Internet of Things (IoT) devices differ from computers, in that their main function isn’t to compute. However, it stands that computation is a means to an end for these devices. This ability has revealed that IoT devices are able to be exploited through vulnerabilities analogous to that of computer systems. George Santayana famously said “Those who cannot remember the past are condemned to repeat it.” It has been over 45 years since the first known instance of a computer worm was written. Yet in the fall of 2016, the Mirai worm spread between IoT devices by exploiting a vulnerability known since the early 1960’s. Are we condemned to repeat the cybersecurity mistakes of the past? Security of IoT devices is often forerunner of design and features/capabilities for many developers. Nevertheless, with the popularity and maturity of IoT devices rising steadily, and so much at stake, it is important to be proactive when securing this space. By reviewing the history of malware, defenses deployed to thwart it, and malware’s evolution to defeat these defenses on earlier platforms, we will be able to discuss what can be done to prevent repeating these mistakes with IoT. We will also present best practices that can be utilized to strengthen security against recent IoT attacks.

Blaine is currently working as a Multi-Disciplinary Engineer at the MITRE Corporation. She recently obtained her Bachelor’s degree in Computer Science with a focus in Cyber Security from Towson University. During her short time at MITRE she has begun work in support of the National Cybersecurity Center of Excellence, where she has been supporting the implementation of risk based multifactor authentication solution for e-commerce transactions, as well as partaking in work related to Internet of Things devices. In her spare time she enjoys biking the trails at the Potomac falls and is a volunteer foster-parent with the Dogs Deserve Better organization.

Back to BSides NOVA 2017 video list