The IoT is hugely diverse: home assistants, fitness trackers, medical devices, home security, kid trackers, smart TVs, industrial equipment, crypto wallets, car alarms and even sex toys. We've seen security and privacy failures in nearly all these systems, some trivial, some serious. In today's IoT, security failures in these systems might seem trivial, but in 10 years, these systems will be ruling our lives.
We suspect that the developers of the products failed to predict which threats they needed to protect against. Unless security is considered during the design of these systems, they will never be truly secure.
We'll look at 4 practical examples where lessons can be learned:
Hopefully you'll be able to see the mistakes that were made, alongside the simple solutions to these issues.
Andrew leads the hardware team at Pen Test Partners. He covers all systems that aren't general purpose computers: IoT, phones, cars, ships, planes and industrial control. On the offensive side, he has spent many years reverse engineering, researching and finding vulnerabilities in these systems.
On the defensive side, he takes the knowledge gained from research and advises companies on how to build secure products. This ranges from the nitty-gritty of securing devices against physical attack, through to developing complete connected platforms that make use of defence-in-depth so that they can stay secure through the entire lifecycle of the product.
He trains people how to attack and defend hardware, with customers ranging from medical device manufacturers through to police forensics teams.
John Grimm is Vice President of Strategy and Business Development at nCipher Security, an Entrust Datacard company, and a world leader in hardware security modules (HSMs). nCipher empowers world-leading organizations by delivering trust, integrity and control to their business critical information and applications.