prpl @ Smart Home Summit, Palo Alto, NOV 15-16 2017

*** Ask me about free pass and 30% off VIP discount ***
https://tmt.knect365.com/smart-home/speakers/cesare-garlati-1#

Track 1 – Future Smart Homes 12:00 – 12:40

Panel: Security at the edge: beyond security cameras and doorbells – properly secured devices defending the home

  • Security from the inside – protected devices and gateways
  • Intangible digital security to help defend the physical home
  • Creating a ‘bot army’ to defend your home
  • anticipating an unknown, unsecure future

Track 1 – Future Smart Homes 14:20 – 14:40

Presentation: How to Secure the Smart Home from Cyber Threats

  • Recent security threats targeting smart homes and smart devices
  • Analysis of the results of prpl Foundations’ Smart Home Security Report
  • Top 10 best practice tips for securing Smart Home

Continue reading

When IoT Attacks – The End of the World as We Know It?

Excerpts of my interview with Phil Muncaster @philmuncaster

InfoSecurity Magazine Q4/2017, 4 October 2017

https://www.infosecurity-magazine.com/digital-editions/digital-edition-q4-2017/

Focus on the Firmware

A cursory look at OWASP’s IoT Security Guidance will highlight just how many elements in the IoT ecosystem could be exploited. Among others, these include the web interface, network, transport encryption layer, mobile app and device firmware. The latter is a key area of focus for the prpl Foundation, a non-profit which is trying to coral the industry into taking a new hardware-based approach to IoT security. Cesare Garlati, Chief Security Strategist, claims that hackers could exploit IoT chip firmware to re-flash the image, allowing them to reboot and execute arbitrary code.

Continue reading

Gatwick incident – Dronejacking will get worse before it gets better.

By Cesare Garlati – prpl Chief Security Strategist

With the recent news of a drone causing chaos at Gatwick airport, hacking IoT devices has resurfaced as a topic of discussion especially regarding the security issues should a multitude of devices be hacked.

In the optimal situation, there is no way that anyone should be able to access, much less hijack, the critical functions of an IoT device such as a drone. While the power for destruction from just one drone may seem paltry, directing these drones in large numbers at a target is a very real, and dangerous, possibility – as confirmed by this news.

The time to act is now to take control of security in IoT devices at the most basic level: the hardware.

Manufacturers need to move away from the attitude that “it works, let’s try to secure it and get it to market” to “if it’s not secure, it doesn’t work”. Unless the industry adopts this attitude, the security problems of IoT will continue to proliferate at an alarming rate and unfortunately, lives could quite literally be at stake.

*   *   *

More about what can be done today to secure IoT: prpl Security Guidance for IoT

More about what can be done today to secure the smart home: prpl Smart Home Security Report

prpl Foundation briefs German Defense Industry leaders as part of Annual Cyber Study tour

By Art Swift

President, prpl Foundation

Screen Shot 2017-07-06 at 13.21.51

Last week, we had the privilege of meeting with a delegation from the German defense industry to share how prpl members are working to build security in to the future IoT from the silicon level up. I was joined at this briefing by Cesare Garlati, prpl’s chief security strategist, and Majid Bemanian, director of vertical markets for prpl platinum member, Imagination Technologies.

Continue reading

Embedded World 2017 – IoT coming of age.

by Cesare Garlati – Chief Security Strategist, prpl Foundation

Last week I had the pleasure of attending Embedded World 2017 in Germany as I was invited to give a couple of presentations on the pioneering work we have been doing at the prpl Foundation with regards to the prplHypervisor™ and prplPUF™ APIs for securing IoT. As it turns out, IoT was the top line at the conference that drew in more than 30,000 trade visitors – and the event solidified the notion that embedded computing is now synonymous with IoT.

Continue reading

RSA Conference 2016 – A New Hardware-Based Approach to Secure the Internet of Things

Live Demo: A New Hardware-Based Approach to Secure the Internet of Things
RSA Conference 2016 – Abu Dhabi
November 16, 2016 | 11.20 – 12.10 hrs | Level 1 | Room: Etihad Ballroom 2

rsa-2016-garlati-clip

 

Quick look – This session will address four key elements that have introduced serious weaknesses into the IoT: proprietary systems, connectivity, unsigned firmware and lateral movement. Discussion will showcase a new approach to IoT security demonstrating how SoC virtualization and security through separation can address these vulnerabilities, which have already been shown to have potentially life-threatening consequences.

From hospitals dispensing life-saving drugs, to connected cars – embedded computing is transforming the way we live and work. But underlying weaknesses have introduced potentially life-threatening vulnerabilities into the Internet of Things.

Continue reading

The Internet of Things: Life-changing tech or a disaster waiting to happen?

Reposting from Tech City News NOV 02, 2016 http://techcitynews.com/2016/11/02/the-internet-of-things-life-changing-tech-or-a-disaster-waiting-to-happen/

By Cesare Garlati, chief security strategist at the prpl Foundation, an organisation working to make the IoT safer, explains how startups can get IoT security right to avoid being subjected to harm.

miraiThe Internet of Things (IoT) is exciting new territory for many startups and innovative companies looking to push boundaries and connect even the smallest devices to attempt to simplify and enhance our lives. But the security of these devices is fundamentally flawed for a number of reasons.

Continue reading