Black Hat Roundup: Why IoT Is Not Safe


By: R. Scott Raynovich

The Black Hat security conference, held in Las Vegas last week, is a paranoiac's nightmare. Here you learn how hacks are simple, pervasive, and increasingly threatening to the world's systems and devices -- especially with the advent of the Internet of Things (IoT).

I was not able to attend Black Hat, but I did track the news and some of the research findings. And what you can see from Black Hat, as well as the findings from our recent SysSecOps report, is that the world is definitively not secure -- especially the world of IoT.

Among last week's findings: Flash memory is making storage increasingly hackable. They've found relatively easy ways to hack a variety of connected systems and devices, including connected car washes, nuclear plants, building automation systems, embedded devices, and the WiFi connected to your phone. In short, whether you're in the car wash, monitoring a nuclear plant, or just surfing WiFi in the local coffee shop, you're vulnerable.

Embedded IoT Threat

Let's start with the IoT. We are all preached the wonders of connected cars and buildings. But think about what this does to the attack surface for the bad guys: It expands it wonderfully. For example, the security problems discovered in Internet-enabled medical equipment and cars have raised the visibility of safety risks of connected devices.

There is growing concern about the vulnerability of embedded devices, especially given their proliferation as IoT clients. An embedded device is any machine carrying an operating system (OS), which could be anything from a wind turbine to an automobile communications chip.

Embedded devices are controlled by firmware, the OS for the system on the chip. Several presentations at Black Hat covered the vulnerability of embedded devices. Alex Matrosov, principal research scientist at Cylance, revealed at Black Hat the multiple issues he found in UEFI firmware provided by motherboard vendors, in a session titled "Betraying the BIOS: Where the Guardians of the BIOS Are Failing." You can read a summary here.

Building automation seems to be a hacking motherlode. A Black Hat research paper by Thomas Brandstetter and Kerstin Reisinger describes a number of attack scenarios on building and home automation systems. The paper says that adequate attention is not being applied to these systems:

"... cyber security is quite often sacrificed either for comfort or efficiency. The higher number of small and large-scale installations combined with easily exploitable vulnerabilities leads to a stronger exposure of building automation systems, which are often overlooked. Even worse, an adversary understanding the usage of regular building automation protocol functions for malicious purposes may not only create chaos within the breached building but can potentially even peek into internal, otherwise not reachable, networks through these building protocols.

You can read the whole paper here.

What about nuclear plants or border patrol? IOActive Ruben Santamarta talked about how radiation monitoring devices, in nuclear plants and at borders, can be exploited, according to And Jason Staggs, a security researcher at the University of Tulsa, showed how wind farms can be hacked.

If you aren't already thinking about hackers getting into your nuclear plant, phone, or home automation system, what about the next time you're at the car wash? I'm sure Walter White was thinking about this.

Security researchers found vulnerabilities in car washes that are connected to the Internet. Hackers could remotely hijack the car-wash systems to physically attack vehicles and their occupants. For example, an attacker could open and close the bay doors on a car wash to trap vehicles inside, or damage the cars and injure occupants.

Fun! Something to think of next time you're at Scrubby's.

More Tools for Mobile Marauders

Part of the threat of IoT is compounded not just by the number of devices, but the proliferation of mobile networks that can be used to access them.

Nitay Artenstein, security researcher at Exodus Intelligence, revealed new information about the Broadpwn WiFi vulnerability in smartphones. This is a flaw in Broadcom's WiFi chipset code that could enable a WiFi worm to infect a smartphone user and then propogate itself. The vulnerability is found in more than a billion phones. Read a nice summary of the development in eWeek.

Finally, another high-profile demonstration showed that mobile cellular networks such as 3G, 4G, and LTE -- often thought to be more secure than networks such as WiFi -- are vulnerable to stingray-like attacks. Stingrays are surveillance devices often used by law enforcement to tap into spectrum and listen.

These flaws were detailed in a presentation titled "New Adventures in Spying 3G & 4GUsers: Locate, Track, Monitor," by Ravishankar Borgaonkar, Lucca Hirshi, Shinjo Park, Altaf Shaik, Andrew Martin, and Jean-Pierre Seifert. The team detailed how next-generation-type stingray devices could be developed to prowl mobile networks worldwide.

That's just the tip of the iceberg from Black Hat, which is one of the leading conferences demonstrating the cutting edge of threats that could be just around the corner.

For a full picture of the Industrial IoT market, purchase our 50-page Ultimate Industrial Internet of Things (IIoT) Report, which covers a wide range of communications and cloud technologies that are being applied to businesses around the world to provide connectivity, analysis, automation, and optimization of a range of industrial applications. Use discount code "EDGE" for 20% off.