Outsmarting IoT Defense: The Hacker’s Perspective IoT Tech Expo Europe | Amsterdam August 2022 

My Background Natali Tshuva CEO & Co-Founder Sternum Computer Scientist (age 14) Reverse Engineer Unit 8200 (Israel NSA) Exploit Designer Inventor of patented technology I can’t exploit Company Founder CEO of growing company 

No content

THE RISE OF IoT 

1.5 Billion IoT device breaches in 6 months IoT devices connect to the internet every second Global IoT security spending by 2023 $1.1 Trillion Source: IoT Analytics, Gartner, Statista The Rise Of IoT 127 New Devices 

3rd Party Dependencies Limited Resources High Diversity Operating Systems Communication Protocols Hardware Old/Existing/In-dev Devices 3rd Party Libraries Closed-Sourced Components Communication Modules Homegrown Code Compute Memory Battery Bandwidth Extremely Difficult to Protect & Observe 

IOT DEVICES - VULNERABLE & CONSEQUENTIAL ASSET ENTERPRISE DEVICE MANUFACTURERS INFRASTRUCTURE 

RASP – Runtime Application Self Protection. VULNERABILITIES ARE INEVITABLE AND ENDLESS. 

New CVE’s Each Month 2000~ Patch Tuesdays Due To Memory Vulnerabilities 70% Companies Have A Publicly Available Exploit. 58% 15 Vulnerabilities Per 1000 Lines Of Code Many Third-party Code Vulnerabilities Left Undiscovered By Static Analysis Tools 

RASP – Runtime Application Self Protection. I KNOW A VULNERABILITY EXISTS. “ “ 

No content

No content

My way in. ● Ransomware ● Network Breach ● APT ● Reputation Damage ● Intelligence ● IP Theft ● Cryptomining ● Power Play Outcome LARGE VOLUME OF DEVICES ONE SPECIFIC COMPANY Openssl, TCP/IP, BT Libraries, OS’s Schneider Electric APC (TLStorm), VERKADA hack, CISCO business router Reversing One Targeted Device Target Way In Examples 3rd-party Vulnerability 

Many Attack Vectors Chip level vulnerabilities 3rd party Code Vulnerabilities Protocol vulnerabilities Network Vulnerabilities Mobile App vulnerabilities Smart Camera Insulin Pump Vulnerable connected devices 

Hacker Defender 

LIMITED OPTIONS: REACT. PATCH. CVE-2022-20699 STACK OVERFLOW VULNERABILITY Exploit publicly available Direct access from the Internet HACKER ON THE INTERNET FULL ENTERPRISE NETWORK EXPOSED Hacker View: Cisco Router No prevention on-device. No search for indicators of attack. CHANGE CONTROLS LATERAL MOVEMENT RANSOMWARE DISRUPT SERVICE Complete takeover on the VPN/Gateway ACCESSES THE NETWORK AND DEVICES CISCO RV340 BUSINESS CLASS ROUTER Exploitation Video: https://youtu.be/O1uK_b1Tmts 

SAME STORY. DIFFERENT DEVICE. 

LIMITED OPTIONS: REACT. PATCH. HACKER ON THE INTERNET Zero-Day Exploit CHANGE CONTROLS LATERAL MOVEMENT RANSOMWARE DISRUPT SERVICE Enterprise Video Recorder ACCESS TO SENSITIVE ENTERPRISE DATA (BOARD/ MANAGEMENT MEETINGS) Hacker View: Video Recorder Exploitation – No prevention on-device. No search for indicators of attack. 

Hacker View: Take over access controls Target: HCI Mercury Access controllers (CVE-2022-31481) *REAL-LIFE EXAMPLE* RS-485 IP Network Vulnerable Access Controller e.g. HID Mercury LP1501 Other Access Controllers Access Control Server “Trellix noted that by chaining two of the aforementioned weaknesses, it was able to gain root-level privileges on the device remotely and unlock and control the doors, effectively subverting the system monitoring protections.” 

Patching is Reactive & Costly but Can’t Safeguard Static Analysis Finds Only 50% of Vulnerabilities “ Usually there are much simpler ways of penetrating the security system[…] than cracking the crypto” Adi Shamir Current Approaches Reactive. Imposing. Not Holistic. 

RASP – Runtime Application Self Protection. We Can’t Fight Vulnerabilities. But We Can Fight Exploits In Real-time. “ “ 

IT IS WHEN AN ATTACKER WALKS THE INEVITABLE PATH OF EXPLOITATION 

EVERY VULNERABILITY IS DIFFERENT, EXPLOITATIONS SHARE A UNIQUE FINGERPRINT 

Memory override (stack, heap, data, overflow) Manipulation of execution flow Command Injection Information leak Injection of malicious code Exploitation Fingerprint™ Patented Technology Sternum Is Uniquely Able to Deliver Benefits of EPP/XDR & RASP 

Hacker Defender 

CVE-2022-20699 STACK OVERFLOW VULNERABILITY Exploit publicly available HACKER ON THE INTERNET NO REACTION REQUIRED NOTIFICATION SENT FORENSICS SHARED VISIBILITY INTO BIGGER PICTURE DEVICE INTEGRITY MAINTAINED Defender View Power Flips. Exploitation Fingerprint: Memory corruption Command Injection Manipulation of execution flow Information leak Injection of malicious code Real-time monitoring Anomaly detection 

BRINGING INDUSTRY STANDARDS TO IOT. RASP*. EDR. ZERO-DAY PROTECTION. Be Ahead Of Attacker. Real-time. On The Edge. No Patching Needed Implementation On New And Legacy Devices 

A REAL WORLD ATTEMPT TO EXPLOIT AN IOT DEVICE 

SEE US IN ACTION BOOTH #228 [email protected] 

Thank You IoT Tech Expo Europe 2022 [email protected] 

SEE HOW WE STOP IT CLICK TO DEPLOY 

Thank You Hexacon 22 [email protected]