transaction Are 1000000 Transactions / second really possi...
Scaling Blockchain Transaction Are 1000000 Transactions / second really possi...OMM Solutions GmbH
 
Nutzerzentrierte Prozesse und Methoden im Überblick - Mit Design Thinking, Cu...
Nutzerzentrierte Prozesse und Methoden im Überblick - Mit Design Thinking, Cu...Nutzerzentrierte Prozesse und Methoden im Überblick - Mit Design Thinking, Cu...
Nutzerzentrierte Prozesse und Methoden im Überblick - Mit Design Thinking, Cu...OMM Solutions GmbH
 
Hello, Bot! - When AI starts communicating
Hello, Bot! - When AI starts communicatingHello, Bot! - When AI starts communicating
Hello, Bot! - When AI starts communicatingOMM Solutions GmbH
 

More from OMM Solutions GmbH (20)

Growth Hacking
Growth HackingGrowth Hacking
Growth Hacking
 
Mythos und Realität des Intrapreneurs - Wer ist er und welche organisatorisch...
Mythos und Realität des Intrapreneurs - Wer ist er und welche organisatorisch...Mythos und Realität des Intrapreneurs - Wer ist er und welche organisatorisch...
Mythos und Realität des Intrapreneurs - Wer ist er und welche organisatorisch...
 
How everyone can program a browser to quickly automate research and analyst-t...
How everyone can program a browser to quickly automate research and analyst-t...How everyone can program a browser to quickly automate research and analyst-t...
How everyone can program a browser to quickly automate research and analyst-t...
 
How we automate tasks and processes at OMM
How we automate tasks and processes at OMMHow we automate tasks and processes at OMM
How we automate tasks and processes at OMM
 
The possibilities of information that can be extracted from seemingly simpel ...
The possibilities of information that can be extracted from seemingly simpel ...The possibilities of information that can be extracted from seemingly simpel ...
The possibilities of information that can be extracted from seemingly simpel ...
 
Industrie 4.0: State of the art
Industrie 4.0: State of the artIndustrie 4.0: State of the art
Industrie 4.0: State of the art
 
How AI will affect individuals
How AI will affect individualsHow AI will affect individuals
How AI will affect individuals
 
The future of society with AI
The future of society with AIThe future of society with AI
The future of society with AI
 
Quantum computing - the next big thing
Quantum computing - the next big thingQuantum computing - the next big thing
Quantum computing - the next big thing
 
How AI will affect individuals
How AI will affect individuals How AI will affect individuals
How AI will affect individuals
 
Industry ready software ecosystems how to attract software development part...
Industry ready software ecosystems how to attract software development part...Industry ready software ecosystems how to attract software development part...
Industry ready software ecosystems how to attract software development part...
 
Wie Edtech das Lernen der Zukunft verändert
Wie Edtech das Lernen der Zukunft verändertWie Edtech das Lernen der Zukunft verändert
Wie Edtech das Lernen der Zukunft verändert
 
How AI will effect individuals
How AI will effect individualsHow AI will effect individuals
How AI will effect individuals
 
Agile Software Development – Why all the fuzz?
Agile Software Development – Why all the fuzz?Agile Software Development – Why all the fuzz?
Agile Software Development – Why all the fuzz?
 
New Work - Collaborative Work
New Work - Collaborative WorkNew Work - Collaborative Work
New Work - Collaborative Work
 
The state of AI & ML Hype or potential – what‘s possible, how the future will...
The state of AI & ML Hype or potential – what‘s possible, how the future will...The state of AI & ML Hype or potential – what‘s possible, how the future will...
The state of AI & ML Hype or potential – what‘s possible, how the future will...
 
Scaling Blockchain Transaction Are 1000000 Transactions / second really possi...
Scaling Blockchain Transaction Are 1000000 Transactions / second really possi...Scaling Blockchain Transaction Are 1000000 Transactions / second really possi...
Scaling Blockchain Transaction Are 1000000 Transactions / second really possi...
 
Passwörter lang oder kurz?
Passwörter lang oder kurz?Passwörter lang oder kurz?
Passwörter lang oder kurz?
 
Nutzerzentrierte Prozesse und Methoden im Überblick - Mit Design Thinking, Cu...
Nutzerzentrierte Prozesse und Methoden im Überblick - Mit Design Thinking, Cu...Nutzerzentrierte Prozesse und Methoden im Überblick - Mit Design Thinking, Cu...
Nutzerzentrierte Prozesse und Methoden im Überblick - Mit Design Thinking, Cu...
 
Hello, Bot! - When AI starts communicating
Hello, Bot! - When AI starts communicatingHello, Bot! - When AI starts communicating
Hello, Bot! - When AI starts communicating
 

Recently uploaded

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024The Digital Insurer
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024SynarionITSolutions
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 

Recently uploaded (20)

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 

IoT-Home fails

  • 2. www.tech-talks.eu Einmal im Monat ist TECHtalk Zeit! First come first served! < OMM Solutions GmbH > 2
  • 3. www.tech-talks.eu Talk: Home IoT Fails - How to NOT secure a device. Or: Why you probably shouldn’t buy just any “smart device” Speaker: Olaf Horstmann 3< OMM Solutions GmbH >
  • 5. www.tech-talks.eu • 26 bn connected devices (75 bn until 2025) • estimations are, that at least 50-60% can be hacked with simple methods and ready-to-buy tools/hardware … and not very secure IoT is already massive … 5 Quelle: https://www.statista.com/statistics/471264/iot-number- of-connected-devices-worldwide/
  • 6. www.tech-talks.eu • the doll contains a microphone and a speaker • once the original paired device is out of range or turned off, any other device and pair with Cayla • we’d barely call this “hacking”, more like “insecurely implemented” … is not so loyal once the owner is out of sight My friend Cayla 6 Quelle: https://www.cleankids.de/wp-content/uploads/2017/02/rofu1-17 4x300.jpg
  • 7. www.tech-talks.eu • Database was hacked in 2017 • userdata of 800.000 customers leaked • including custom voice-messages between parents and their children CloudPets 7 Quelle: https://www.idgcdn.com.au/article/images/740x500/dimg/scree n-shot-2017-02-27-at-43408-pm-100710841-orig.jpg
  • 8. www.tech-talks.eu Merlin@Home • device is used to wirelessly monitor the pacemaker and transmit data to the physician • attackers could connect to the pacemaker within a 3 meter radius • 465.000 devices affected • can be patched via software, but must be done in the doctors office • even with a chance of only 0.001% risk of complications (hypothetical number) there are 5 people that might suffer consequences Even pacemakers are connected today 8 Quelle: http://professional.sjm.com/~/media/galaxy/hcp/featured-produ cts/crm/merlin-at-home-transmitter/merlin-at-home-1.jpg
  • 9. www.tech-talks.eu Smart Locks 9 Secure locks are rare • 12 of 16 tested locks insecure • can be “hacked” in 2 seconds with an Android-App • can be opened with a screwdriver • signal can be recorded and replayed at any time (basically a 1990s garage opener insecurity) • there are secure locks, but they are rare Quelle: https://your-smarthome.com/blog/wp-content/uploads/2016/11/ Goji-T%C3%BCrschloss-150x150.jpg
  • 10. www.tech-talks.eu • the gun was developed to be only usable when wearing the smart wristband • the gun can also be “unlocked”(“hacked”) with a 10€ magnet … outsmarted with a cheap magnet Smart Gun … 10 Quelle: https://static.designboom.com/wp-content/uploads/2014/02/sm artwatch-controlled-pistol-designboom05.jpg https://scr3.golem.de/screenshots/1402/Armatix-iP1/thumb620 /80d17cd287.jpg
  • 11. www.tech-talks.eu • between 600.000 and 2.5mil infected devices* (mostly CCTV Cameras and DVRs) • used to create DDoS** attacks in 2016 with traffic-spikes of up to 1.2Tbps (~150GB of data or ~25h of 4K video / second) • allegedly created by the owner of a DDoS Mitigation Company to “boost his business” probably the best known quantitative attack Mirai Botnet 11 *https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-antonakakis.pdf, https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mirai-botnet-creates-army-iot-orcs/ **DDoS (Distributed Denial of Service): Many single devices try to connect to a central service (e.g. omm-solutions.de -> that services will go offline due to the high load Quelle: https://www.incapsula.com/blog/wp-content/uploads/2016/10/ mirai-botnet-map.png
  • 12. www.tech-talks.eu Sadly but true • there has been no device category yet, that has not yet been hacked • children’s toys • appliances • tools • locks • medical devices • cameras • guns • bedroom/adult toys • smart tvs • computers are still not top secured, but IoT devices are way easier to “hack” In essence 12
  • 13. www.tech-talks.eu • There are tons of unsecured cameras openly accessible on the web • http://www.insecam.org/ Security Cameras 13
  • 14. www.tech-talks.eu Vielen Dank für Eure Aufmerksamkeit! 14< OMM Solutions GmbH >
  • 15. www.tech-school.eu OMM Solutions GmbH Vor dem Lauch 19 70567 Stuttgart Germany Fragen oder Interesse? 15< OMM Solutions GmbH > Ihr persönlicher Ansprechpartner Olaf Horstmann Geschäftsführer Technologie OMM Solutions GmbH Vor dem Lauch 19 70567 Stuttgart Germany oh@omm-solutions.de +49 (0)711 995 985-75
  • 16. www.tech-talks.eu 16< OMM Solutions GmbH > OMM Solutions GmbH Vor dem Lauch 19 70567 Stuttgart Geschäftsführer Martin Allmendinger Malte Horstmann Olaf Horstmann Kontakt Telefon: +49 711 995 985 80 E-Mail: info@omm-solutions.de Umsatzsteuer-ID: DE295716572 Sitz der Gesellschaft: Stuttgart Amtsgericht Stuttgart, HRB 749562 Impressum