A decade has passed since the introduction of network enabled home appliances into the market. Every year these appliances advance in functionality and inter device integrations, such as the integration with cell phones/smart phones , service servers/ cloud services and more. This has lead to a significant increase in the information and value that the network enabled house hold appliances handle. Under such circumstances a vulnerability in the house hold appliance could be leveraged to gain access to other devices and information. In this presentation I will present whether such risks can be actualised and the changes of functionality and vulnerabilities in network enabled house hold appliances,looking at those changes from a user's and developer'sperspective.
Yukihisa Horibe
Panasonic Corporation Analysis Cente
Panasonic PSIRT member.
Over 10 years of experience in vulnerability research and risk analysis regarding networked household appliances and embedded systems.
2. Profile
堀部 千壽(Yukihisa Horibe)
2
Panasonic Corporation Analysis Center
Panasonic-PSIRT Member
Focusing on improving security for networked
home appliances
Vulnerability assessment of house hold appliances
and embedded systems
Vulnerability assessment of home service servers
Table top analysis of networks including house hold
appliances.
Over 10 years of experience in security evaluation
related work
3. Agenda
3
Changes in the feature of connected CE
products
The risks to connect
Performance and trends in the Vulnerability
Assessment for connected CE products
Security functions required for CE products in
the time of IoT
Closing
4. Agenda
4
Changes in the feature of connected CE
products
The risks to connect
Performance and trends in the Vulnerability
Assessment for connected CE products
Security functions required for CE products in
the time of IoT
Closing
5. Evolving Home Appliances.
5
Remote Control
Media Server
HDD Recorder
Image Upload
Wifi Data Transfer
Digital Camera/Video Cam
CDDB
Audio System
Browser
Media Player
Smartphone like apps
Browser
Media Player
Smartphone like apps
Digital TVDigital TV
Browser
Media Player
Smartphone like apps
Digital TV
Door Chimes
Notification
Communications
Measurements
data transfer
Scales
Device
Integration
Smartphone
Integration
Cloud
Integration
Monitoring
Power Control
On Demand
Control
HEMS
Monitorin
Remote Control
Air Conditioner
6. Historical Overview of Function and Data Information of Networked Home
Appliances(~2005:Growth Period)
6
Internet(Household)
Cellphones
Digital TV
Recorders
Cooking Appliances
201220102008200620042002
ADSL
mova
3G
Browser
Remote operations
Status Notifications
7. Historical Overview of Function and Data Information of Networked Home
Appliances(~2005:Growth Period)
7
Internet (Household)
Cellphones
Digital TV
Recorders
Cooking Appliances
201220102008200620042002
ADSL
mova
3G
Browsers
Remote Operation
Status Notifications
ID/Password
Recording
Information
email address
Status Info on
operations
Access History
Most of the functions are contained within each appliance and
the information they handle is limited.
8. Historical Overview of Function and Data Information of Networked Home
Appliances(2005~2010:Evolution Phase)
8
Internet(Household)
Cellphone
Digital TV
Recorder
Audio System/Music
Digital
Camera/Camcorders
Cooking Appliances
Home Related
201220102008200620042002
ADSL
FTTH(Optical Fiber)
mova
3G
Browser
Remote Operations
CDDB
Appliance Integration
(DLNA)
VOD
Status notifications
Security: Status Monitoring
Door Chime:Visitor Notification
HEMS
Image Upload
9. Historical Overview of Function and Data Information of Networked Home
Appliances(2005~2010:Evolution Phase)
9
Internet (Household)
Cellphones
Digital TV
Recorder
Audio
Systems/Music
Digital
Camera/Camcorder
Cooking Appliance
Home Related
201220102008200620042002
ADSL
FTTH(Fiber Optic)
mova
3G
ブラウザ
宅外操作
CDDB
Device Integration
(DLNA)
VOD
状態通知
Security Status Monitoring
Door Chime Visitor Notifications
HEMS
Image upload
CD Ownership
List
Payment Info
Viewing History
“at home” info
Operational Info of
each appliance
Image Information
Blog/UL Service
Account
Visitor Info
email Address
Content Ownership Info
Device Ownership Info
Operational Info
of each device
Power usage info
With the increase in server/inter-device integration
the importance of information also grew
10. Historical Overview of Function and Data Information of Networked Home
Appliances(2010~:Mature Phase)
10
Internet(Household)
Cellphone
DigitalTV
Recorder
Audio System/Music
Digital
Camera/Cammcorder
Health Care
Appliances
Cooking Appliances
Home Related
201220102008200620042002
ADSL
FTTH(Fiber Optic)
mova
3G
smartphone
Browser
Remote Operations
CDDB
Device Integration
(DLNA)
VOD
Status Notifications
Security Status Monitoring
Door Chimes Visitor Notification
applications
HEMS
Smartphone
Integration
AC
Remote
Operations
Image Upload
11. Historical Overview of Function and Data Information of Networked Home
Appliances(2010~:Mature Phase)
11
Internet(Household)
Cellphone
Digital TV
Recorder
Audio System/Music
Digital
Camera/Cammcorder
Health Care
Appliances
Cooking Appliances
Home related
201220102008200620042002
ADSL
FTTH(Fiber Optic)
mova
3G
Smart Phones
Browser
Remote Operation
CDDB
機器連携
(DLNA)
VOD
Status Notification
Security Status Monitoring
ドアホン 来客通知
Apps
HEMS
Smartphone
Integration
AC
Remote
Operation
Image Upload
Payment Info
Purchase History
Address/Name
Blog/SNS Account
Physical Info
Service Account
Operation Info
Service Account
12. Historical Overview of Function and Data Information of Networked Home
Appliances(2010~:Mature Phase)
12
Internet(Household)
Cellphones
Digital TV
Recorder
Audio System/Music
Digital
Camera/Camcorder
Health Care Appliances
Cooking Appliance
Home Related
201220102008200620042002
ADSL
FTTH(光回線)
GSM(cHTML)
広帯域CDMA(HTML/Java)
Smartphone
ブラウザ
宅外操作
CDDB
機器連携
(DLNA)
VOD
状態通知
Security Operational Info
ドアホン 来客通知
Apps
HEMS
スマホ
連携
エアコン
遠隔操作
画像アップロード
Cloud Integration allows the information linkage to include
everything including smartphones.
ID/Passworr
Recording history
Email Address
Device Operation Info
Access History
CD Ownership
List
Payment Info
Viewing History
Vacancy Info
Operational Info
of each device
Image Info
Blog/UL Service
account info
Visitor Info
Email address
Content Ownership
Device Ownership
Operational Info of
each device.
Power Usage Info
Payment Info
Purchase History
住所氏名
ブログ/SNSアカウント
Physical
Information
Service Account
Operation Info
Service Account
Cloud
Integration
Address Book
Video/Image
Account info
13. The Evolution of Networked Home Appliances Functionality and Information
(Near Future)
House hold(Audio Visual, Home , Cosmetic)
PC, Game terminal,Information
terminal
Smartphone, Cellphones, Land lines
Housing Equipment(Single Family,complexes)
13
Inside the
home
connecting
14. The Evolution of Networked Home Appliances Functionality and Information
(Near Future)
Home Appliances(Audio Visual,House hold,Cosmetic)
PC,Game Terminal,Information Terminals
Smartphone,Cellphones,Landlines
Housing Equipment( Single Family, Complexes)
Medical Devices (Individual , Institutional)
Public Services(Municipal offices, schools)
Public Transportations(Bus、Trains)
Cars/Automotive equipment
Infrastructure(Power、Gas、Water)
Retail(Large scale, individual)
14
Is the era when household appliances , home and
public,commercial services are all connected near?
Everything
is
connected
Inside the
home
connecting
15. Agenda
15
Changes in the feature of connected CE
products
The risks to connect
Performance and trends in the Vulnerability
Assessment for connected CE products
Security functions required for CE products in
the time of IoT
Closing
16. Risks of Home Appliances Having Network Capabilities
The possibility of unauthorized access via the
network
Many devices have global IPs assigned.
Possibility of attacks leveraging
vulnerabilities in home appliances.
Attack by forcing a download of malware
Targeted attacks leveraging XSS/CSRF
16
Using search engines you
can find sites that hint they
are home appliances.
Fake Firmware or
Contents
17. CVE-2008-3482 (2008)
Network Camera made by Panasonic , Reflected XSS vulnerability
Defect in escaping routine of the display on the error page
Defcon17 (2009)
CSRF vulnerability in household network camera by Panasonic
Many vulnerabilities were disclosed for household routers and
other embedded web systems.
Reported vulnerabilities on CE category: Panasonic case
17
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000037.html
http://www.blackhat.com/presentations/bh-usa-09/BOJINOV/BHUSA09-Bojinov-EmbeddedMgmt-PAPER.pdf
18. Reported vulnerabilities on CE category: example of other case
18
Year Product Outline Manufacturer
2004 Video recorder Accessible without authentication (springboard) Japan
2008 NAS CSRF (remote data deletion) Japan
2010 Digital camera Arbitrary code execution from SD card Japan
2011 MFP Authentication bypass and more Japan & overseas
2012 Digital TV DoS Japan
2012 Many Devices Arbitrary code execution by UPnP vulnerability Japan & overseas
2013 Digital TV DoS & restart by malformed packets Japan & overseas
2013 Smart phone Intrusion of malware through power cable Japan & overseas
2013 Digital TV Authority seizure & remote control by illegal application Overseas
2013 Lighting system Force unable to turn on Overseas
2013 Home GW
Vulnerability in authentication, CSRF and more (electric lock
unlock by malicious third party)
Overseas
2013 Toilet Hard-Coded Bluetooth PIN Vulnerability Japan
With the advancement of function, the reports of vulnerability have
been increasing after 2012
19. Agenda
19
Changes in the feature of connected CE
products
The risks to connect
Performance and trends in the
Vulnerability Assessment for connected
CE products
Security functions required for CE products in
the time of IoT
Closing
20. Vulnerability Eradication Efforts at Panasonic
20
Base Knowledge
(Awareness/Education)
Base foundation of knowledge regarding product security
Two pillars supporting Product Security
Minimize Risk
Incident Response
Minimize Risk Incident Response
Product Security
Improving security of products including house hold appliances
is an important requirement for Panasonic
Network Home Appliances,
Embedded Systems, Services
21. Response based on product lifecycles.
21
ShippingProduct Lifecycle
Contamination Prevention
(Avoid building vulnerabilities into)
Inspection/Removal
(Detect vulnerability and
remove)
Maintain/Improve
(Response after
shipping)
Response
Table
Top Risk
Analysis
(Vulnerability
Analysis)
Security Design
・Secure
Coding
・Static
Analysis
・Vulnerability analysis
(Security Inspection)
・Incident response
The need to respond throughout the product lifecycles
Sale/ServiceTestImplementDesignPlan
Disposal
Minimize Risks Incident Response
22. Response based on product lifecycles.
22
ShippingProduct Lifecycle
Contamination Prevention
(Avoid building vulnerabilities into)
Inspection/Removal
(Detect vulnerability and
remove)
Maintain/Improve
(Response after
shipping)
Response
Table
Top Risk
Analysis
(Vulnerability
Analysis)
Security Design
・Secure
Coding
・Static
Analysis
・Vulnerability analysis
(Security Inspection)
・Incident response
The need to respond throughout the product lifecycles
Sale/ServiceTestImplementDesignPlan
Disposal
Minimize Risks Incident Response
23. Vulnerability Analysis for Panasonic House hold appliances and embedded
systems
23
The number and details for the vulnerability are for
vulnerabilities found “pre shipping”
The detected vulnerabilities were patched prior to
shipping
These vulnerabilities do not exist in current
products available in the general market.
Actual results I will present
30. Agenda
30
Changes in the feature of connected CE
products
The risks to connect
Performance and trends in the Vulnerability
Assessment for connected CE products
Security functions required for CE
products in the time of IoT
Closing
31. Historical Overview of Function and Data Information of Networked Home
Appliances(2010~:Mature Phase)
31
Internet(Household)
Cellphones
Digital TV
Recorder
Audio System/Music
Digital
Camera/Camcorder
Health Care Appliances
Cooking Appliance
Home Related
201220102008200620042002
ADSL
FTTH(光回線)
GSM(cHTML)
広帯域CDMA(HTML/Java)
Smartphone
ブラウザ
宅外操作
CDDB
機器連携
(DLNA)
VOD
状態通知
Security Operational Info
ドアホン 来客通知
Apps
HEMS
スマホ
連携
エアコン
遠隔操作
画像アップロード
Cloud Integration allows the information linkage to include
everything including smartphones.
ID/Passworr
Recording history
Email Address
Device Operation Info
Access History
CD Ownership
List
Payment Info
Viewing History
Vacancy Info
Operational Info
of each device
Image Info
Blog/UL Service
account info
Visitor Info
Email address
Content Ownership
Device Ownership
Operational Info of
each device.
Power Usage Info
Payment Info
Purchase History
住所氏名
ブログ/SNSアカウント
Physical
Information
Service Account
Operation Info
Service Account
Cloud
Integration
Address Book
Video/Image
Account info
32. The Evolution of Networked Home Appliances Functionality and Information
(Near Future)
Home Appliances(Audio Visual,House hold,Cosmetic)
PC,Game Terminal,Information Terminals
Smartphone,Cellphones,Landlines
Housing Equipment( Single Family, Complexes)
Medical Devices (Individual , Institutional)
Public Services(Municipal offices, schools)
Public Transportations(Bus、Trains)
Cars/Automotive equipment
Infrastructure(Power、Gas、Water)
Retail(Large scale, individual)
32
Is the era when household appliances , home and
public,commercial services are all connected near?
Everything
is
connected
Inside the
home
connecting
33. Future prediction
Spread to the whole of human life
Rapid increase of device
Connect to the various industries
33
34. Spread to the whole of human life
34
Risk of Serious accident Higher reliability
Fire due to incorrect control of CE product
Invalidation of electric lock security
Accident and runaway of automotive
Connect to various device of various manufacturer
We want to guarantee at least minimum level security
Will you need the standard like Industry standard ?
it is not the problem of one company
Entire House, Linkage to automotive, home security and gas app…
Information assets = life of customer
The minimum level security ?
35. Spread to the whole of human life
35
The risk due to share of authentication information
Adoption of SSO is also being investigated in CE products
Influence of vulnerability will spread to other services that share
authentication information
it is not the problem of one provider or one vendor
Constantly connected communications, share of authentication
information Useful …
Authentication
provider
CE
Smart
phone
application
Web
service
Automotive
HEMS
game
CE
Share of
authentication
information
What must we do to make product secure ?
SNS
application
36. Rapid increase of device
36
Lighting, switch, sensor, electric socket, etc.
Maintenance of various and huge amount of devices
After vulnerability is reported, software must be updated
Lighting, sensor, electric socket…update all ?
How to update ?
Service engineers ?
Automatic update ?
Disclaimer of firmware update
Lifetime of CE product is long (over 10 years)
Up to when ?
The update method, the period to continue to care security ?
37. Connect to the various industries
37
Diversification of I/F, protocol
ECHONET Lite, CAN, DLNA…
Bluetooth, NFC, TransferJet, ZigBee, Z-Wave…
Original communication protocol, 920MHz…
Security verification technology must catch up
Only knowledge of the IP network is not enough
Knowledge other than the IP network is necessary
Knowledge of Non-IT engineers will be needed
Think tank beyond the type of industry?
Diversification of I/F of the linkage to infrastructure, automotive
and healthcare, security technology catch up
The structure which takes in knowledge of various fields?
38. Agenda
38
Changes in the feature of connected CE
products
The risks to connect
Performance and trends in the Vulnerability
Assessment for connected CE products
Security functions required for CE products in
the time of IoT
Closing
39. Closing
39
Several billion of IoT(Internet of Things) will be connected
It is difficult to guarantee security by one company
The approach beyond the industry/type of industry
/position must be needed
Unite for the IoT security !
Internet
Store
Social
infrastructure
Public Service Housing
equipment
Automotive
in-car device
Smart phone
Information device
PC
Connected
CE product
40.
41. Contact
41
Analysis Center Panasonic Corporation
http://www2.panasonic.co.jp/aec/ns/index.html
Sorry, Japanese Only…
Panasonic-PSIRT
http://panasonic.co.jp/info/psirt/en/
product-security@gg.jp.panasonic.com