Outsmarting IoT Defenses: The Hacker Perspective - IoT Tech Expo 2022

Transcript

1. Outsmarting IoT Defense: The Hacker’s Perspective IoT Tech Expo Europe

   | Amsterdam August 2022

2. My Background Natali Tshuva CEO & Co-Founder Sternum Computer Scientist

   (age 14) Reverse Engineer Unit 8200 (Israel NSA) Exploit Designer Inventor of patented technology I can’t exploit Company Founder CEO of growing company
3. None

4. THE RISE OF IoT

5. 1.5 Billion IoT device breaches in 6 months IoT devices

   connect to the internet every second Global IoT security spending by 2023 $1.1 Trillion Source: IoT Analytics, Gartner, Statista The Rise Of IoT 127 New Devices

6. 3rd Party Dependencies Limited Resources High Diversity Operating Systems Communication

   Protocols Hardware Old/Existing/In-dev Devices 3rd Party Libraries Closed-Sourced Components Communication Modules Homegrown Code Compute Memory Battery Bandwidth Extremely Difficult to Protect & Observe

7. IOT DEVICES - VULNERABLE & CONSEQUENTIAL ASSET ENTERPRISE DEVICE MANUFACTURERS

   INFRASTRUCTURE

8. RASP – Runtime Application Self Protection. VULNERABILITIES ARE INEVITABLE AND

   ENDLESS.

9. New CVE’s Each Month 2000~ Patch Tuesdays Due To Memory

   Vulnerabilities 70% Companies Have A Publicly Available Exploit. 58% 15 Vulnerabilities Per 1000 Lines Of Code Many Third-party Code Vulnerabilities Left Undiscovered By Static Analysis Tools

10. RASP – Runtime Application Self Protection. I KNOW A VULNERABILITY

    EXISTS. “ “
11. None
12. None

13. My way in. • Ransomware • Network Breach • APT

    • Reputation Damage • Intelligence • IP Theft • Cryptomining • Power Play Outcome LARGE VOLUME OF DEVICES ONE SPECIFIC COMPANY Openssl, TCP/IP, BT Libraries, OS’s Schneider Electric APC (TLStorm), VERKADA hack, CISCO business router Reversing One Targeted Device Target Way In Examples 3rd-party Vulnerability

14. Many Attack Vectors Chip level vulnerabilities 3rd party Code Vulnerabilities

    Protocol vulnerabilities Network Vulnerabilities Mobile App vulnerabilities Smart Camera Insulin Pump Vulnerable connected devices

15. Hacker Defender

16. LIMITED OPTIONS: REACT. PATCH. CVE-2022-20699 STACK OVERFLOW VULNERABILITY Exploit publicly

    available Direct access from the Internet HACKER ON THE INTERNET FULL ENTERPRISE NETWORK EXPOSED Hacker View: Cisco Router No prevention on-device. No search for indicators of attack. CHANGE CONTROLS LATERAL MOVEMENT RANSOMWARE DISRUPT SERVICE Complete takeover on the VPN/Gateway ACCESSES THE NETWORK AND DEVICES CISCO RV340 BUSINESS CLASS ROUTER Exploitation Video: https://youtu.be/O1uK_b1Tmts

17. SAME STORY. DIFFERENT DEVICE.

18. LIMITED OPTIONS: REACT. PATCH. HACKER ON THE INTERNET Zero-Day Exploit

    CHANGE CONTROLS LATERAL MOVEMENT RANSOMWARE DISRUPT SERVICE Enterprise Video Recorder ACCESS TO SENSITIVE ENTERPRISE DATA (BOARD/ MANAGEMENT MEETINGS) Hacker View: Video Recorder Exploitation – No prevention on-device. No search for indicators of attack.

19. Hacker View: Take over access controls Target: HCI Mercury Access

    controllers (CVE-2022-31481) *REAL-LIFE EXAMPLE* RS-485 IP Network Vulnerable Access Controller e.g. HID Mercury LP1501 Other Access Controllers Access Control Server “Trellix noted that by chaining two of the aforementioned weaknesses, it was able to gain root-level privileges on the device remotely and unlock and control the doors, effectively subverting the system monitoring protections.”

20. Patching is Reactive & Costly but Can’t Safeguard Static Analysis

    Finds Only 50% of Vulnerabilities “ Usually there are much simpler ways of penetrating the security system[…] than cracking the crypto” Adi Shamir Current Approaches Reactive. Imposing. Not Holistic.

21. RASP – Runtime Application Self Protection. We Can’t Fight Vulnerabilities.

    But We Can Fight Exploits In Real-time. “ “

22. IT IS WHEN AN ATTACKER WALKS THE INEVITABLE PATH OF

    EXPLOITATION

23. EVERY VULNERABILITY IS DIFFERENT, EXPLOITATIONS SHARE A UNIQUE FINGERPRINT

24. Memory override (stack, heap, data, overflow) Manipulation of execution flow

    Command Injection Information leak Injection of malicious code Exploitation Fingerprint™ Patented Technology Sternum Is Uniquely Able to Deliver Benefits of EPP/XDR & RASP

25. Hacker Defender

26. CVE-2022-20699 STACK OVERFLOW VULNERABILITY Exploit publicly available HACKER ON THE

    INTERNET NO REACTION REQUIRED NOTIFICATION SENT FORENSICS SHARED VISIBILITY INTO BIGGER PICTURE DEVICE INTEGRITY MAINTAINED Defender View Power Flips. Exploitation Fingerprint: Memory corruption Command Injection Manipulation of execution flow Information leak Injection of malicious code Real-time monitoring Anomaly detection

27. BRINGING INDUSTRY STANDARDS TO IOT. RASP*. EDR. ZERO-DAY PROTECTION. Be

    Ahead Of Attacker. Real-time. On The Edge. No Patching Needed Implementation On New And Legacy Devices

28. A REAL WORLD ATTEMPT TO EXPLOIT AN IOT DEVICE

29. SEE US IN ACTION BOOTH #228 [email protected]

30. Thank You IoT Tech Expo Europe 2022 [email protected]

31. SEE HOW WE STOP IT CLICK TO DEPLOY

32. Thank You Hexacon 22 [email protected]