Internet of Things
Featuring 5 Papers as of September 16, 2016
A security assessment of Z-Wave devices and replay attack vulnerability Masters
by Mark Devito - August 31, 2016
Within many modern homes, there exists a compelling array of vulnerable wireless devices. These devices present the potential for unauthorized access to networks, personal data and even the physical home itself. The threat originates from the Internet-connected devices, a ubiquitous collection of devices the consumer market dubbed the Internet of Things (IoT). IoT devices utilize a variety of communication protocols; a replay attack against the Z-Wave protocol was accomplished and demonstrated at ShmooCon 2016. The attack was carried out using two HackRF radios. This paper attempts to conduct a similar attack but employing a $35 US SDR, a $130 US sub-1Ghz dongle, and readily available Open Source applications, instead of the more expensive HackRF hardware.
Accessing the inaccessible: Incident investigation in a world of embedded devices Masters
by Eric Jodoin - June 24, 2015
There are currently an estimated 4.9 billion embedded systems distributed worldwide. By 2020, that number is expected to have grown to 25 billion. Embedded systems can be found virtually everywhere, ranging from consumer products such as Smart TVs, Blu-ray players, fridges, thermostats, smart phones, and many more household devices. They are also ubiquitous in businesses where they are found in alarm systems, climate control systems, and most networking equipment such as routers, managed switches, IP cameras, multi-function printers, etc. Unfortunately, recent events have taught us these devices can also be vulnerable to malware and hackers. Therefore, it is highly likely that one of these devices may become a key source of evidence in an incident investigation. This paper introduces the reader to embedded systems technology. Using a Blu-ray player embedded system as an example; it demonstrates the process to connect to and then access data through the serial console to collect evidence from an embedded system non-volatile memory.
The Perfect ICS Storm by Glenn Aydell - June 8, 2015
As manufacturing Industrial Control System (ICS) architectural designs have evolved from isolated and proprietary systems with physical separation to a layered architecture using more standard IT components to the latest “trend” of Industrial Internet of Things (IIoT); so too have the challenges associated with securing these environments.
Securing the “Internet of Things” Survey Analyst Paper
by John Pescatore - January 15, 2014
- Associated Webcasts: SANS Analyst Webcast: SANS Survey on Securing The Internet of Things
- Sponsored By: Codenomicon Norse
Survey reveals the risks introduced by an increasing array of "smart" things with wireless or Internet connections.
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact firstname.lastname@example.org.
All papers are copyrighted. No re-posting or distribution of papers is permitted.