Scare stories around the Internet of Things (IoT) conjure up images of bad guys in hoodies, living for hacking and making the lives of other people harder, inventing millions of ways to infiltrate your life through your gadgets. Probably nobody cares about his smart-home security, but what about Smart-City threats, which affect billions people? A huge number of public IoT devices are vulnerable for potential abuse, potentially endangering users’ data, networks of companies they belong to, or both. Based on research of various public devices, such as terminals and cameras, we offer a methodology for security analysis of these devices, which would answer the following questions: - How easy it is to compromise a terminal in the park? - What can hackers steal from there? - What can be done with hacked device? - How can the internal network of the installer organization be penetrated? - How to protect public devices from attacks? - How to protect public devices from attacks?

Denis Makrushin is an expert of the Global Research and Analysis Team at Kaspersky Lab. He graduated from the Information Security Faculty of National Research Nuclear University MEPhI (Moscow Engineering Physics Institute). Specializes in analysis of possible threats and follows the Offensive Security philosophy. Denis has gained an extensive experience in information security; was engaged in penetration testing and security auditing of corporate web applications, stress testing of information and banking systems for exposure to DDoS attacks; helped to organize and conduct an international forum on practical security. At this time, he continues his researches “Targetted Attack detection based on Game Theory methods” in graduate school of MEPhI.

difezza

Back to BSides NOVA 2017 video list