IoT Devices Vulnerabilities - aeronautics and aerospace security

Transcript

1. IoT Devices Vulnerabilities - aeronautics and aerospace security Renaud Lifchitz

   – Space's Industrial Control Systems Security – 28/09/2018

2. digital.security IoT CERT and its activities

3. digital.security Our CERT CERT UBIK: the very first CERT in

   Europe dedicated to IoT security 40 experts Security watch, incident response, security audits, reverse engineering, … We have our own dedicated lab in Paris Our IoT CERT and its activites 28/09/2018 IoT devices vulnerabilities - aeronautics and aerospace security P. 3

4. digital.security Digital Security portfolio Security level evaluation of the IoT

   chain  Integrating security into projects  Software and hardware reverse engineering  Code review  Penetration tests Our IoT CERT and its activites Equipment and appropriate skills for the IoT security specificities 28/09/2018 IoT devices vulnerabilities - aeronautics and aerospace security P. 4

5. Top 5 IoT vulnerabilities after 100 IoT audits IoT devices

   vulnerabilities - aeronautics and aerospace security

6. digital.security #1 : Non-secure updates Lack of encryption: secrets leak

   Lack of authenticated signatures: possible alteration of software Top 5 IoT vulnerabilities Connected thermostat compromised by a ransomware 28/09/2018 IoT devices vulnerabilities - aeronautics and aerospace security P. 6

7. digital.security #2 : Secret keys by default ZigBee  Key

   ZigbeeAlliance09 still often used  Non-compliance with security best practices about key management (PKI) Bluetooth Smart  PIN code easy to guess (0000, 1234, ...) ZigBee default key implemented on existing Lightify Osram lightbulbs 28/09/2018 IoT devices vulnerabilities - aeronautics and aerospace security P. 7 Top 5 IoT vulnerabilities

8. digital.security #3 : Lack of encrypted communications Sigfox  No

   encryption by default  Data size : 12 bytes maximum (AES not possible) LoRa  No encryption by default (unlike LoRaWAN) 28/09/2018 IoT devices vulnerabilities - aeronautics and aerospace security P. 8 Top 5 IoT vulnerabilities

9. digital.security #4 : Non-secure data storage Configuration datas Personal data

   linked to a user Encryption or authentication keys 28/09/2018 IoT devices vulnerabilities - aeronautics and aerospace security P. 9 Top 5 IoT vulnerabilities

10. digital.security #5 : Debug interface Ability to bypass the read

    only protection  Reuse of protected code...  ... that accesses memory informations ! Content extraction with the microprocessor registry Extraction of secrets from RAM, of firmware from Flash 28/09/2018 IoT devices vulnerabilities - aeronautics and aerospace security P. 10 Top 5 IoT vulnerabilities

11. IoT devices vulnerabilities & aeronautics and aerospace security 28/09/2018 IoT

    devices vulnerabilities - aeronautics and aerospace security P. 11

12. digital.security SDR is spreading Software Defined Radio allows analysis of

    any RF communication Cheap devices (10€-400€) Open Source software, freely available P. 12 IoT devices vulnerabilities - aeronautics and aerospace security 28/09/2018

13. digital.security SDR allows easy RF sniffing September 2018: Russian satellite

    Luch- Olymp tried to sniff French&Italian satellite Athena-Fidus communications P. 13 IoT devices vulnerabilities - aeronautics and aerospace security 28/09/2018

14. digital.security Real-time aircraft identification & geolocation Listening to ADS-B frames

    (1090 MHz) sent in clear (flight number, position, altitude, speed...) Same issues with cockpit conversations (120-130 MHz) and ACARS damage reporting protocol (131-137 MHz) 10€ device and typical range of 100 km! P. 14 IoT devices vulnerabilities - aeronautics and aerospace security 28/09/2018

15. digital.security Real-time aircraft identification & geolocation P. 15 IoT devices

    vulnerabilities - aeronautics and aerospace security 28/09/2018 April 2016: French president and prime minister flights were easily trackable in realtime

16. digital.security Aircraft spoofing & jamming P. 16 IoT devices vulnerabilities

    - aeronautics and aerospace security 28/09/2018

17. digital.security Aircraft spoofing & jamming P. 17 IoT devices vulnerabilities

    - aeronautics and aerospace security 28/09/2018

18. digital.security Aircraft spoofing & jamming P. 18 IoT devices vulnerabilities

    - aeronautics and aerospace security 28/09/2018 ADS-B security from 1994 to 2014 "So you think you are safe", Eric Theunissen, Ministry of Defense - Netherlands, 2014

19. digital.security GPS spoofing & jamming P. 19 IoT devices vulnerabilities

    - aeronautics and aerospace security 28/09/2018 GPS security from 1994 to 2014 "So you think you are safe", Eric Theunissen, Ministry of Defense - Netherlands, 2014

20. digital.security Most RF protocols aren’t designed for security P. 20

    IoT devices vulnerabilities - aeronautics and aerospace security 28/09/2018 September 2016: A Boeing 757 was hacked remotely in its runway using RF protocols

21. digital.security GSM antenna mapping and mobile devices geolocation The GSM

    signalling protocol is plaintext, so it’s easy to map the base stations antennas and then geolocate a device.... P. 21 IoT devices vulnerabilities - aeronautics and aerospace security 28/09/2018

22. digital.security Spying and control of IP cameras Many IP cameras

    are accessible from the Internet due to a lack of security: sensitive areas are made more vulnerable P. 22 IoT devices vulnerabilities - aeronautics and aerospace security 28/09/2018

23. « IoT Qualified Security » label

24. digital.security What is the difference between these two connected locks?

    Security label for IoT solutions One protects your home, the other opens the door to intruders! 28/09/2018 IoT devices vulnerabilities - aeronautics and aerospace security P. 24

25. digital.security IoT Standards and safety guides Several initiatives : 

    Sectorial guidance on IoT security by the ENISA  U.S. Dept of Homeland Security Strategic Principles for securing IoT  NIST Special Publication 800-160  Projet OWASP for the IoT  NESCOR Standard  UL 2900 Standard Security label for IoT solutions IoT security is on the way, but connected solutions are already largely widespread 28/09/2018 IoT devices vulnerabilities - aeronautics and aerospace security P. 25

26. digital.security IoT Qualified Security Security label for IoT solutions IQS

    enables future buyers, companies or individuals to identify the security level of a connected solution according to a reliable, neutral and independent indicator. 28/09/2018 IoT devices vulnerabilities - aeronautics and aerospace security P. 26

27. digital.security IoT Qualified Security Security label for IoT solutions 28/09/2018

    IoT devices vulnerabilities - aeronautics and aerospace security P. 27 A repository based on SSI standards (OWASP IoT, RGS), best practices and on our feedback on the safety assessment of more than 100 IoT solutions

28. digital.security IoT Qualified Security EvalUbik, platform for evaluating the security

    of connected objects Security label for IoT solutions 28/09/2018 IoT devices vulnerabilities - aeronautics and aerospace security P. 28

29. digital.security IoT Qualified Security IQS features:  Applicable to all

    sectors of the IoT  Repository integrating requirements of security standards, IS best practices and feedback from Digital Security  Two levels of labelling: ↪Standard ↪Advanced  Independent labelling committee provides the label for 2 years  Promotion of the label to companies and to the general public (2018) Security label for IoT solutions 28/09/2018 IoT devices vulnerabilities - aeronautics and aerospace security P. 29

30. digital.security Contact Internet of Things security 28/09/2018 IoT devices vulnerabilities

    - aeronautics and aerospace security P. 30 [email protected]