Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

IoT Fofoqueiro

IoT Fofoqueiro
Nossos dispositivos IoT não sabem guardar um segredo!
Nesta palestra vamos rever vários casos recentes sobre dispositivos de Internet das Coisas que, deliberadamente ou não, revelavam dados pessoais de seus usuários.
A Internet das Coisas (do inglês Internet of Things, ou IoT) está cada vez mais presente em nosso dia-a-dia em dispositivos pessoais, computação vestível, automação residencial, carros inteligentes e muito mais. Conforme eles se proliferam, crescem tambem os casos de exposição de dados pessoais. Nessa apresentação vamos rever alguns casos interessantes de dispositivos IoT que não tinham os devidos cuidados com privacidade.
Palestra apresentada em 04/05/2018 na CryptoRave #CR2018

  • Identifiez-vous pour voir les commentaires

IoT Fofoqueiro

  1. 1. 5/5/2018 Apresenta…
  2. 2. IoF Internet of Fofoca (IoTs Fofoqueiros) @anchisesbr @RSAFraud @Garoahc @BSidesSP @CSAbr
  3. 3. Imagem: giphy iot fofoqueiro?
  4. 4. IoT Fofoqueiro: s.m. Dispositivo IoT que tem acesso não autorizado a dados pessoais de seu usuário, permitindo o compartilhamentou indevido e/ou acesso por terceiros. Imagem: giphy
  5. 5. objetivo • Popularização da Internet das Coisas (IoT) Imagem: xkcd
  6. 6. objetivo • Problemas de segurança no mundo IoT Imagem: xkcd
  7. 7. Foco • Casos de mau uso • Compartilhamento de dados pessoais Imagem: giphy
  8. 8. Risco • Privacidade Imagem: giphy
  9. 9. motivação Tempo INsegurança Lançamento Padrões de segurança Popularização Problemas!!! Patches Imagens: xkcd
  10. 10. Imagem: giphy casos
  11. 11. “LIFX mesh network protocol was largely unencrypted”
  12. 12. https://thehackernews.com/2013/11/your-tv-now-watching-you-too-lg-smart.html
  13. 13. https://doctorbeet.blogspot.com.br/2013/11/lg-smart-tvs-logging-usb-filenames-and.html Opção escondida
  14. 14. https://thehackernews.com/2017/07/irobot-roomba-vacuums.html
  15. 15. Imagem: giphy “CEO of iRobot has revealed that the robotic vacuum cleaner builds a map of your home while cleaning”
  16. 16. https://thehackernews.com/2017/10/smart-iot-device-hacking.html
  17. 17. Fonte: The Hacker News, Checkpoint https://www.youtube.com/watch?v=BnAHfZWPaCs
  18. 18. https://www.theguardian.com/technology/2015/nov/26/hackers-can-hijack-wi-fi-hello-barbie-to-spy-on-your-children
  19. 19. “When connected to Wi-Fi the doll was vulnerable to hacking, allowing him easy access to the doll’s system information, account information, stored audio files and direct access to the microphone.”
  20. 20. https://thehackernews.com/2016/12/amazon-echo-murder.html
  21. 21. “The police said they were able to extract data from Echo, though it's uncertain what they were able to uncover and how useful that data would be in their investigation.” Imagem: Amazon
  22. 22. “According to court records, Bates' smart water meter shows that his home ran 140 gallons of water between 1 AM and 3 AM the night Collins was found dead in Bates' hot tub. The prosecution claims that the water was used to wash away evidence after he killed Collins. ”
  23. 23. https://thehackernews.com/2017/01/cartapping-connected-cars.html
  24. 24. “In 2014, satellite radio and telematics provider SiriusXM provided location information of a Toyota 4- Runner following a warrant by New York police (…). The warrant asked SiriusXM "to activate and monitor as a tracking device the SIRIUS XM Satellite Radio installed on the Target Vehicle" for ten days, and the company admitted to Forbes that it complied with the order. (…) The company simply turned on the stolen vehicle recovery feature of its Connected Vehicle Services technology on the target vehicle, (…).” ” The Hacker News
  25. 25. “In 2007, OnStar was ordered to provide audio data from a Chevrolet Tahoe belonging to Gareth Wilson in Ohio. An emergency button in Wilson's car was automatically pushed without his knowledge, which allowed an officer from the Office of the Fairfield County Sheriff to listen to the conversation about a possible drug deal (…). After that, when the feds located and searched the car, they found marijuana. (…).” ” The Hacker News
  26. 26. Samsung F8000 Weeping Angel
  27. 27. https://www.youtube.com/watch?v=P2_ZWKwM5Bw “Alexa Are You Connected to the CIA?”
  28. 28. https://www.theguardian.com/world/2018/jan/28/fitness-tracking-app-gives-away-location-of-secret-us-army-bases
  29. 29. Imagem: Strava, The Guardian
  30. 30. E agora !?
  31. 31. Privacidade x Conveniência Imagem: giphy
  32. 32. Cuidados básicos Imagem: Facebook
  33. 33. Cuidados básicos • Altere as senhas padrão • Desativar o recurso Universal Plug-and- Play (UPnP) • Revisar restrições de Gerenciamento Remoto • Verifique as atualizações de software Fonte: The Hacker News
  34. 34. Online scan http://iotscanner.bullguard.com
  35. 35. Para saber mais... Artigo - Notícias sobre ameaças em IoT https://anchisesbr.blogspot.com/2018/02/seguranca-noticias-sobre-ameacas-em-iot.html Artigo – IoT Espião https://anchisesbr.blogspot.com.br/2017/03/seguranca-iot-espiao.html Security Guidance for Early Adopters of the IoT” https://cloudsecurityalliance.org/download/new-security-guidance-for-early-adopters-of- the-iot/ "Future-proofing the Connected World: 13 Steps to Developing Secure IoT Products“ https://cloudsecurityalliance.org/download/future-proofing-the-connected-world/ @Internet of Shit https://twitter.com/internetofshit
  36. 36. 5/5/2018 Obrigado garoa.net.br @anchisesbr @garoahc
  37. 37. Participe! http://sp15.securitybsides.com.br 19 e 20 / Maio / 2018

×