SlideShare a Scribd company logo

Networked Home Appliances and Vulnerabilities.  by Yukihisa Horibe

CODE BLUE
CODE BLUE

A decade has passed since the introduction of network enabled home appliances into the market. Every year these appliances advance in functionality and inter device integrations, such as the integration with cell phones/smart phones , service servers/ cloud services and more. This has lead to a significant increase in the information and value that the network enabled house hold appliances handle. Under such circumstances a vulnerability in the house hold appliance could be leveraged to gain access to other devices and information. In this presentation I will present whether such risks can be actualised and the changes of functionality and vulnerabilities in network enabled house hold appliances,looking at those changes from a user's and developer'sperspective. Yukihisa Horibe Panasonic Corporation Analysis Cente Panasonic PSIRT member. Over 10 years of experience in vulnerability research and risk analysis regarding networked household appliances and embedded systems.

Technology
1 of 41
Download to read offline
Networked Home Appliances and Vulnerabilities. Panasonic Corporation Analysis Center Yukihisa Horibe
Profile 堀部 千壽(Yukihisa Horibe) 2 Panasonic Corporation Analysis Center Panasonic-PSIRT Member Focusing on improving security for networked home appliances Vulnerability assessment of house hold appliances and embedded systems Vulnerability assessment of home service servers Table top analysis of networks including house hold appliances. Over 10 years of experience in security evaluation related work
Agenda 3 Changes in the feature of connected CE products The risks to connect Performance and trends in the Vulnerability Assessment for connected CE products Security functions required for CE products in the time of IoT Closing
Agenda 4 Changes in the feature of connected CE products The risks to connect Performance and trends in the Vulnerability Assessment for connected CE products Security functions required for CE products in the time of IoT Closing
Evolving Home Appliances. 5  Remote Control  Media Server HDD Recorder  Image Upload  Wifi Data Transfer Digital Camera/Video Cam  CDDB Audio System  Browser  Media Player  Smartphone like apps  Browser  Media Player  Smartphone like apps Digital TVDigital TV  Browser  Media Player  Smartphone like apps Digital TV Door Chimes  Notification  Communications  Measurements data transfer Scales Device Integration Smartphone Integration Cloud Integration  Monitoring  Power Control  On Demand Control HEMS  Monitorin  Remote Control Air Conditioner
Historical Overview of Function and Data Information of Networked Home Appliances(~2005:Growth Period) 6 Internet(Household) Cellphones Digital TV Recorders Cooking Appliances 201220102008200620042002 ADSL mova 3G Browser Remote operations Status Notifications
Historical Overview of Function and Data Information of Networked Home Appliances(~2005:Growth Period) 7 Internet (Household) Cellphones Digital TV Recorders Cooking Appliances 201220102008200620042002 ADSL mova 3G Browsers Remote Operation Status Notifications ID/Password Recording Information email address Status Info on operations Access History Most of the functions are contained within each appliance and the information they handle is limited.
Historical Overview of Function and Data Information of Networked Home Appliances(2005~2010:Evolution Phase) 8 Internet(Household) Cellphone Digital TV Recorder Audio System/Music Digital Camera/Camcorders Cooking Appliances Home Related 201220102008200620042002 ADSL FTTH(Optical Fiber) mova 3G Browser Remote Operations CDDB Appliance Integration (DLNA) VOD Status notifications Security: Status Monitoring Door Chime:Visitor Notification HEMS Image Upload
Historical Overview of Function and Data Information of Networked Home Appliances(2005~2010:Evolution Phase) 9 Internet (Household) Cellphones Digital TV Recorder Audio Systems/Music Digital Camera/Camcorder Cooking Appliance Home Related 201220102008200620042002 ADSL FTTH(Fiber Optic) mova 3G ブラウザ 宅外操作 CDDB Device Integration (DLNA) VOD 状態通知 Security Status Monitoring Door Chime Visitor Notifications HEMS Image upload CD Ownership List Payment Info Viewing History “at home” info Operational Info of each appliance Image Information Blog/UL Service Account Visitor Info email Address Content Ownership Info Device Ownership Info Operational Info of each device Power usage info With the increase in server/inter-device integration the importance of information also grew
Historical Overview of Function and Data Information of Networked Home Appliances(2010~:Mature Phase) 10 Internet(Household) Cellphone DigitalTV Recorder Audio System/Music Digital Camera/Cammcorder Health Care Appliances Cooking Appliances Home Related 201220102008200620042002 ADSL FTTH(Fiber Optic) mova 3G smartphone Browser Remote Operations CDDB Device Integration (DLNA) VOD Status Notifications Security Status Monitoring Door Chimes Visitor Notification applications HEMS Smartphone Integration AC Remote Operations Image Upload
Historical Overview of Function and Data Information of Networked Home Appliances(2010~:Mature Phase) 11 Internet(Household) Cellphone Digital TV Recorder Audio System/Music Digital Camera/Cammcorder Health Care Appliances Cooking Appliances Home related 201220102008200620042002 ADSL FTTH(Fiber Optic) mova 3G Smart Phones Browser Remote Operation CDDB 機器連携 (DLNA) VOD Status Notification Security Status Monitoring ドアホン 来客通知 Apps HEMS Smartphone Integration AC Remote Operation Image Upload Payment Info Purchase History Address/Name Blog/SNS Account Physical Info Service Account Operation Info Service Account
Historical Overview of Function and Data Information of Networked Home Appliances(2010~:Mature Phase) 12 Internet(Household) Cellphones Digital TV Recorder Audio System/Music Digital Camera/Camcorder Health Care Appliances Cooking Appliance Home Related 201220102008200620042002 ADSL FTTH(光回線) GSM(cHTML) 広帯域CDMA(HTML/Java) Smartphone ブラウザ 宅外操作 CDDB 機器連携 (DLNA) VOD 状態通知 Security Operational Info ドアホン 来客通知 Apps HEMS スマホ 連携 エアコン 遠隔操作 画像アップロード Cloud Integration allows the information linkage to include everything including smartphones. ID/Passworr Recording history Email Address Device Operation Info Access History CD Ownership List Payment Info Viewing History Vacancy Info Operational Info of each device Image Info Blog/UL Service account info Visitor Info Email address Content Ownership Device Ownership Operational Info of each device. Power Usage Info Payment Info Purchase History 住所氏名 ブログ/SNSアカウント Physical Information Service Account Operation Info Service Account Cloud Integration Address Book Video/Image Account info
The Evolution of Networked Home Appliances Functionality and Information (Near Future) House hold(Audio Visual, Home , Cosmetic) PC, Game terminal,Information terminal Smartphone, Cellphones, Land lines Housing Equipment(Single Family,complexes) 13 Inside the home connecting
The Evolution of Networked Home Appliances Functionality and Information (Near Future) Home Appliances(Audio Visual,House hold,Cosmetic) PC,Game Terminal,Information Terminals Smartphone,Cellphones,Landlines Housing Equipment( Single Family, Complexes) Medical Devices (Individual , Institutional) Public Services(Municipal offices, schools) Public Transportations(Bus、Trains) Cars/Automotive equipment Infrastructure(Power、Gas、Water) Retail(Large scale, individual) 14 Is the era when household appliances , home and public,commercial services are all connected near? Everything is connected Inside the home connecting
Agenda 15 Changes in the feature of connected CE products The risks to connect Performance and trends in the Vulnerability Assessment for connected CE products Security functions required for CE products in the time of IoT Closing
Risks of Home Appliances Having Network Capabilities The possibility of unauthorized access via the network Many devices have global IPs assigned. Possibility of attacks leveraging vulnerabilities in home appliances. Attack by forcing a download of malware Targeted attacks leveraging XSS/CSRF 16 Using search engines you can find sites that hint they are home appliances. Fake Firmware or Contents
CVE-2008-3482 (2008) Network Camera made by Panasonic , Reflected XSS vulnerability Defect in escaping routine of the display on the error page Defcon17 (2009) CSRF vulnerability in household network camera by Panasonic Many vulnerabilities were disclosed for household routers and other embedded web systems. Reported vulnerabilities on CE category: Panasonic case 17 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000037.html http://www.blackhat.com/presentations/bh-usa-09/BOJINOV/BHUSA09-Bojinov-EmbeddedMgmt-PAPER.pdf
Reported vulnerabilities on CE category: example of other case 18 Year Product Outline Manufacturer 2004 Video recorder Accessible without authentication (springboard) Japan 2008 NAS CSRF (remote data deletion) Japan 2010 Digital camera Arbitrary code execution from SD card Japan 2011 MFP Authentication bypass and more Japan & overseas 2012 Digital TV DoS Japan 2012 Many Devices Arbitrary code execution by UPnP vulnerability Japan & overseas 2013 Digital TV DoS & restart by malformed packets Japan & overseas 2013 Smart phone Intrusion of malware through power cable Japan & overseas 2013 Digital TV Authority seizure & remote control by illegal application Overseas 2013 Lighting system Force unable to turn on Overseas 2013 Home GW Vulnerability in authentication, CSRF and more (electric lock unlock by malicious third party) Overseas 2013 Toilet Hard-Coded Bluetooth PIN Vulnerability Japan With the advancement of function, the reports of vulnerability have been increasing after 2012
Agenda 19 Changes in the feature of connected CE products The risks to connect Performance and trends in the Vulnerability Assessment for connected CE products Security functions required for CE products in the time of IoT Closing
Vulnerability Eradication Efforts at Panasonic 20 Base Knowledge (Awareness/Education) Base foundation of knowledge regarding product security Two pillars supporting Product Security Minimize Risk Incident Response Minimize Risk Incident Response Product Security Improving security of products including house hold appliances is an important requirement for Panasonic Network Home Appliances, Embedded Systems, Services
Response based on product lifecycles. 21 ShippingProduct Lifecycle Contamination Prevention (Avoid building vulnerabilities into) Inspection/Removal (Detect vulnerability and remove) Maintain/Improve (Response after shipping) Response Table Top Risk Analysis (Vulnerability Analysis) Security Design ・Secure Coding ・Static Analysis ・Vulnerability analysis (Security Inspection) ・Incident response The need to respond throughout the product lifecycles Sale/ServiceTestImplementDesignPlan Disposal Minimize Risks Incident Response
Response based on product lifecycles. 22 ShippingProduct Lifecycle Contamination Prevention (Avoid building vulnerabilities into) Inspection/Removal (Detect vulnerability and remove) Maintain/Improve (Response after shipping) Response Table Top Risk Analysis (Vulnerability Analysis) Security Design ・Secure Coding ・Static Analysis ・Vulnerability analysis (Security Inspection) ・Incident response The need to respond throughout the product lifecycles Sale/ServiceTestImplementDesignPlan Disposal Minimize Risks Incident Response
Vulnerability Analysis for Panasonic House hold appliances and embedded systems 23 The number and details for the vulnerability are for vulnerabilities found “pre shipping” The detected vulnerabilities were patched prior to shipping These vulnerabilities do not exist in current products available in the general market. Actual results I will present
Vulnerability assessments for Panasonic house hold appliances and embedded systems 24
Vulnerability assessments for Panasonic house hold appliances and embedded systems 25
Trend of vulnerability : Rise period(2003-05) of Connected CE products 26
Trend of vulnerability : Early progressive period(2006-08)of Connected CE products 27
Trend of vulnerability : late progressive period(2009-10)of Connected CE products 28
Trend of vulnerability : Mature stage(2011-13)of Connected CE products 29
Agenda 30 Changes in the feature of connected CE products The risks to connect Performance and trends in the Vulnerability Assessment for connected CE products Security functions required for CE products in the time of IoT Closing
Historical Overview of Function and Data Information of Networked Home Appliances(2010~:Mature Phase) 31 Internet(Household) Cellphones Digital TV Recorder Audio System/Music Digital Camera/Camcorder Health Care Appliances Cooking Appliance Home Related 201220102008200620042002 ADSL FTTH(光回線) GSM(cHTML) 広帯域CDMA(HTML/Java) Smartphone ブラウザ 宅外操作 CDDB 機器連携 (DLNA) VOD 状態通知 Security Operational Info ドアホン 来客通知 Apps HEMS スマホ 連携 エアコン 遠隔操作 画像アップロード Cloud Integration allows the information linkage to include everything including smartphones. ID/Passworr Recording history Email Address Device Operation Info Access History CD Ownership List Payment Info Viewing History Vacancy Info Operational Info of each device Image Info Blog/UL Service account info Visitor Info Email address Content Ownership Device Ownership Operational Info of each device. Power Usage Info Payment Info Purchase History 住所氏名 ブログ/SNSアカウント Physical Information Service Account Operation Info Service Account Cloud Integration Address Book Video/Image Account info
The Evolution of Networked Home Appliances Functionality and Information (Near Future) Home Appliances(Audio Visual,House hold,Cosmetic) PC,Game Terminal,Information Terminals Smartphone,Cellphones,Landlines Housing Equipment( Single Family, Complexes) Medical Devices (Individual , Institutional) Public Services(Municipal offices, schools) Public Transportations(Bus、Trains) Cars/Automotive equipment Infrastructure(Power、Gas、Water) Retail(Large scale, individual) 32 Is the era when household appliances , home and public,commercial services are all connected near? Everything is connected Inside the home connecting
Future prediction Spread to the whole of human life Rapid increase of device Connect to the various industries 33
Spread to the whole of human life 34 Risk of Serious accident Higher reliability Fire due to incorrect control of CE product Invalidation of electric lock security Accident and runaway of automotive Connect to various device of various manufacturer We want to guarantee at least minimum level security Will you need the standard like Industry standard ? it is not the problem of one company Entire House, Linkage to automotive, home security and gas app… Information assets = life of customer The minimum level security ?
Spread to the whole of human life 35 The risk due to share of authentication information Adoption of SSO is also being investigated in CE products Influence of vulnerability will spread to other services that share authentication information it is not the problem of one provider or one vendor Constantly connected communications, share of authentication information Useful … Authentication provider CE Smart phone application Web service Automotive HEMS game CE Share of authentication information What must we do to make product secure ? SNS application
Rapid increase of device 36 Lighting, switch, sensor, electric socket, etc. Maintenance of various and huge amount of devices After vulnerability is reported, software must be updated Lighting, sensor, electric socket…update all ? How to update ? Service engineers ? Automatic update ? Disclaimer of firmware update Lifetime of CE product is long (over 10 years) Up to when ? The update method, the period to continue to care security ?
Connect to the various industries 37 Diversification of I/F, protocol ECHONET Lite, CAN, DLNA… Bluetooth, NFC, TransferJet, ZigBee, Z-Wave… Original communication protocol, 920MHz… Security verification technology must catch up Only knowledge of the IP network is not enough Knowledge other than the IP network is necessary Knowledge of Non-IT engineers will be needed Think tank beyond the type of industry? Diversification of I/F of the linkage to infrastructure, automotive and healthcare, security technology catch up The structure which takes in knowledge of various fields?
Agenda 38 Changes in the feature of connected CE products The risks to connect Performance and trends in the Vulnerability Assessment for connected CE products Security functions required for CE products in the time of IoT Closing
Closing 39 Several billion of IoT(Internet of Things) will be connected It is difficult to guarantee security by one company The approach beyond the industry/type of industry /position must be needed Unite for the IoT security ! Internet Store Social infrastructure Public Service Housing equipment Automotive in-car device Smart phone Information device PC Connected CE product
Contact 41 Analysis Center Panasonic Corporation http://www2.panasonic.co.jp/aec/ns/index.html Sorry, Japanese Only… Panasonic-PSIRT http://panasonic.co.jp/info/psirt/en/ product-security@gg.jp.panasonic.com

Recommended

Controlling Home Appliances by using Universal Remote Control System (IoT and...
Controlling Home Appliances by using Universal Remote Control System (IoT and...Controlling Home Appliances by using Universal Remote Control System (IoT and...
Controlling Home Appliances by using Universal Remote Control System (IoT and...IRJET Journal
 
Wi Fi
Wi FiWi Fi
Wi Fivenkatesh R
 
External Device Integration with Mobile
External Device Integration with MobileExternal Device Integration with Mobile
External Device Integration with MobileSoftweb Solutions
 
IRJET- Data Acquistion through Connectivities in Cars
IRJET- Data Acquistion through Connectivities in CarsIRJET- Data Acquistion through Connectivities in Cars
IRJET- Data Acquistion through Connectivities in CarsIRJET Journal
 
IRJET- Home Monitoring over IoT based Wifi Module
IRJET- Home Monitoring over IoT based Wifi ModuleIRJET- Home Monitoring over IoT based Wifi Module
IRJET- Home Monitoring over IoT based Wifi ModuleIRJET Journal
 
Blue arm
Blue armBlue arm
Blue armpoovarasu maniandan
 
OSGi in Consumer Electronics and Connected Homes - M Ossel
OSGi in Consumer Electronics and Connected Homes - M OsselOSGi in Consumer Electronics and Connected Homes - M Ossel
OSGi in Consumer Electronics and Connected Homes - M Osselmfrancis
 
Report
ReportReport
ReportVrishab Ml
 

Recommended

Controlling Home Appliances by using Universal Remote Control System (IoT and...
Controlling Home Appliances by using Universal Remote Control System (IoT and...Controlling Home Appliances by using Universal Remote Control System (IoT and...
Controlling Home Appliances by using Universal Remote Control System (IoT and...IRJET Journal
 
Wi Fi
Wi FiWi Fi
Wi Fivenkatesh R
 
External Device Integration with Mobile
External Device Integration with MobileExternal Device Integration with Mobile
External Device Integration with MobileSoftweb Solutions
 
IRJET- Data Acquistion through Connectivities in Cars
IRJET- Data Acquistion through Connectivities in CarsIRJET- Data Acquistion through Connectivities in Cars
IRJET- Data Acquistion through Connectivities in CarsIRJET Journal
 
IRJET- Home Monitoring over IoT based Wifi Module
IRJET- Home Monitoring over IoT based Wifi ModuleIRJET- Home Monitoring over IoT based Wifi Module
IRJET- Home Monitoring over IoT based Wifi ModuleIRJET Journal
 
Blue arm
Blue armBlue arm
Blue armpoovarasu maniandan
 
OSGi in Consumer Electronics and Connected Homes - M Ossel
OSGi in Consumer Electronics and Connected Homes - M OsselOSGi in Consumer Electronics and Connected Homes - M Ossel
OSGi in Consumer Electronics and Connected Homes - M Osselmfrancis
 
Report
ReportReport
ReportVrishab Ml
 
Sw ict review presentation.ppt
Sw ict review presentation.ppt Sw ict review presentation.ppt
Sw ict review presentation.ppt Richard Male
 
Device Hacking
Device HackingDevice Hacking
Device HackingDamian T. Gordon
 
Presentation1
Presentation1Presentation1
Presentation1Retesh Nair
 
Phykon solutions profile2014
Phykon solutions profile2014Phykon solutions profile2014
Phykon solutions profile2014Aju Thomas
 
Phykon - An
Phykon - AnPhykon - An
Phykon - AnAju Thomas
 
Cashless Society - Latest Developments in Japan
Cashless Society - Latest Developments in JapanCashless Society - Latest Developments in Japan
Cashless Society - Latest Developments in JapanNFC Forum
 
An Overview of All Ericsson Labs APIs
An Overview of All Ericsson Labs APIsAn Overview of All Ericsson Labs APIs
An Overview of All Ericsson Labs APIsEricsson Labs
 
NFC Everywhere
NFC EverywhereNFC Everywhere
NFC EverywhereNFC Forum
 
The sonic wall clean vpn approach for the mobile work force
The sonic wall clean vpn approach for the mobile work forceThe sonic wall clean vpn approach for the mobile work force
The sonic wall clean vpn approach for the mobile work forceIcomm Technologies
 
NFC In Action Conference
NFC In Action Conference NFC In Action Conference
NFC In Action Conference NFC Forum
 
IRJET- Voice Recognition -Butler Bot
IRJET- Voice Recognition -Butler BotIRJET- Voice Recognition -Butler Bot
IRJET- Voice Recognition -Butler BotIRJET Journal
 
The Future of the Internet - The Next 30 Years
The Future of the Internet - The Next 30 YearsThe Future of the Internet - The Next 30 Years
The Future of the Internet - The Next 30 YearsRahul Singh
 
Rc corporate profile_ss
Rc corporate profile_ssRc corporate profile_ss
Rc corporate profile_ssSeema Abhilash
 
Hacking Internet of Things (IoT)
Hacking Internet of Things (IoT)Hacking Internet of Things (IoT)
Hacking Internet of Things (IoT)SecPod Technologies
 
IRJET- IoT Based Digital Notice Board Using Raspberry Pi with Audio Alert System
IRJET- IoT Based Digital Notice Board Using Raspberry Pi with Audio Alert SystemIRJET- IoT Based Digital Notice Board Using Raspberry Pi with Audio Alert System
IRJET- IoT Based Digital Notice Board Using Raspberry Pi with Audio Alert SystemIRJET Journal
 
IRJEWT-An Intelligent Remote Controlled System for Smart Home Automation
IRJEWT-An Intelligent Remote Controlled System for Smart Home AutomationIRJEWT-An Intelligent Remote Controlled System for Smart Home Automation
IRJEWT-An Intelligent Remote Controlled System for Smart Home AutomationIRJET Journal
 
Open Forum NFC Introduction
Open Forum NFC IntroductionOpen Forum NFC Introduction
Open Forum NFC IntroductionNFC Forum
 
12 rfid
12 rfid12 rfid
12 rfidEngSaidSaid
 
Gemalto NFC
Gemalto NFCGemalto NFC
Gemalto NFCMobileMonday Beijing
 
Fight Against Citadel in Japan  by You Nakatsuru
Fight Against Citadel in Japan  by You NakatsuruFight Against Citadel in Japan  by You Nakatsuru
Fight Against Citadel in Japan  by You NakatsuruCODE BLUE
 
SCADA Software or Swiss Cheese Software?  by Celil UNUVER
SCADA Software or Swiss Cheese Software?  by Celil UNUVERSCADA Software or Swiss Cheese Software?  by Celil UNUVER
SCADA Software or Swiss Cheese Software?  by Celil UNUVERCODE BLUE
 
o-checker : Malicious document file detection tool - Malicious feature can be...
o-checker : Malicious document file detection tool - Malicious feature can be...o-checker : Malicious document file detection tool - Malicious feature can be...
o-checker : Malicious document file detection tool - Malicious feature can be...CODE BLUE
 

More Related Content

What's hot

Sw ict review presentation.ppt
Sw ict review presentation.ppt Sw ict review presentation.ppt
Sw ict review presentation.ppt Richard Male
 
Phykon solutions profile2014
Phykon solutions profile2014Phykon solutions profile2014
Phykon solutions profile2014Aju Thomas
 
Cashless Society - Latest Developments in Japan
Cashless Society - Latest Developments in JapanCashless Society - Latest Developments in Japan
Cashless Society - Latest Developments in JapanNFC Forum
 
An Overview of All Ericsson Labs APIs
An Overview of All Ericsson Labs APIsAn Overview of All Ericsson Labs APIs
An Overview of All Ericsson Labs APIsEricsson Labs
 
NFC Everywhere
NFC EverywhereNFC Everywhere
NFC EverywhereNFC Forum
 
The sonic wall clean vpn approach for the mobile work force
The sonic wall clean vpn approach for the mobile work forceThe sonic wall clean vpn approach for the mobile work force
The sonic wall clean vpn approach for the mobile work forceIcomm Technologies
 
NFC In Action Conference
NFC In Action Conference NFC In Action Conference
NFC In Action Conference NFC Forum
 
IRJET- Voice Recognition -Butler Bot
IRJET- Voice Recognition -Butler BotIRJET- Voice Recognition -Butler Bot
IRJET- Voice Recognition -Butler BotIRJET Journal
 
The Future of the Internet - The Next 30 Years
The Future of the Internet - The Next 30 YearsThe Future of the Internet - The Next 30 Years
The Future of the Internet - The Next 30 YearsRahul Singh
 
Rc corporate profile_ss
Rc corporate profile_ssRc corporate profile_ss
Rc corporate profile_ssSeema Abhilash
 
Hacking Internet of Things (IoT)
Hacking Internet of Things (IoT)Hacking Internet of Things (IoT)
Hacking Internet of Things (IoT)SecPod Technologies
 
IRJET- IoT Based Digital Notice Board Using Raspberry Pi with Audio Alert System
IRJET- IoT Based Digital Notice Board Using Raspberry Pi with Audio Alert SystemIRJET- IoT Based Digital Notice Board Using Raspberry Pi with Audio Alert System
IRJET- IoT Based Digital Notice Board Using Raspberry Pi with Audio Alert SystemIRJET Journal
 
IRJEWT-An Intelligent Remote Controlled System for Smart Home Automation
IRJEWT-An Intelligent Remote Controlled System for Smart Home AutomationIRJEWT-An Intelligent Remote Controlled System for Smart Home Automation
IRJEWT-An Intelligent Remote Controlled System for Smart Home AutomationIRJET Journal
 
Open Forum NFC Introduction
Open Forum NFC IntroductionOpen Forum NFC Introduction
Open Forum NFC IntroductionNFC Forum
 

What's hot (19)

Sw ict review presentation.ppt
Sw ict review presentation.ppt Sw ict review presentation.ppt
Sw ict review presentation.ppt
 
Device Hacking
Device HackingDevice Hacking
Device Hacking
 
Presentation1
Presentation1Presentation1
Presentation1
 
Phykon solutions profile2014
Phykon solutions profile2014Phykon solutions profile2014
Phykon solutions profile2014
 
Phykon - An
Phykon - AnPhykon - An
Phykon - An
 
Cashless Society - Latest Developments in Japan
Cashless Society - Latest Developments in JapanCashless Society - Latest Developments in Japan
Cashless Society - Latest Developments in Japan
 
An Overview of All Ericsson Labs APIs
An Overview of All Ericsson Labs APIsAn Overview of All Ericsson Labs APIs
An Overview of All Ericsson Labs APIs
 
NFC Everywhere
NFC EverywhereNFC Everywhere
NFC Everywhere
 
The sonic wall clean vpn approach for the mobile work force
The sonic wall clean vpn approach for the mobile work forceThe sonic wall clean vpn approach for the mobile work force
The sonic wall clean vpn approach for the mobile work force
 
NFC In Action Conference
NFC In Action Conference NFC In Action Conference
NFC In Action Conference
 
IRJET- Voice Recognition -Butler Bot
IRJET- Voice Recognition -Butler BotIRJET- Voice Recognition -Butler Bot
IRJET- Voice Recognition -Butler Bot
 
The Future of the Internet - The Next 30 Years
The Future of the Internet - The Next 30 YearsThe Future of the Internet - The Next 30 Years
The Future of the Internet - The Next 30 Years
 
Rc corporate profile_ss
Rc corporate profile_ssRc corporate profile_ss
Rc corporate profile_ss
 
Hacking Internet of Things (IoT)
Hacking Internet of Things (IoT)Hacking Internet of Things (IoT)
Hacking Internet of Things (IoT)
 
IRJET- IoT Based Digital Notice Board Using Raspberry Pi with Audio Alert System
IRJET- IoT Based Digital Notice Board Using Raspberry Pi with Audio Alert SystemIRJET- IoT Based Digital Notice Board Using Raspberry Pi with Audio Alert System
IRJET- IoT Based Digital Notice Board Using Raspberry Pi with Audio Alert System
 
IRJEWT-An Intelligent Remote Controlled System for Smart Home Automation
IRJEWT-An Intelligent Remote Controlled System for Smart Home AutomationIRJEWT-An Intelligent Remote Controlled System for Smart Home Automation
IRJEWT-An Intelligent Remote Controlled System for Smart Home Automation
 
Open Forum NFC Introduction
Open Forum NFC IntroductionOpen Forum NFC Introduction
Open Forum NFC Introduction
 
12 rfid
12 rfid12 rfid
12 rfid
 
Gemalto NFC
Gemalto NFCGemalto NFC
Gemalto NFC
 

Viewers also liked

Fight Against Citadel in Japan  by You Nakatsuru
Fight Against Citadel in Japan  by You NakatsuruFight Against Citadel in Japan  by You Nakatsuru
Fight Against Citadel in Japan  by You NakatsuruCODE BLUE
 
SCADA Software or Swiss Cheese Software?  by Celil UNUVER
SCADA Software or Swiss Cheese Software?  by Celil UNUVERSCADA Software or Swiss Cheese Software?  by Celil UNUVER
SCADA Software or Swiss Cheese Software?  by Celil UNUVERCODE BLUE
 
o-checker : Malicious document file detection tool - Malicious feature can be...
o-checker : Malicious document file detection tool - Malicious feature can be...o-checker : Malicious document file detection tool - Malicious feature can be...
o-checker : Malicious document file detection tool - Malicious feature can be...CODE BLUE
 
libinjection: from SQLi to XSS  by Nick Galbreath
libinjection: from SQLi to XSS  by Nick Galbreathlibinjection: from SQLi to XSS  by Nick Galbreath
libinjection: from SQLi to XSS  by Nick GalbreathCODE BLUE
 
A Security Barrier Device That Can Protect Critical Data Regardless of OS or ...
A Security Barrier Device That Can Protect Critical Data Regardless of OS or ...A Security Barrier Device That Can Protect Critical Data Regardless of OS or ...
A Security Barrier Device That Can Protect Critical Data Regardless of OS or ...CODE BLUE
 
Keynote : CODE BLUE in the ICU! by Jeff Moss
Keynote : CODE BLUE in the ICU! by Jeff MossKeynote : CODE BLUE in the ICU! by Jeff Moss
Keynote : CODE BLUE in the ICU! by Jeff MossCODE BLUE
 
IDA Vulnerabilities and Bug Bounty  by Masaaki Chida
IDA Vulnerabilities and Bug Bounty  by Masaaki ChidaIDA Vulnerabilities and Bug Bounty  by Masaaki Chida
IDA Vulnerabilities and Bug Bounty  by Masaaki ChidaCODE BLUE
 
Preventing hard disk firmware manipulation attack and disaster recovery by Da...
Preventing hard disk firmware manipulation attack and disaster recovery by Da...Preventing hard disk firmware manipulation attack and disaster recovery by Da...
Preventing hard disk firmware manipulation attack and disaster recovery by Da...CODE BLUE
 
The Current State of Automotive Security by Chris Valasek
The Current State of Automotive Security by Chris ValasekThe Current State of Automotive Security by Chris Valasek
The Current State of Automotive Security by Chris ValasekCODE BLUE
 
Secret of Intel Management Engine by Igor Skochinsky
Secret of Intel Management Engine by Igor SkochinskySecret of Intel Management Engine by Igor Skochinsky
Secret of Intel Management Engine by Igor SkochinskyCODE BLUE
 

Viewers also liked (10)

Fight Against Citadel in Japan  by You Nakatsuru
Fight Against Citadel in Japan  by You NakatsuruFight Against Citadel in Japan  by You Nakatsuru
Fight Against Citadel in Japan  by You Nakatsuru
 
SCADA Software or Swiss Cheese Software?  by Celil UNUVER
SCADA Software or Swiss Cheese Software?  by Celil UNUVERSCADA Software or Swiss Cheese Software?  by Celil UNUVER
SCADA Software or Swiss Cheese Software?  by Celil UNUVER
 
o-checker : Malicious document file detection tool - Malicious feature can be...
o-checker : Malicious document file detection tool - Malicious feature can be...o-checker : Malicious document file detection tool - Malicious feature can be...
o-checker : Malicious document file detection tool - Malicious feature can be...
 
libinjection: from SQLi to XSS  by Nick Galbreath
libinjection: from SQLi to XSS  by Nick Galbreathlibinjection: from SQLi to XSS  by Nick Galbreath
libinjection: from SQLi to XSS  by Nick Galbreath
 
A Security Barrier Device That Can Protect Critical Data Regardless of OS or ...
A Security Barrier Device That Can Protect Critical Data Regardless of OS or ...A Security Barrier Device That Can Protect Critical Data Regardless of OS or ...
A Security Barrier Device That Can Protect Critical Data Regardless of OS or ...
 
Keynote : CODE BLUE in the ICU! by Jeff Moss
Keynote : CODE BLUE in the ICU! by Jeff MossKeynote : CODE BLUE in the ICU! by Jeff Moss
Keynote : CODE BLUE in the ICU! by Jeff Moss
 
IDA Vulnerabilities and Bug Bounty  by Masaaki Chida
IDA Vulnerabilities and Bug Bounty  by Masaaki ChidaIDA Vulnerabilities and Bug Bounty  by Masaaki Chida
IDA Vulnerabilities and Bug Bounty  by Masaaki Chida
 
Preventing hard disk firmware manipulation attack and disaster recovery by Da...
Preventing hard disk firmware manipulation attack and disaster recovery by Da...Preventing hard disk firmware manipulation attack and disaster recovery by Da...
Preventing hard disk firmware manipulation attack and disaster recovery by Da...
 
The Current State of Automotive Security by Chris Valasek
The Current State of Automotive Security by Chris ValasekThe Current State of Automotive Security by Chris Valasek
The Current State of Automotive Security by Chris Valasek
 
Secret of Intel Management Engine by Igor Skochinsky
Secret of Intel Management Engine by Igor SkochinskySecret of Intel Management Engine by Igor Skochinsky
Secret of Intel Management Engine by Igor Skochinsky
 

Similar to Networked Home Appliances and Vulnerabilities.  by Yukihisa Horibe

HH QUALCOMM UplinQ - the next 10 billion mobile devices
HH QUALCOMM UplinQ - the next 10 billion mobile devicesHH QUALCOMM UplinQ - the next 10 billion mobile devices
HH QUALCOMM UplinQ - the next 10 billion mobile devicesSatya Harish
 
How to bootstrap your IoT project
How to bootstrap your IoT projectHow to bootstrap your IoT project
How to bootstrap your IoT projectEurotech
 
Embedded system ppt
Embedded system pptEmbedded system ppt
Embedded system pptP Srinivas
 
Report the whole IoT r0.0.pptx
Report the whole IoT r0.0.pptxReport the whole IoT r0.0.pptx
Report the whole IoT r0.0.pptxoldmanegan
 
IS_Associates_IoT_Pres_Miller_Broadcom
IS_Associates_IoT_Pres_Miller_BroadcomIS_Associates_IoT_Pres_Miller_Broadcom
IS_Associates_IoT_Pres_Miller_BroadcomWilliam H. Miller, Jr.
 
DELL Technologies - The IoT Value Chain - Solutions for the Smart World - Del...
DELL Technologies - The IoT Value Chain - Solutions for the Smart World - Del...DELL Technologies - The IoT Value Chain - Solutions for the Smart World - Del...
DELL Technologies - The IoT Value Chain - Solutions for the Smart World - Del...Dell Technologies
 
An Introduction to IoT: Connectivity & Case Studies
An Introduction to IoT: Connectivity & Case StudiesAn Introduction to IoT: Connectivity & Case Studies
An Introduction to IoT: Connectivity & Case Studies3G4G
 
IRJET - IoT based Advanced Home Automation
IRJET - IoT based Advanced Home AutomationIRJET - IoT based Advanced Home Automation
IRJET - IoT based Advanced Home AutomationIRJET Journal
 
IoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalIoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalFrank Siepmann
 
1.3-IoT Security Technologies (1).pdf
1.3-IoT Security Technologies (1).pdf1.3-IoT Security Technologies (1).pdf
1.3-IoT Security Technologies (1).pdfTouhemiJamel
 
IoT and the Role of Platforms
IoT and the Role of PlatformsIoT and the Role of Platforms
IoT and the Role of PlatformsTiE Bangalore
 
MT85 Challenges at the Edge: Dell Edge Gateways
MT85 Challenges at the Edge: Dell Edge GatewaysMT85 Challenges at the Edge: Dell Edge Gateways
MT85 Challenges at the Edge: Dell Edge GatewaysDell EMC World
 
Ti Mobility Gartner 2007 1 29
Ti Mobility Gartner 2007 1 29Ti Mobility Gartner 2007 1 29
Ti Mobility Gartner 2007 1 29evancmiller
 
Supelec m2 m - iot - course 1 - update 2015 - part 1 - warming - v(0.1)
Supelec m2 m - iot - course 1 - update 2015 - part 1 - warming - v(0.1)Supelec m2 m - iot - course 1 - update 2015 - part 1 - warming - v(0.1)
Supelec m2 m - iot - course 1 - update 2015 - part 1 - warming - v(0.1)Thierry Lestable
 
Gem iCon Provides Campus Wide Security & Wi Fi
Gem iCon Provides Campus Wide Security & Wi FiGem iCon Provides Campus Wide Security & Wi Fi
Gem iCon Provides Campus Wide Security & Wi Fitycollc
 
Securing 4G and LTE systems with Deep Learning and Virtualization
Securing 4G and LTE systems with Deep Learning and VirtualizationSecuring 4G and LTE systems with Deep Learning and Virtualization
Securing 4G and LTE systems with Deep Learning and VirtualizationDr. Edwin Hernandez
 
Dell OEM/IoT Solutions for Industrial Automation and Smart Manufacturing v3a ...
Dell OEM/IoT Solutions for Industrial Automation and Smart Manufacturing v3a ...Dell OEM/IoT Solutions for Industrial Automation and Smart Manufacturing v3a ...
Dell OEM/IoT Solutions for Industrial Automation and Smart Manufacturing v3a ...Dell Technologies
 

Similar to Networked Home Appliances and Vulnerabilities.  by Yukihisa Horibe (20)

HH QUALCOMM UplinQ - the next 10 billion mobile devices
HH QUALCOMM UplinQ - the next 10 billion mobile devicesHH QUALCOMM UplinQ - the next 10 billion mobile devices
HH QUALCOMM UplinQ - the next 10 billion mobile devices
 
How to bootstrap your IoT project
How to bootstrap your IoT projectHow to bootstrap your IoT project
How to bootstrap your IoT project
 
Embedded system ppt
Embedded system pptEmbedded system ppt
Embedded system ppt
 
Report the whole IoT r0.0.pptx
Report the whole IoT r0.0.pptxReport the whole IoT r0.0.pptx
Report the whole IoT r0.0.pptx
 
IS_Associates_IoT_Pres_Miller_Broadcom
IS_Associates_IoT_Pres_Miller_BroadcomIS_Associates_IoT_Pres_Miller_Broadcom
IS_Associates_IoT_Pres_Miller_Broadcom
 
DELL Technologies - The IoT Value Chain - Solutions for the Smart World - Del...
DELL Technologies - The IoT Value Chain - Solutions for the Smart World - Del...DELL Technologies - The IoT Value Chain - Solutions for the Smart World - Del...
DELL Technologies - The IoT Value Chain - Solutions for the Smart World - Del...
 
Unizen OEM Product Offerings-Feb 2015
Unizen OEM Product Offerings-Feb 2015Unizen OEM Product Offerings-Feb 2015
Unizen OEM Product Offerings-Feb 2015
 
An Introduction to IoT: Connectivity & Case Studies
An Introduction to IoT: Connectivity & Case StudiesAn Introduction to IoT: Connectivity & Case Studies
An Introduction to IoT: Connectivity & Case Studies
 
IRJET - IoT based Advanced Home Automation
IRJET - IoT based Advanced Home AutomationIRJET - IoT based Advanced Home Automation
IRJET - IoT based Advanced Home Automation
 
IoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalIoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 final
 
What is the internet of things v3
What is the internet of things v3What is the internet of things v3
What is the internet of things v3
 
1.3-IoT Security Technologies (1).pdf
1.3-IoT Security Technologies (1).pdf1.3-IoT Security Technologies (1).pdf
1.3-IoT Security Technologies (1).pdf
 
IoT and the Role of Platforms
IoT and the Role of PlatformsIoT and the Role of Platforms
IoT and the Role of Platforms
 
MT85 Challenges at the Edge: Dell Edge Gateways
MT85 Challenges at the Edge: Dell Edge GatewaysMT85 Challenges at the Edge: Dell Edge Gateways
MT85 Challenges at the Edge: Dell Edge Gateways
 
Ti Mobility Gartner 2007 1 29
Ti Mobility Gartner 2007 1 29Ti Mobility Gartner 2007 1 29
Ti Mobility Gartner 2007 1 29
 
Supelec m2 m - iot - course 1 - update 2015 - part 1 - warming - v(0.1)
Supelec m2 m - iot - course 1 - update 2015 - part 1 - warming - v(0.1)Supelec m2 m - iot - course 1 - update 2015 - part 1 - warming - v(0.1)
Supelec m2 m - iot - course 1 - update 2015 - part 1 - warming - v(0.1)
 
Gem iCon Provides Campus Wide Security & Wi Fi
Gem iCon Provides Campus Wide Security & Wi FiGem iCon Provides Campus Wide Security & Wi Fi
Gem iCon Provides Campus Wide Security & Wi Fi
 
Iot cyber security
Iot cyber securityIot cyber security
Iot cyber security
 
Securing 4G and LTE systems with Deep Learning and Virtualization
Securing 4G and LTE systems with Deep Learning and VirtualizationSecuring 4G and LTE systems with Deep Learning and Virtualization
Securing 4G and LTE systems with Deep Learning and Virtualization
 
Dell OEM/IoT Solutions for Industrial Automation and Smart Manufacturing v3a ...
Dell OEM/IoT Solutions for Industrial Automation and Smart Manufacturing v3a ...Dell OEM/IoT Solutions for Industrial Automation and Smart Manufacturing v3a ...
Dell OEM/IoT Solutions for Industrial Automation and Smart Manufacturing v3a ...
 

More from CODE BLUE

[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...CODE BLUE
 
[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten Nohl[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten NohlCODE BLUE
 
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...CODE BLUE
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...CODE BLUE
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之CODE BLUE
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...CODE BLUE
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo PupilloCODE BLUE
 
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...CODE BLUE
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman [cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman CODE BLUE
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...CODE BLUE
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫CODE BLUE
 
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...CODE BLUE
 
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka [cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka CODE BLUE
 
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...CODE BLUE
 
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...CODE BLUE
 
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...CODE BLUE
 
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...CODE BLUE
 
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也CODE BLUE
 
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...CODE BLUE
 
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...CODE BLUE
 

More from CODE BLUE (20)

[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
[cb22] Hayabusa Threat Hunting and Fast Forensics in Windows environments fo...
 
[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten Nohl[cb22] Tales of 5G hacking by Karsten Nohl
[cb22] Tales of 5G hacking by Karsten Nohl
 
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(4) by 板橋 博之
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(3) by Lorenzo Pupillo
 
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
[cb22] ”The Present and Future of Coordinated Vulnerability Disclosure” Inte...
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman [cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション(2)by Allan Friedman
 
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
[cb22] "The Present and Future of Coordinated Vulnerability Disclosure" Inter...
 
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
[cb22] 「協調された脆弱性開示の現在と未来」国際的なパネルディスカッション (1)by 高橋 郁夫
 
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
[cb22] Are Embedded Devices Ready for ROP Attacks? -ROP verification for low-...
 
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka [cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
[cb22] Wslinkのマルチレイヤーな仮想環境について by Vladislav Hrčka
 
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
[cb22] Under the hood of Wslink’s multilayered virtual machine en by Vladisla...
 
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
[cb22] CloudDragon’s Credential Factory is Powering Up Its Espionage Activiti...
 
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
[cb22] From Parroting to Echoing: The Evolution of China’s Bots-Driven Info...
 
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
[cb22] Who is the Mal-Gopher? - Implementation and Evaluation of “gimpfuzzy”...
 
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
[cb22] Mal-gopherとは?Go系マルウェアの分類のためのgimpfuzzy実装と評価 by 澤部 祐太, 甘粕 伸幸, 野村 和也
 
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
 
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
[cb22] Fight Against Malware Development Life Cycle by Shusei Tomonaga and Yu...
 

Recently uploaded

Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Principled Technologies
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024SynarionITSolutions
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 

Recently uploaded (20)

Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 

Networked Home Appliances and Vulnerabilities.  by Yukihisa Horibe

  • 1. Networked Home Appliances and Vulnerabilities. Panasonic Corporation Analysis Center Yukihisa Horibe
  • 2. Profile 堀部 千壽(Yukihisa Horibe) 2 Panasonic Corporation Analysis Center Panasonic-PSIRT Member Focusing on improving security for networked home appliances Vulnerability assessment of house hold appliances and embedded systems Vulnerability assessment of home service servers Table top analysis of networks including house hold appliances. Over 10 years of experience in security evaluation related work
  • 3. Agenda 3 Changes in the feature of connected CE products The risks to connect Performance and trends in the Vulnerability Assessment for connected CE products Security functions required for CE products in the time of IoT Closing
  • 4. Agenda 4 Changes in the feature of connected CE products The risks to connect Performance and trends in the Vulnerability Assessment for connected CE products Security functions required for CE products in the time of IoT Closing
  • 5. Evolving Home Appliances. 5  Remote Control  Media Server HDD Recorder  Image Upload  Wifi Data Transfer Digital Camera/Video Cam  CDDB Audio System  Browser  Media Player  Smartphone like apps  Browser  Media Player  Smartphone like apps Digital TVDigital TV  Browser  Media Player  Smartphone like apps Digital TV Door Chimes  Notification  Communications  Measurements data transfer Scales Device Integration Smartphone Integration Cloud Integration  Monitoring  Power Control  On Demand Control HEMS  Monitorin  Remote Control Air Conditioner
  • 6. Historical Overview of Function and Data Information of Networked Home Appliances(~2005:Growth Period) 6 Internet(Household) Cellphones Digital TV Recorders Cooking Appliances 201220102008200620042002 ADSL mova 3G Browser Remote operations Status Notifications
  • 7. Historical Overview of Function and Data Information of Networked Home Appliances(~2005:Growth Period) 7 Internet (Household) Cellphones Digital TV Recorders Cooking Appliances 201220102008200620042002 ADSL mova 3G Browsers Remote Operation Status Notifications ID/Password Recording Information email address Status Info on operations Access History Most of the functions are contained within each appliance and the information they handle is limited.
  • 8. Historical Overview of Function and Data Information of Networked Home Appliances(2005~2010:Evolution Phase) 8 Internet(Household) Cellphone Digital TV Recorder Audio System/Music Digital Camera/Camcorders Cooking Appliances Home Related 201220102008200620042002 ADSL FTTH(Optical Fiber) mova 3G Browser Remote Operations CDDB Appliance Integration (DLNA) VOD Status notifications Security: Status Monitoring Door Chime:Visitor Notification HEMS Image Upload
  • 9. Historical Overview of Function and Data Information of Networked Home Appliances(2005~2010:Evolution Phase) 9 Internet (Household) Cellphones Digital TV Recorder Audio Systems/Music Digital Camera/Camcorder Cooking Appliance Home Related 201220102008200620042002 ADSL FTTH(Fiber Optic) mova 3G ブラウザ 宅外操作 CDDB Device Integration (DLNA) VOD 状態通知 Security Status Monitoring Door Chime Visitor Notifications HEMS Image upload CD Ownership List Payment Info Viewing History “at home” info Operational Info of each appliance Image Information Blog/UL Service Account Visitor Info email Address Content Ownership Info Device Ownership Info Operational Info of each device Power usage info With the increase in server/inter-device integration the importance of information also grew
  • 10. Historical Overview of Function and Data Information of Networked Home Appliances(2010~:Mature Phase) 10 Internet(Household) Cellphone DigitalTV Recorder Audio System/Music Digital Camera/Cammcorder Health Care Appliances Cooking Appliances Home Related 201220102008200620042002 ADSL FTTH(Fiber Optic) mova 3G smartphone Browser Remote Operations CDDB Device Integration (DLNA) VOD Status Notifications Security Status Monitoring Door Chimes Visitor Notification applications HEMS Smartphone Integration AC Remote Operations Image Upload
  • 11. Historical Overview of Function and Data Information of Networked Home Appliances(2010~:Mature Phase) 11 Internet(Household) Cellphone Digital TV Recorder Audio System/Music Digital Camera/Cammcorder Health Care Appliances Cooking Appliances Home related 201220102008200620042002 ADSL FTTH(Fiber Optic) mova 3G Smart Phones Browser Remote Operation CDDB 機器連携 (DLNA) VOD Status Notification Security Status Monitoring ドアホン 来客通知 Apps HEMS Smartphone Integration AC Remote Operation Image Upload Payment Info Purchase History Address/Name Blog/SNS Account Physical Info Service Account Operation Info Service Account
  • 12. Historical Overview of Function and Data Information of Networked Home Appliances(2010~:Mature Phase) 12 Internet(Household) Cellphones Digital TV Recorder Audio System/Music Digital Camera/Camcorder Health Care Appliances Cooking Appliance Home Related 201220102008200620042002 ADSL FTTH(光回線) GSM(cHTML) 広帯域CDMA(HTML/Java) Smartphone ブラウザ 宅外操作 CDDB 機器連携 (DLNA) VOD 状態通知 Security Operational Info ドアホン 来客通知 Apps HEMS スマホ 連携 エアコン 遠隔操作 画像アップロード Cloud Integration allows the information linkage to include everything including smartphones. ID/Passworr Recording history Email Address Device Operation Info Access History CD Ownership List Payment Info Viewing History Vacancy Info Operational Info of each device Image Info Blog/UL Service account info Visitor Info Email address Content Ownership Device Ownership Operational Info of each device. Power Usage Info Payment Info Purchase History 住所氏名 ブログ/SNSアカウント Physical Information Service Account Operation Info Service Account Cloud Integration Address Book Video/Image Account info
  • 13. The Evolution of Networked Home Appliances Functionality and Information (Near Future) House hold(Audio Visual, Home , Cosmetic) PC, Game terminal,Information terminal Smartphone, Cellphones, Land lines Housing Equipment(Single Family,complexes) 13 Inside the home connecting
  • 14. The Evolution of Networked Home Appliances Functionality and Information (Near Future) Home Appliances(Audio Visual,House hold,Cosmetic) PC,Game Terminal,Information Terminals Smartphone,Cellphones,Landlines Housing Equipment( Single Family, Complexes) Medical Devices (Individual , Institutional) Public Services(Municipal offices, schools) Public Transportations(Bus、Trains) Cars/Automotive equipment Infrastructure(Power、Gas、Water) Retail(Large scale, individual) 14 Is the era when household appliances , home and public,commercial services are all connected near? Everything is connected Inside the home connecting
  • 15. Agenda 15 Changes in the feature of connected CE products The risks to connect Performance and trends in the Vulnerability Assessment for connected CE products Security functions required for CE products in the time of IoT Closing
  • 16. Risks of Home Appliances Having Network Capabilities The possibility of unauthorized access via the network Many devices have global IPs assigned. Possibility of attacks leveraging vulnerabilities in home appliances. Attack by forcing a download of malware Targeted attacks leveraging XSS/CSRF 16 Using search engines you can find sites that hint they are home appliances. Fake Firmware or Contents
  • 17. CVE-2008-3482 (2008) Network Camera made by Panasonic , Reflected XSS vulnerability Defect in escaping routine of the display on the error page Defcon17 (2009) CSRF vulnerability in household network camera by Panasonic Many vulnerabilities were disclosed for household routers and other embedded web systems. Reported vulnerabilities on CE category: Panasonic case 17 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000037.html http://www.blackhat.com/presentations/bh-usa-09/BOJINOV/BHUSA09-Bojinov-EmbeddedMgmt-PAPER.pdf
  • 18. Reported vulnerabilities on CE category: example of other case 18 Year Product Outline Manufacturer 2004 Video recorder Accessible without authentication (springboard) Japan 2008 NAS CSRF (remote data deletion) Japan 2010 Digital camera Arbitrary code execution from SD card Japan 2011 MFP Authentication bypass and more Japan & overseas 2012 Digital TV DoS Japan 2012 Many Devices Arbitrary code execution by UPnP vulnerability Japan & overseas 2013 Digital TV DoS & restart by malformed packets Japan & overseas 2013 Smart phone Intrusion of malware through power cable Japan & overseas 2013 Digital TV Authority seizure & remote control by illegal application Overseas 2013 Lighting system Force unable to turn on Overseas 2013 Home GW Vulnerability in authentication, CSRF and more (electric lock unlock by malicious third party) Overseas 2013 Toilet Hard-Coded Bluetooth PIN Vulnerability Japan With the advancement of function, the reports of vulnerability have been increasing after 2012
  • 19. Agenda 19 Changes in the feature of connected CE products The risks to connect Performance and trends in the Vulnerability Assessment for connected CE products Security functions required for CE products in the time of IoT Closing
  • 20. Vulnerability Eradication Efforts at Panasonic 20 Base Knowledge (Awareness/Education) Base foundation of knowledge regarding product security Two pillars supporting Product Security Minimize Risk Incident Response Minimize Risk Incident Response Product Security Improving security of products including house hold appliances is an important requirement for Panasonic Network Home Appliances, Embedded Systems, Services
  • 21. Response based on product lifecycles. 21 ShippingProduct Lifecycle Contamination Prevention (Avoid building vulnerabilities into) Inspection/Removal (Detect vulnerability and remove) Maintain/Improve (Response after shipping) Response Table Top Risk Analysis (Vulnerability Analysis) Security Design ・Secure Coding ・Static Analysis ・Vulnerability analysis (Security Inspection) ・Incident response The need to respond throughout the product lifecycles Sale/ServiceTestImplementDesignPlan Disposal Minimize Risks Incident Response
  • 22. Response based on product lifecycles. 22 ShippingProduct Lifecycle Contamination Prevention (Avoid building vulnerabilities into) Inspection/Removal (Detect vulnerability and remove) Maintain/Improve (Response after shipping) Response Table Top Risk Analysis (Vulnerability Analysis) Security Design ・Secure Coding ・Static Analysis ・Vulnerability analysis (Security Inspection) ・Incident response The need to respond throughout the product lifecycles Sale/ServiceTestImplementDesignPlan Disposal Minimize Risks Incident Response
  • 23. Vulnerability Analysis for Panasonic House hold appliances and embedded systems 23 The number and details for the vulnerability are for vulnerabilities found “pre shipping” The detected vulnerabilities were patched prior to shipping These vulnerabilities do not exist in current products available in the general market. Actual results I will present
  • 24. Vulnerability assessments for Panasonic house hold appliances and embedded systems 24
  • 25. Vulnerability assessments for Panasonic house hold appliances and embedded systems 25
  • 26. Trend of vulnerability : Rise period(2003-05) of Connected CE products 26
  • 27. Trend of vulnerability : Early progressive period(2006-08)of Connected CE products 27
  • 28. Trend of vulnerability : late progressive period(2009-10)of Connected CE products 28
  • 29. Trend of vulnerability : Mature stage(2011-13)of Connected CE products 29
  • 30. Agenda 30 Changes in the feature of connected CE products The risks to connect Performance and trends in the Vulnerability Assessment for connected CE products Security functions required for CE products in the time of IoT Closing
  • 31. Historical Overview of Function and Data Information of Networked Home Appliances(2010~:Mature Phase) 31 Internet(Household) Cellphones Digital TV Recorder Audio System/Music Digital Camera/Camcorder Health Care Appliances Cooking Appliance Home Related 201220102008200620042002 ADSL FTTH(光回線) GSM(cHTML) 広帯域CDMA(HTML/Java) Smartphone ブラウザ 宅外操作 CDDB 機器連携 (DLNA) VOD 状態通知 Security Operational Info ドアホン 来客通知 Apps HEMS スマホ 連携 エアコン 遠隔操作 画像アップロード Cloud Integration allows the information linkage to include everything including smartphones. ID/Passworr Recording history Email Address Device Operation Info Access History CD Ownership List Payment Info Viewing History Vacancy Info Operational Info of each device Image Info Blog/UL Service account info Visitor Info Email address Content Ownership Device Ownership Operational Info of each device. Power Usage Info Payment Info Purchase History 住所氏名 ブログ/SNSアカウント Physical Information Service Account Operation Info Service Account Cloud Integration Address Book Video/Image Account info
  • 32. The Evolution of Networked Home Appliances Functionality and Information (Near Future) Home Appliances(Audio Visual,House hold,Cosmetic) PC,Game Terminal,Information Terminals Smartphone,Cellphones,Landlines Housing Equipment( Single Family, Complexes) Medical Devices (Individual , Institutional) Public Services(Municipal offices, schools) Public Transportations(Bus、Trains) Cars/Automotive equipment Infrastructure(Power、Gas、Water) Retail(Large scale, individual) 32 Is the era when household appliances , home and public,commercial services are all connected near? Everything is connected Inside the home connecting
  • 33. Future prediction Spread to the whole of human life Rapid increase of device Connect to the various industries 33
  • 34. Spread to the whole of human life 34 Risk of Serious accident Higher reliability Fire due to incorrect control of CE product Invalidation of electric lock security Accident and runaway of automotive Connect to various device of various manufacturer We want to guarantee at least minimum level security Will you need the standard like Industry standard ? it is not the problem of one company Entire House, Linkage to automotive, home security and gas app… Information assets = life of customer The minimum level security ?
  • 35. Spread to the whole of human life 35 The risk due to share of authentication information Adoption of SSO is also being investigated in CE products Influence of vulnerability will spread to other services that share authentication information it is not the problem of one provider or one vendor Constantly connected communications, share of authentication information Useful … Authentication provider CE Smart phone application Web service Automotive HEMS game CE Share of authentication information What must we do to make product secure ? SNS application
  • 36. Rapid increase of device 36 Lighting, switch, sensor, electric socket, etc. Maintenance of various and huge amount of devices After vulnerability is reported, software must be updated Lighting, sensor, electric socket…update all ? How to update ? Service engineers ? Automatic update ? Disclaimer of firmware update Lifetime of CE product is long (over 10 years) Up to when ? The update method, the period to continue to care security ?
  • 37. Connect to the various industries 37 Diversification of I/F, protocol ECHONET Lite, CAN, DLNA… Bluetooth, NFC, TransferJet, ZigBee, Z-Wave… Original communication protocol, 920MHz… Security verification technology must catch up Only knowledge of the IP network is not enough Knowledge other than the IP network is necessary Knowledge of Non-IT engineers will be needed Think tank beyond the type of industry? Diversification of I/F of the linkage to infrastructure, automotive and healthcare, security technology catch up The structure which takes in knowledge of various fields?
  • 38. Agenda 38 Changes in the feature of connected CE products The risks to connect Performance and trends in the Vulnerability Assessment for connected CE products Security functions required for CE products in the time of IoT Closing
  • 39. Closing 39 Several billion of IoT(Internet of Things) will be connected It is difficult to guarantee security by one company The approach beyond the industry/type of industry /position must be needed Unite for the IoT security ! Internet Store Social infrastructure Public Service Housing equipment Automotive in-car device Smart phone Information device PC Connected CE product
  • 40.
  • 41. Contact 41 Analysis Center Panasonic Corporation http://www2.panasonic.co.jp/aec/ns/index.html Sorry, Japanese Only… Panasonic-PSIRT http://panasonic.co.jp/info/psirt/en/ product-security@gg.jp.panasonic.com