Security is hard, but this “tools in action” session will walk you through some of the most common issues and threats in an IoT (Internet of Things) context, and will show you how to be more careful in your day-to-day life.
This talk aims at presenting the most common attacks targeting devices, and for each threat we will present open source tools that can help you preventing them.
We will start with common network attacks like DNS poisoning, and we’ll conduct classic eavesdropping on MQTT and CoAP communications. Thanks to open source project implementing authentication we will show how to prevent such attack, in an example using Eclipse Paho for MQTT communications.
Another widely spread attack rely on device that have hardcoded keys (http://www.pcworld.com/article/3009143/security/millions-of-embedded-dev...). We’ll give hints as to how to build a better key distribution scheme with Eclipse IoT building blocks.
Finally, we will by showing how a backdoor can be added into a real device firmware, and how cryptographic signature and secure boot can help enforce firmware integrity.
While we will cover some pretty technical details, this talk is also a good fit for anyone curious about security topics who wants to understand what need to be done to really make the Internet of Things secure.