Exploiting IoT Vulnerabilities

Dr. Yatish Joshi, Senior Engineer, Cisco Systems

11:45am-1:00pm Monday, 18 February 2019, ITE 325-B

The past decade has seen explosive growth in the use and deployment of IoT (Internet of Things) devices. According to Gartner there will be about 20.8 billion IoT devices in use by 2020. These devices are seeing wide spread adoption as they are cheap, easy to use and require little to no maintenance. In most cases, setup simply requires using a web or phone app to configure Wi-Fi credentials. Digital home assistants, security cameras, smart locks, home appliances, smart switches, toys, vacuum cleaners, thermostats, leakage sensors etc are examples of IoT devices that are widely used and deployed in home and enterprise environments.

The threat landscape is constantly evolving and threat actors are always on the prowl for new vulnerabilities they can exploit. With traditional attack methods yielding fewer exploits   due to the increased focus on security testing, frequent patches, increased user awareness, Threat actors have turned their attention on IoT devices and are exploiting inherent vulnerabilities in these devices. The vulnerabilities, always ON nature, and autonomous mode of operation allow attackers to spy on users, spoof data, or leverage them as botnet infrastructure to launch devastating attacks on third parties. Mirai, a well known IoT malware utilized hundreds and thousands of enslaved IoT devices to launch DDoS attacks on Dyn affecting access to Netflix, Twitter, Github and many other websites. With the release of the Mirai source code numerous variants of the malware are infecting IoT devices across the world and using them to carry out attacks.

These attacks are made possible because the devices are manufactured without security in mind!. In this talk I will demonstrate how one can hack a widely available off-the-shelf IP Camera and router by exploiting the vulnerabilities present in these devices to get on the network, steal personal data, spy on a user, disrupt operation etc. We will also look at what can be done to mitigate the dangers posed by IOT devices.

So attend hack & defend!

Dr. Yatish Joshi is a software engineer in the Firepower division at Cisco Systems where he works on developing new features for Cisco’s security offerings. Yatish has a PhD in Computer Engineering from UMBC. Prior to Cisco Yatish worked as a lecturer at UMBC, and was a senior software engineer developing TV software at Samsung Electronics. When not working, he enjoys reading spy thrillers and fantasy novels.