Live Demo: A New Hardware-Based Approach to Secure the Internet of Things
RSA Conference 2016 – Abu Dhabi
November 16, 2016 | 11.20 – 12.10 hrs | Level 1 | Room: Etihad Ballroom 2
Quick look – This session will address four key elements that have introduced serious weaknesses into the IoT: proprietary systems, connectivity, unsigned firmware and lateral movement. Discussion will showcase a new approach to IoT security demonstrating how SoC virtualization and security through separation can address these vulnerabilities, which have already been shown to have potentially life-threatening consequences.
From hospitals dispensing life-saving drugs, to connected cars – embedded computing is transforming the way we live and work. But underlying weaknesses have introduced potentially life-threatening vulnerabilities into the Internet of Things.
In this interactive presentation prpl Foundation Chief Security Strategist, Cesare Garlati will explain where these weaknesses exist and why. This will be no death-by-PowerPoint. Instead, Garlati will showcase a Proof of Concept hardware design featuring state-of-the-art technology fresh out of the labs and about to be shipped in new commercial products. Through the live demo, attendees will see how SoC virtualization and security through separation can address serious flaws in IoT which have already been shown to have potentially life-threatening consequences.
He’ll discuss key examples which have already come to light, including
- Valasek and Miller’s research which showed how a remote hacker could control the steering and brakes of a Jeep Cherokee 2014
- The Ukrainian power outage of Christmas 2015 where hackers replaced firmware at sub-stations so staff couldn’t access systems
- Hospira drug pumps, which were banned by the FDA after research found they could be remotely hacked.
Garlati will demonstrate how in all of these cases and more, four key elements exposed these systems to attack by third party hackers. He’ll explain that Proprietary systems are intrinsically insecure because ‘Security-by-obscurity’ no longer works. Firmware binary code can usually be reverse engineered. He’ll explain that their Connectivity, if improperly implemented allows IoT devices to be hacked. Garlati will detail how Firmware in embedded systems is often not signed and therefore exposed to malicious modifications. This means that an attacker could reverse engineer the code, modify it, reflash the firmware and reboot to execute arbitrary code. And he’ll explain how Lateral movement, which allow attackers to exploit critical components of a system by penetrating non-critical applications.
The prpl Foundation is trying to make the world safer by urging IoT stakeholders to read and absorb its guidance. This hands-on presentation will be essential for anyone with an interest in the future of IoT, embedded computing and hardware-level multitenancy . This includes major stakeholders in the supply chain who deal with security: from OEMs and SoC manufacturers; to producers of routers, biomedical devices and set-top-boxes; to CPE, home entertainment and automotive designers and developers