相关的PPT,我们可以在https://www.iotvillage.org/ 上找到。
------------
Unexpected IoT—Solar Panels Compromise
针对太阳能版组件的攻击
逻辑上的攻击面
Open Access Point//
httpd//存在登录,暴力破解得到用户名和密码,里面的服务存在命令注入,顺利拿到shell, 然后发现里面有个vpn。
dns
ssh
serial to tcp
dhcp
unknown udp 5002
物理上的攻击面
uBoot
Console
Rs-489
USB host
Emerency Button
------------------------------------------------------------------
这个PPT就是讲了Mirai这个蠕虫的例子。
---------------------------------------------------------------
Medical Device Security Considerations: Case Study
Medical Device Security Considerations
Risks
{
Patient safety(lives)
Operational/Downtime
Data Breaches/Fines
Revenue/Financial
Patient trust & staff morale
National Security
}
Threats
{
Targeted attacks
Collateral damage
Malware remediation
Theft/Loss
Compliance violation
Lateral attack /weakest link exploitation
Hacktivism, terrorism
}
Vulnerability
{
Tightly regulated "turn-key" systems
Long useful life
Poorly protected & patched
No detection & alerting
Ecosystem Complexity
Vulnerability of device, hospital, & health system
Network connected
}
上面这个模型是symantec提出来的。
What Do You Mean, “Patch”? A Shared Vision of IoT Security Updates
主要讲了如何去打补丁。额。
The Connected World Has Been Disconnected: Survival Guide in IoThreats Era
主要讲述了在现实生活中,IOT设备存在着哪些风险
Ransomware, Drones, Smart TVs, Bots: Protecting Consumers in the Age of IoT
介绍了一些东西
All Your Locks Are BLEong to Us
主要介绍了一些使用蓝牙(BLE)的锁的一些漏洞,
我们可以通过发现其协议,进而控制这些锁。
讲述了IOT,以及IOT设备可能带来的风险
然后列举了几个物联网设备,
1 Belink Router 存在一个登录认证绕过的漏洞,密码放在本地。额
2 Motoraola Focus73
{认证绕过,命令注入,远程文件包含}
3 Netgear ReadyNAS RN10400
{CSRF,任意命令注入}
4 ASUS RT-N56U
{本地信息泄漏,web服务栈溢出}
----------------------------------------------------------