[Music]
hi my name’s Ken and I am a security
researcher an ethical hacker if you like
and we’re the good guys another job is
to carry out there and break things to
make them better now I’m gonna be
talking today about the Internet of
Things and by that I mean the smart tech
in your your home so your smart
thermostats
your smart door lock maybe or perhaps
your Smart vehicle but unfortunately
security and the internet things aren’t
often found in the same place they’re
really vulnerable and we see huge
problems with people’s personal data
their privacy being invaded and maybe
even their data being locked up and
encrypted because IOT manufacturers
don’t spend enough time looking at
security now don’t get me wrong I think
IOT the Internet of Things has a huge
benefits to us I think we can be more
beneficial with the use of our resources
with smart thermostats and smart control
of our heating I think medical advances
using continuous monitoring with IOT
fantastic and also assisted living for
the elderly brilliant
IOT can bring all those but
unfortunately it’s not safe until it’s
secure now my job what I get to do I get
to break smart things I love my job
because I get to take things apart and
break them make them better and I don’t
always have to put them back together
again either which is great a project
we’re doing right now we’re working on a
Tesla Model S for our own interest so
we’ve got a hold of a vehicle very
expensive vehicle seventy thousand
pounds and we took it apart and we found
lots of fun things which I’ll publish
later on in the year but then we put it
back together and my colleagues said
it’s all fine can you can drive it it’s
good just watch out for the brakes okay
now most of the time organizations bring
us stuff so we can break it we can help
them make it better but sometimes we do
work on our own back so we buy our own
technology and start taking it apart to
see what we can find and that’s what I’m
going to share with you today
got lots of examples of some really not
quite so smart things now this is the
first one I’d like to introduce you it’s
actually inside my kettle don’t worry
we’ll see if we can find it this is a
smart fingerprint padlock now I think
the idea of a smart padlock is great
because how often do you go around
looking for your keys and you can’t find
them
well I lose my keys I forget my keys but
I don’t forget my fingers very often I
usually have those with me and this is a
cool idea it’s a cap lock it’s a
fingerprint padlock the idea you put
your finger on there and it unlocks
brilliant absolutely fantastic now a
youtuber found an issue with this they
discovered that with enough force you
could actually unscrew the back of the
lock and open it and it turned out it
was a manufacturing flaw in one lock it
was just one issue with one of them but
we were interested we wanted to know are
there more problems so we bought some
and I discovered that it doesn’t just
open from your finger you can also use
bluetooth so you can get hold of your
smartphone and one of my colleagues
noticed that he could actually pick up
an unlock the lock to order and here’s
how he did it he looked at the mobile
app he took it apart he reverse
engineered it to understand how it
worked and then there he discovered it
needed a key it need an electronic key
to unlock this device but the key to
unlock it was the Bluetooth ID of the
lock the Bluetooth MAC address it’s the
one thing that is sent out by this lock
it’s a bit like leaving the keys to your
lock next to it it’s unbelievable
we videoed it here so with something as
simple as a phone or a laptop you could
unlock any lock to order there it goes
it unlocks we’ve now got that attack so
fast we can do it in less than 0.8 of a
second that’s crazy right but then it
got worse because what chance I’m going
to find one of these and another cool
researcher a guy called Vangelis Dickus
looked at the cloud service at the
mobile app talked to and realize that
you could discover from that where all
the locks were he could pull your
address so now you had the perfect
ticket to find out where the locks were
and on
than to order that’s crazy really crazy
this is a interesting product it was um
funded part funded through a TV show
called dragons down in Canada it like
the shark tank in the USA but some I
think their backers might have some
questions now have a next place your
home Wi-Fi you have a Wi-Fi password
right now if I can get hold of that
password if a hacker can get hold of
that password they can get on your Wi-Fi
network and they can start to listen and
intercept and redirect the data so the
data you’re sending to social networks
may be the data you’re sending to your
bank so how could I owe two litre
problems like that well I want to
introduce what the very first IOT device
I ever looked at and this is my Wi-Fi
kettle anyone got a Wi-Fi kettle no you
need one that great the idea is you put
it in your kitchen you leave it in the
kitchen then you get your cell phone you
go to bed and you wake up in the morning
you press the button on the app and by
the time you get to your kitchen you’ve
got a kettle full of boiling water Wow
saving you 30 seconds of your day 100
pounds now I looked at this with some of
my colleagues I thought I wonder cannot
be secured and I thought I’d show you
how we went about hacking it so the
first thing I needed to do was connect
to it and we discovered you connect to
the kettle over Wi-Fi but it’s okay it’s
got a password now without the password
I can’t go any further
I’m stuck but I thought I wonder what we
can do so we took the kettle apart and
then there we found some chips and
that’s the manual for the chips I
thought I wonder why don’t we have a
little look through the manual for the
chips for the word password and there we
go system password is six zeros surely
hacking is more difficult than this
right so one two three four five six Wow
now I’m talking kettle excellent but I
still haven’t achieved anything I
haven’t done anything yet so I then read
further in the manual we reverse
engineer the mobile app and we
discovered a command that scared me we
discovered you could do this
I could recover your Wi-Fi password from
your kettle so now I’m on your home
Wi-Fi network I can listen to everything
you’re doing it I can redirect your
passwords your data steal things
everything just because you wanted to
boil your kettle from your bed but again
it’s this wasn’t the end of it it still
got worse there’s a feature of Wi-Fi a
large number of really cool security
researchers have put together a project
called wardriving where they drive
around listening to all the Wi-Fi
networks out there and then they map
them and as a result of that you can go
and query their databases and their
searches for the addresses of certain
Wi-Fi devices so there are the kettle’s
in the west of London so I can now know
where I have to go to hack someone’s
house and get their Wi-Fi key crazy now
in fairness the manufacturers has now
got their security in hand they’re doing
a good job and their latest product the
kettle’s 3.0 you’re actually really
secure so they got there in the end but
it was such a shame that they have the
security issues along the way so if you
want to boil water remotely that’s the
way to do it
cool now another error look at an area
that really bothers me is that around
smart toys every holiday season we see
more smart technology coming to market
and unfortunately the security of those
toys is often appalling and this is my
favorite IOT device this is my friend
Kayla Kayla she’s awesome she’s an
interactive speaking kids doll she has a
microphone in the speaker she can speak
to your smartphone over Bluetooth so all
the processing goes on over here and she
can listen to what your kids are saying
and she can respond to their questions
he’s interactive she’s really cool now
how does she work while Kayla is awesome
microphone speaker bluetooth she is a
hands-free headset you can make
telephone calls on the doll if you wish
you get some very weird looks and as I’m
sure you know it’s it’s illegal to drive
with your phone to your ear but not with
adult your ear so I understand so yeah
we’ll come back to her but what
interested me first was that when I saw
her in the store there were some logos
in the boxer said Internet safe child
friendly well that’s a big claim to make
that’s a red rag to me the ethical
hacker and also suggested that if you
swore at the doll she would not reply to
the child and tell him to go and speak
to their parents I thought I wonder
could I make this thing sweat oh no now
the bit that I found creepy was when you
connect your smartphone to your vehicle
you have to put in a pin right and that
sets up a type of frequency hopping
which gives you security however when
you connect your phone to the doll
there is no pin which means that anyone
in Bluetooth range so 30 40 50 meters
can connect to the Charles doll
microphone speaker which means that
someone outside on the street or in the
next house can listen to the microphone
and spy on your kids or can talk to them
as well
and I find that really really creepy now
in terms of swear we had some fun we
look to see how she swore don’t worry
I’m not going to embarrass you and we
discovered a database in the mobile app
of 1536 really good swear words so he
deleted them and now she swears like a
but that’s just really creepy we’ll come
back to Kayla in a bit the next part I
want to go to is around home video now
this is a wireless home security camera
it’s really cool it’s battery operated
and it has a really good battery life
and you can stick it in your house or
you can stick it in them outside your
home and you can see your house and your
security cameras remotely from your
phone and unfortunately we found some
security flaws with it that when you
access the cloud service that the mobile
the mobile phones hooks do and interacts
with the the cameras unfortunately you
can switch it to someone else’s cameras
just by messing around with the camera
IDs and you can see someone else’s
footage it’s got a microphone – so you
can listen as well now the good news
about this one is it got fixed very
quickly the manufacturer was really
responsive and they fixed it really fast
which is great but this products been on
the market for about nine months it was
only us coming along that resulted in
the vulnerability being found and I
think that’s really worrying now that’s
a wireless camera this one is slightly
different this is a wide security camera
it takes power and it sends its feed not
over Wi-Fi but over a cable and it goes
to a recorder called a digital video
recorder and these are many of many DS
around the world in offices in homes and
a computer hacker found a vulnerability
in the recorders and he realized they
could connect to them all and make them
all start attacking other websites
nearly 300-thousand IOT digital video
recorders started attacking various
social networks in October 2016 they
took it offline they took Twitter
offline for two hours I didn’t know what
to do crazy so we have weapons from the
IOT in our house now maybe you’ve been
unlucky maybe you’ve had data held to
ransom maybe your photographs your
family photographs have been encrypted
by bad guys and held to ransom now we
wanted to explore whether it was
possible to hold IOT to ransom and we
started off by looking at a smart
thermostat this is a brand that’s quite
popular over over in the US
started looking at his security to
understand how it worked and the first
thing we did is we got the code out of
the chips
it’s called firmware and we analyzed
that to see if there are any security
flaws in there but along the way we
found some crazy stuff one of the
routines that deals with making an
encrypted SSL connection so HTTPS the
padlock the developer called the state
on the routine this the unhandled SSL
bleep status this is production product
but it also has the facility for you to
upload family photographs to act as a a
wallpaper so you can have photos of your
family and kids on the thermostat and
the process that deals with that was
called son of a bitch mode wow this is
production product out there in people’s
homes and that’s how weird the code was
we found a bunch of security flaws
unsurprisingly this code was so oddly
put together with so many weird
references and we discovered we could
actually hold someone’s thermostat their
heating in the air-conditioning to
ransom now that was a bit silly so why
would you encrypt someone’s thermostat
fine but what if that was your vehicle
and your vehicle wouldn’t start unless
you paid a ransom this is all very
possible and that’s what really worries
me about the state of IOT right now it’s
really quite concerning but then I
realized the same attack could do
something really nasty the problem with
IOT it’s not your I Oh T it’s everyone’s
IOT has all got the same problem so
every instance of that thermostat could
be used by a hacker
what if they could trigger everyone’s
heating or air cooling at the same time
you can create spikes on the power grid
it doesn’t take very much to trip a
power cut
so our desire to put smart technology in
our houses as inadvertently exposed the
stability of our nation’s I think that’s
really worrying there is some good news
not very much
there’s been some good efforts to try
and get vulnerable poor insecure IOT
banned and some work by the Norwegian
consumers Council and also the European
consumer organization resulted in my
friend Kayla being withdrawn from sale
in numerous European countries a German
privacy lawyer successfully got Kayla
banned in Germany for breaking a couple
of laws which is why I had to fly here
vis Eirik not munich so she’s been
withdrawn from sale from numerous places
unfortunately progress by governments is
slow on the left there was a really good
bill put forward in the US Senate it’s
still in committee stage I haven’t heard
anything more about it in the past year
but it’s a start
it’s about trying to regulate certain
standards for the US government buying
smart technology and I’m really sad to
say that the EU was making great
progress with this but just last week I
believe their new standards for IOT
security have now been agreed to be
voluntary for consumer IOT I think
that’s a real shame
and I think we can do best from that
what about you though what about us what
can we do how can we improve things well
there are some things that we can all do
and the first thing I want you all to do
is go and actually fix yourselves you
don’t need to be a cool hacker to hack
people if your passwords are weak easy
to guess or blank or the default one
make them long and strong use a password
manager make sure the pins on your
mobile phones aren’t four digits makes
you a less six or eight and then patches
apply patches to your phones and your
computers to make them stay secure and
the next thing I ot you can put it on a
separate network at home if you don’t
know how to do that go and read up if
you don’t want to do that don’t buy IOT
let’s be safe but I think also as
consumers we can make a difference too
if we don’t buy product that we’re not
sure about the security of we’re going
to force the hands of manufacturers
directionally prove it’s secure and make
it safe for us the problem is this there
are far too many IOT products out there
there aren’t enough organizations and
people like me out there doing research
and exposing it’s poor practice and
there are very few IT vendors actually
care about security there are some good
examples but by and large I
security is really poor and sadly I
think we have to face it is there is a
serious problem with security and IOT
the point I think we almost need to be
afraid of IOT thank you
[Applause] [Music]
hi my name’s Ken and I am a security
researcher an ethical hacker if you like
and we’re the good guys another job is
to carry out there and break things to
make them better now I’m gonna be
talking today about the Internet of
Things and by that I mean the smart tech
in your your home so your smart
thermostats
your smart door lock maybe or perhaps
your Smart vehicle but unfortunately
security and the internet things aren’t
often found in the same place they’re
really vulnerable and we see huge
problems with people’s personal data
their privacy being invaded and maybe
even their data being locked up and
encrypted because IOT manufacturers
don’t spend enough time looking at
security now don’t get me wrong I think
IOT the Internet of Things has a huge
benefits to us I think we can be more
beneficial with the use of our resources
with smart thermostats and smart control
of our heating I think medical advances
using continuous monitoring with IOT
fantastic and also assisted living for
the elderly brilliant
IOT can bring all those but
unfortunately it’s not safe until it’s
secure now my job what I get to do I get
to break smart things I love my job
because I get to take things apart and
break them make them better and I don’t
always have to put them back together
again either which is great a project
we’re doing right now we’re working on a
Tesla Model S for our own interest so
we’ve got a hold of a vehicle very
expensive vehicle seventy thousand
pounds and we took it apart and we found
lots of fun things which I’ll publish
later on in the year but then we put it
back together and my colleagues said
it’s all fine can you can drive it it’s
good just watch out for the brakes okay
now most of the time organizations bring
us stuff so we can break it we can help
them make it better but sometimes we do
work on our own back so we buy our own
technology and start taking it apart to
see what we can find and that’s what I’m
going to share with you today
got lots of examples of some really not
quite so smart things now this is the
first one I’d like to introduce you it’s
actually inside my kettle don’t worry
we’ll see if we can find it this is a
smart fingerprint padlock now I think
the idea of a smart padlock is great
because how often do you go around
looking for your keys and you can’t find
them
well I lose my keys I forget my keys but
I don’t forget my fingers very often I
usually have those with me and this is a
cool idea it’s a cap lock it’s a
fingerprint padlock the idea you put
your finger on there and it unlocks
brilliant absolutely fantastic now a
youtuber found an issue with this they
discovered that with enough force you
could actually unscrew the back of the
lock and open it and it turned out it
was a manufacturing flaw in one lock it
was just one issue with one of them but
we were interested we wanted to know are
there more problems so we bought some
and I discovered that it doesn’t just
open from your finger you can also use
bluetooth so you can get hold of your
smartphone and one of my colleagues
noticed that he could actually pick up
an unlock the lock to order and here’s
how he did it he looked at the mobile
app he took it apart he reverse
engineered it to understand how it
worked and then there he discovered it
needed a key it need an electronic key
to unlock this device but the key to
unlock it was the Bluetooth ID of the
lock the Bluetooth MAC address it’s the
one thing that is sent out by this lock
it’s a bit like leaving the keys to your
lock next to it it’s unbelievable
we videoed it here so with something as
simple as a phone or a laptop you could
unlock any lock to order there it goes
it unlocks we’ve now got that attack so
fast we can do it in less than 0.8 of a
second that’s crazy right but then it
got worse because what chance I’m going
to find one of these and another cool
researcher a guy called Vangelis Dickus
looked at the cloud service at the
mobile app talked to and realize that
you could discover from that where all
the locks were he could pull your
address so now you had the perfect
ticket to find out where the locks were
and on
than to order that’s crazy really crazy
this is a interesting product it was um
funded part funded through a TV show
called dragons down in Canada it like
the shark tank in the USA but some I
think their backers might have some
questions now have a next place your
home Wi-Fi you have a Wi-Fi password
right now if I can get hold of that
password if a hacker can get hold of
that password they can get on your Wi-Fi
network and they can start to listen and
intercept and redirect the data so the
data you’re sending to social networks
may be the data you’re sending to your
bank so how could I owe two litre
problems like that well I want to
introduce what the very first IOT device
I ever looked at and this is my Wi-Fi
kettle anyone got a Wi-Fi kettle no you
need one that great the idea is you put
it in your kitchen you leave it in the
kitchen then you get your cell phone you
go to bed and you wake up in the morning
you press the button on the app and by
the time you get to your kitchen you’ve
got a kettle full of boiling water Wow
saving you 30 seconds of your day 100
pounds now I looked at this with some of
my colleagues I thought I wonder cannot
be secured and I thought I’d show you
how we went about hacking it so the
first thing I needed to do was connect
to it and we discovered you connect to
the kettle over Wi-Fi but it’s okay it’s
got a password now without the password
I can’t go any further
I’m stuck but I thought I wonder what we
can do so we took the kettle apart and
then there we found some chips and
that’s the manual for the chips I
thought I wonder why don’t we have a
little look through the manual for the
chips for the word password and there we
go system password is six zeros surely
hacking is more difficult than this
right so one two three four five six Wow
now I’m talking kettle excellent but I
still haven’t achieved anything I
haven’t done anything yet so I then read
further in the manual we reverse
engineer the mobile app and we
discovered a command that scared me we
discovered you could do this
I could recover your Wi-Fi password from
your kettle so now I’m on your home
Wi-Fi network I can listen to everything
you’re doing it I can redirect your
passwords your data steal things
everything just because you wanted to
boil your kettle from your bed but again
it’s this wasn’t the end of it it still
got worse there’s a feature of Wi-Fi a
large number of really cool security
researchers have put together a project
called wardriving where they drive
around listening to all the Wi-Fi
networks out there and then they map
them and as a result of that you can go
and query their databases and their
searches for the addresses of certain
Wi-Fi devices so there are the kettle’s
in the west of London so I can now know
where I have to go to hack someone’s
house and get their Wi-Fi key crazy now
in fairness the manufacturers has now
got their security in hand they’re doing
a good job and their latest product the
kettle’s 3.0 you’re actually really
secure so they got there in the end but
it was such a shame that they have the
security issues along the way so if you
want to boil water remotely that’s the
way to do it
cool now another error look at an area
that really bothers me is that around
smart toys every holiday season we see
more smart technology coming to market
and unfortunately the security of those
toys is often appalling and this is my
favorite IOT device this is my friend
Kayla Kayla she’s awesome she’s an
interactive speaking kids doll she has a
microphone in the speaker she can speak
to your smartphone over Bluetooth so all
the processing goes on over here and she
can listen to what your kids are saying
and she can respond to their questions
he’s interactive she’s really cool now
how does she work while Kayla is awesome
microphone speaker bluetooth she is a
hands-free headset you can make
telephone calls on the doll if you wish
you get some very weird looks and as I’m
sure you know it’s it’s illegal to drive
with your phone to your ear but not with
adult your ear so I understand so yeah
we’ll come back to her but what
interested me first was that when I saw
her in the store there were some logos
in the boxer said Internet safe child
friendly well that’s a big claim to make
that’s a red rag to me the ethical
hacker and also suggested that if you
swore at the doll she would not reply to
the child and tell him to go and speak
to their parents I thought I wonder
could I make this thing sweat oh no now
the bit that I found creepy was when you
connect your smartphone to your vehicle
you have to put in a pin right and that
sets up a type of frequency hopping
which gives you security however when
you connect your phone to the doll
there is no pin which means that anyone
in Bluetooth range so 30 40 50 meters
can connect to the Charles doll
microphone speaker which means that
someone outside on the street or in the
next house can listen to the microphone
and spy on your kids or can talk to them
as well
and I find that really really creepy now
in terms of swear we had some fun we
look to see how she swore don’t worry
I’m not going to embarrass you and we
discovered a database in the mobile app
of 1536 really good swear words so he
deleted them and now she swears like a
but that’s just really creepy we’ll come
back to Kayla in a bit the next part I
want to go to is around home video now
this is a wireless home security camera
it’s really cool it’s battery operated
and it has a really good battery life
and you can stick it in your house or
you can stick it in them outside your
home and you can see your house and your
security cameras remotely from your
phone and unfortunately we found some
security flaws with it that when you
access the cloud service that the mobile
the mobile phones hooks do and interacts
with the the cameras unfortunately you
can switch it to someone else’s cameras
just by messing around with the camera
IDs and you can see someone else’s
footage it’s got a microphone – so you
can listen as well now the good news
about this one is it got fixed very
quickly the manufacturer was really
responsive and they fixed it really fast
which is great but this products been on
the market for about nine months it was
only us coming along that resulted in
the vulnerability being found and I
think that’s really worrying now that’s
a wireless camera this one is slightly
different this is a wide security camera
it takes power and it sends its feed not
over Wi-Fi but over a cable and it goes
to a recorder called a digital video
recorder and these are many of many DS
around the world in offices in homes and
a computer hacker found a vulnerability
in the recorders and he realized they
could connect to them all and make them
all start attacking other websites
nearly 300-thousand IOT digital video
recorders started attacking various
social networks in October 2016 they
took it offline they took Twitter
offline for two hours I didn’t know what
to do crazy so we have weapons from the
IOT in our house now maybe you’ve been
unlucky maybe you’ve had data held to
ransom maybe your photographs your
family photographs have been encrypted
by bad guys and held to ransom now we
wanted to explore whether it was
possible to hold IOT to ransom and we
started off by looking at a smart
thermostat this is a brand that’s quite
popular over over in the US
started looking at his security to
understand how it worked and the first
thing we did is we got the code out of
the chips
it’s called firmware and we analyzed
that to see if there are any security
flaws in there but along the way we
found some crazy stuff one of the
routines that deals with making an
encrypted SSL connection so HTTPS the
padlock the developer called the state
on the routine this the unhandled SSL
bleep status this is production product
but it also has the facility for you to
upload family photographs to act as a a
wallpaper so you can have photos of your
family and kids on the thermostat and
the process that deals with that was
called son of a bitch mode wow this is
production product out there in people’s
homes and that’s how weird the code was
we found a bunch of security flaws
unsurprisingly this code was so oddly
put together with so many weird
references and we discovered we could
actually hold someone’s thermostat their
heating in the air-conditioning to
ransom now that was a bit silly so why
would you encrypt someone’s thermostat
fine but what if that was your vehicle
and your vehicle wouldn’t start unless
you paid a ransom this is all very
possible and that’s what really worries
me about the state of IOT right now it’s
really quite concerning but then I
realized the same attack could do
something really nasty the problem with
IOT it’s not your I Oh T it’s everyone’s
IOT has all got the same problem so
every instance of that thermostat could
be used by a hacker
what if they could trigger everyone’s
heating or air cooling at the same time
you can create spikes on the power grid
it doesn’t take very much to trip a
power cut
so our desire to put smart technology in
our houses as inadvertently exposed the
stability of our nation’s I think that’s
really worrying there is some good news
not very much
there’s been some good efforts to try
and get vulnerable poor insecure IOT
banned and some work by the Norwegian
consumers Council and also the European
consumer organization resulted in my
friend Kayla being withdrawn from sale
in numerous European countries a German
privacy lawyer successfully got Kayla
banned in Germany for breaking a couple
of laws which is why I had to fly here
vis Eirik not munich so she’s been
withdrawn from sale from numerous places
unfortunately progress by governments is
slow on the left there was a really good
bill put forward in the US Senate it’s
still in committee stage I haven’t heard
anything more about it in the past year
but it’s a start
it’s about trying to regulate certain
standards for the US government buying
smart technology and I’m really sad to
say that the EU was making great
progress with this but just last week I
believe their new standards for IOT
security have now been agreed to be
voluntary for consumer IOT I think
that’s a real shame
and I think we can do best from that
what about you though what about us what
can we do how can we improve things well
there are some things that we can all do
and the first thing I want you all to do
is go and actually fix yourselves you
don’t need to be a cool hacker to hack
people if your passwords are weak easy
to guess or blank or the default one
make them long and strong use a password
manager make sure the pins on your
mobile phones aren’t four digits makes
you a less six or eight and then patches
apply patches to your phones and your
computers to make them stay secure and
the next thing I ot you can put it on a
separate network at home if you don’t
know how to do that go and read up if
you don’t want to do that don’t buy IOT
let’s be safe but I think also as
consumers we can make a difference too
if we don’t buy product that we’re not
sure about the security of we’re going
to force the hands of manufacturers
directionally prove it’s secure and make
it safe for us the problem is this there
are far too many IOT products out there
there aren’t enough organizations and
people like me out there doing research
and exposing it’s poor practice and
there are very few IT vendors actually
care about security there are some good
examples but by and large I
security is really poor and sadly I
think we have to face it is there is a
serious problem with security and IOT
the point I think we almost need to be
afraid of IOT thank you
[Applause] [Music]
Please follow and like us: