CYBER(IN)SECURITY IN THE AGE OF DIGITAL TRANSFORMATION
… WHY HACKERS LOVE DIGITALISATION … NICOLA DRAGONI EMBEDDED SYSTEMS ENGINEERING (ESE) SECTION DTU COMPUTE TECHNICAL UNIVERSITY OF DENMARK (DTU)
CYBER(IN)SECURITY IN THE AGE OF DIGITAL TRANSFORMATION
… WHY HACKERS LOVE DIGITALISATION … NICOLA DRAGONI EMBEDDED SYSTEMS ENGINEERING (ESE) SECTION DTU COMPUTE TECHNICAL UNIVERSITY OF DENMARK (DTU)
…A
TRUE
STORY…
DIGITAL INNOVATION
BIG DATA
IOT -
EMBEDDED
AI
- CONNECTIVITY
5G WIRELESS NETWORKING
CLOUD
Internet Of Things (IoT)… in Numbers!
WORLD POPULATION As of March 2016, estimated at 7.4 BILLION World Population As of March 2016, estimated at 7.4 BILLION
IoT Scenario: Smart Home/Office/Building
IoT Scenario: Pervasive/Smart Healthcare
3 or 4?
REALITY CAN BE SO COMPLEX THAT EQUALLY VALID OBSERVATIONS FROM DIFFERENT PERSPECTIVES CAN APPEAR TO BE CONTRADICTORY
3 or 4?
EXCITEMENT! :-D
DISASTER! :-(
REALITY CAN BE SO COMPLEX THAT EQUALLY VALID OBSERVATIONS FROM DIFFERENT PERSPECTIVES CAN APPEAR TO BE CONTRADICTORY
3 or 4?
EXCITEMENT! :-D
DISASTER! :-(
REALITY CAN BE SO COMPLEX THAT EQUALLY VALID OBSERVATIONS FROM DIFFERENT PERSPECTIVES CAN APPEAR TO BE CONTRADICTORY
… why hackers
digitalization…!
Big Sensitive Data
As people are making more and more information about themselves available online
— by means of any kind of device connected to the Internet —
there’s going to be more and more SENSITIVE DATA available for cybercriminals to steal and exploit
Control Devices
A Security and Privacy Disaster 113 million medical records compromised in 2015, according to the OďŹƒce of Civil Rights
Data breaches cost
the healthcare industry
~ $5.6 BILLION per year In 2015, 78.8 million of Anthem’s customers were hacked TheDarkOverlord put over 650,000 patient records up for sale on the dark web
…It’s Actually Worse Than You Think…
Researchers Hack Fingerprint Sensors Using Ink-Jet Printer Author: SecureWorld
What Do You Have in Your Smart Home?
What Do You Have in Your Smart Home?
What Do You Have in Your Smart Home?
What Do You Have in Your Smart Home?
What Do You Have in Your Smart Home?
What Do You Have in Your Smart Home?
What Do You Have in Your Smart Home?
What Do You Have in Your Smart Home?
What Do You Have in Your Smart Home?
‣ Massive data breach: personal details of ~ 4.8M parents and 6.4M kids ‣ More than 2 million voice recordings of children and parents exposed
What Do You Have in Your Smart Home? “You suck! Pay X or it’ll lock the temp at 99…”
What Do You Have in Your Smart Home?
What Do You Have in Your Smart Home?
Thirsty…?
TO SHUT OFF THE ENTIRE WATER SUPPLY TO POISON THE WATER
What Do You Have in Your Smart Home?
What Do You Have in Your Smart Home?
Intimacy 2.0… World’s first ‘smart condom’ collects intimate data during sex and tells men whether their performance is red-hot or a total flop
Intimacy 2.0… World’s first ‘smart condom’ collects intimate data during sex and tells men whether their performance is red-hot or a total flop
Your future sex robot could be hacked and programmed to murder you
Do You Need your Smart Car?
Do you Prefer to Take a Walk Instead?
• Simple penetration testing device and an Internet connection • Evil Twin Attack: attacker fools wireless users into connecting their devices to an malicious hotspot by posing as a legitimate WiFi provider
• Once connected, all the victim's information flows directly into the attacker's device, allowing cybercriminals to secretly eavesdrop on the network traffic and steal sensitive data and even redirect to malware / phishing sites
Feeling Bad? Need a Medical Device? Hospira LifeCare Drug Infusion Pump
Feeling Bad? Need a Medical Device? Hospira LifeCare Drug Infusion Pump
Hackers can give you fatal overdoses!
Feeling Bad? Need a Medical Device? Medtronic's Paradigm Insulin Pumps
Feeling Bad? Need a Medical Device? Over 8,600 vulnerabilities found… FDA recalled half a million pacemakers…
“If you want to keep living, pay a ransom, or die…”
Feeling Bad? Need a Medical Device?
Feeling Bad? Need a Hospital? Blood Refrigeration Units
Feeling Bad? Need a Hospital? X-Ray Systems
Blood Refrigeration Units
Feeling Bad? Need a Hospital? X-Ray Systems
CTBlood Scanning Equipment Refrigeration Units
Not Just Science Fiction…
The Future of Remote Surgery: Robots!
The Future of Remote Surgery: Robots!
Wearable Devices
Jawbone Up Move
Fitbit Charge
Vulnerabilities Read and write device data
Track the device
DoS attack (device paired/not paired)
Data stored unencrypted
Access to data to anybody
Users do not have any control or ownership
MITM attack based on fake certificates
Data to third parties
Resilience to Cyber Attacks
Towards Industry 4.0…
HOW HACKERS CAN USE “EVIL BUBBLES”
TO DESTROY INDUSTRIAL PUMPS
EASY WAY FOR HACKERS
TO REMOTELY BURN INDUSTRIAL MOTORS OPERATING FANS AND PUMPS IN WATER PLANTS
Smart cities can be the next security nightmare
OCT 21TH, 2016
What Hackers Really Want…
HACKERS DO NOT JUST WANT YOUR CREDIT CARDS… WHAT THEY ACTUALLY WANT IS THE
PATTERN OF YOUR LIFE! …
DON’T FORGET THEY
you…!
Key Points ✓ IoT Theorem: Everything can now be connected to the Internet
✓ Security Corollary: Everything (thus, our devices) can be hacked
Key Points ✓ IoT Theorem: Everything can now be connected to the Internet
✓ Security Corollary: Everything (thus, our devices) can be hacked
DIGITALISATION MAY MAKE AN ATTRACTIVE BUSINESS CASE ONLY UNTIL ONE STARTS THINKING ABOUT
SECURITY
Key Points ✓ IoT Theorem: Everything can now be connected to the Internet
✓ Security Corollary: Everything (thus, our devices) can be hacked
DIGITALISATION MAY MAKE AN ATTRACTIVE BUSINESS CASE ONLY UNTIL ONE STARTS THINKING ABOUT
SECURITY
IOT SECURITY IS A
PUBLIC SAFETY ISSUE!
WHAT IS
THE ROOT
?
WHAT IS
THE ROOT
?
Is it TECHNOLOGY? Do we urgently need INNOVATION?
WHAT IS
THE ROOT
?
Is it TECHNOLOGY? Do we urgently need INNOVATION? Is it LIABILITY? Do we urgently need GOVERNMENT REGULATION?
WHAT IS
THE ROOT
?
Is it TECHNOLOGY? Do we urgently need INNOVATION? Is it LIABILITY? Do we urgently need GOVERNMENT REGULATION? Is it EDUCATION?
WHAT IS
THE ROOT
?
Is it TECHNOLOGY? Do we urgently need INNOVATION? Is it LIABILITY? Do we urgently need GOVERNMENT REGULATION? Is it EDUCATION?
Or what else…?
WE NEED AN EFFECTIVE SECURITY CULTURE
• RAISING THE LEVELS OF AWARENESS AND UNDERSTANDING OF THE CYBER RISK
• EMBEDDING “SECURITY-AWARE” VALUES AND BEHAVIOURS
Security as Fundamental Element IoT (In)Security Practice
RUSH TO DEVELOPMENT + HARD ==> AVOID, DEAL LATER (MAYBE)
Security as Fundamental Element IoT (In)Security Practice
RUSH TO DEVELOPMENT + HARD ==> AVOID, DEAL LATER (MAYBE)
The key step in securing an IoT system
(and thus our SMART CITIES) is
to treat SECURITY as a FUNDAMENTAL ELEMENT
of the product value proposition
Bad Security Could Make Things Worse!
From the Cloud… NOT DESIGNED FOR THE VOLUME, VARIETY, AND VELOCITY OF DATA THAT IOT GENERATES
… to the Fog FOG COMPUTING: “SYSTEM-LEVEL ARCHITECTURE THAT DISTRIBUTES RESOURCES SERVICES OF COMPUTING, STORAGE, CONTROL AND NETWORKING ANYWHERE ALONG CONTINUUM FROM CLOUD TO THINGS” [OpenFog Consortium]
MINIMIZE LATENCY
CONSERVE NETWORK BANDWIDTH
BETTER SECURITY
DEEPER INSIGHTS WITH PRIVACY CONTROL
AND THE