insecure baby monitors

September 2, 2015 ~ hucktech ~ Leave a comment

Rapid7 did an IoT security study of baby monitors, that’s currently being covered by the Verge and a lot of other news sites today.

The results were abysmal. Eight of the nine cameras received a failing F, while the other received a D. The security failures included a number of known vulnerabilities, including transmitting video and sending data to servers without encryption. Many of the connected devices also had built-in passwords that could be guessed (or worse, published) by the attacker, a long-standing concern in embedded devices.

http://www.theverge.com/2015/9/2/9241661/baby-monitors-vulnerable-hacking-patch-zero-day
https://www.rapid7.com/resources/iot/index.jsp

EmbeddedComputing on TPM-flavored IoT security

August 25, 2015 ~ hucktech ~ Leave a comment

The Trusted Computing Group likes Embedded Computing’s story on TPM-flavored IoT security:

Recap @TrustedComputin @Microsoft #IoT talk last week's @IOTDevCon – role of trust #TPM http://t.co/PsRzniBEwA

— Trusted Computing (@TrustedComputin) August 24, 2015

http://embedded-computing.com/25953-using-a-trusted-platform-module-and-trusted-brokered-io-as-the-foundation-of-iot-security/

EmbeddedComputing on regulating IoT security

August 25, 2015 ~ hucktech ~ Leave a comment

Embedded Computing has a story on if/how/when governments will step in after the IoT gets out of hand.

http://t.co/OJXKoxHgOM

— vincent zimmer (@vincentzimmer) August 25, 2015

http://embedded-computing.com/25958-should-iot-security-be-regulated-by-industry-or-government/

I’m still without opinion on IoT software-level stacks, beyond traditional embedded computing stack. So far, it appears each big company has their own solution, wrapped up in a standards body organization or open-looking industry trade group. Kindof like “the Cloud”. Especially since most IoT stacks are tied to a vendor’s Cloud stack. 😦 I’m yet to be impressed by any IoT-centric software. I wish I could find a decent vendor-neutral definition of IoT problems and solutions, and how the various implementations will work together, and how to deal with all of the IoT security issues that are new.

Intel on IoT, IoTivity, and Minnowboard

August 25, 2015 ~ hucktech ~ Leave a comment

Yesterday Slashdot did a interview (video + text transcript) with Mark Skarpness of Intel, on the IoT, Minnowboard, and IoTivity.

Mark Skarpness talks about MinnowBoard, IoT and the future! http://t.co/y2UEOk1Git

— MinnowBoard (@MinnowBoard) August 24, 2015

http://hardware.slashdot.org/story/15/08/24/1856256/the-iot-the-minnowboard-and-how-they-fit-into-the-universe-video

OTA releases draft IoT Trust Framework spec

August 12, 2015 ~ hucktech ~ Leave a comment

As found on Dark Reading, yesterday the IoT Working Group of the Online Trust Alliance (OTA) released a trust framework draft.

Internet of Things Lacks Safety Today, Opening Door to Major Threats Tomorrow, Warns OTA

BELLEVUE, Wash. – The Online Trust Alliance (OTA), the non-profit with the mission to enhance online trust, today released its Internet of Things Trust Framework, the first global, multi-stakeholder effort to address IoT risks comprehensively. The framework presents guidelines for IoT manufacturers, developers and retailers to follow when designing, creating, adapting and marketing connected devices in two key categories: home automation and consumer health and fitness wearables. In the spirit of collaboration, OTA openly invites industry leaders to review the document and provide feedback. With members that include ADT, AVG Technologies, Microsoft, Symantec, Target, TRUSTe, Verisign and nearly 100 other subject matter experts, the OTA IoT Working Group was formed in January 2015. Through extensive research, this taskforce concluded that the safety and reliability of any IoT device, app or service depends equally on security and privacy, as well as a third, often overlooked component: sustainability.

IoT Trust Framework – Security, Privacy & Sustainability

The Internet of Things (IoT) moniker is being applied to 1000’s of devices, offering increased utility, functionality and other consumer and business benefits. In the rapid race to bring products to market, many lack basic security protocols, privacy considerations and related safeguards. Others have insecure processes and appear to be failing to consider fundamental privacy principles. While it is recognized there is no “perfect security” or “absolute privacy”, the lack of standards and controls increases the risk of exploits, data breaches and abusive data use policies to consumers and businesses worldwide.

https://otalliance.org/initiatives/internet-things
https://otalliance.org/news-events/press-releases/internet-things-lacks-safety-today-opening-door-major-threats-tomorrow

Click to access iot_trust_frameworkv1.pdf

http://www.darkreading.com/endpoint/iot-working-group-crafts-framework-for-security-privacy-/d/d-id/1321708

Registration opens for OSHUG’s Hardware Camp

August 11, 2015 ~ hucktech ~ Leave a comment

The Open Source Hardware User Group’s Open Source Hardware Camp 2015 takes place September 26-27. OSHUG’s 2-day event is 1-day of talks and 1 day of workshops.

“Registration is now open for OSHCamp 2015. This year we will have 13 talks and 6 workshops, and a social is planned for the Saturday evening. OSHCamp 2015 takes place September 26-27 at Hebden Bridge Town Hall, St. George’s Street, in the Pennine town of Hebden Bridge, approximately 1 hour by rail from Leeds and Manchester. For the third year running it is being hosted as part of the technology festival, Wuthering Bytes.”

Talks:
* Research led reality – how rhetoric and research shapes the maker movement, Hannah Stewart
* Confusion of Things — The IoT Hardware Kerfuffle, Omer Kilic (@OmerK)
* Disrupting the IoT by leveraging the ESP8266 for big data, Matt Venn
* Controlling a CNC milling machine with a BeagleBone Black and Machinekit, Stuart Childs
* Speculative Hardware in Abstract Culture, Derek Hales
* How to Openwash Your Product and Make Your Millions!, Ben Gray
* Simulating and benchmarking the Adapteva Parallella board, Sarah Mount
* Introducing a fun documentation standard to share your project, Tobias Wenzel
* C88 — possibly the world’s lowest spec PC, Daniel Bailey
* Using open source processors and fabrics for scale-out compute, Rob Taylor
* WSPR, You Versus the Atmosphere: Pushing the limits of radio with minimal hardware, Jenny List
* Low level Ethernet on micros and FPGA, Michael Kellett
* Open Hardware Licensing – it’s easier than you think, Andrew Katz
* Compére, Dr Jeremy Bennett

Workshops:
* 3D modelling with Node.js, Ben Jefferson
* A hands-on introduction to ESP8266: Sensors for the Home, Omer Kilic
* Learn KiCad by building an ESP8266 sensor board, Matt Venn
* A £100 3D printed digital microscope, anyone?, Tobias Wenzel
* Arduino-based wearable electronics with the Seahorse, Jeremy Bennett
* Assembling the OSHCamp kit, Chelsea Back

http://oshug.org
http://oshcamp2015.eventbrite.co.uk/
http://oshug.org/cgi-bin/mailman/listinfo/oshug
http://www.wutheringbytes.com/days/oshcamp/talks.html
http://www.wutheringbytes.com/days/oshcamp/workshops.html

new firmware tool: angr

August 7, 2015 ~ hucktech ~ Leave a comment

A new firmware security tool called ‘angr’ was announced at Black Hat Briefings this week:

Angr is a platform-agnostic concolic binary analysis platform developed by the Seclab at the University of California Santa Barbara and their associated CTF team, Shellphish. angr is a multi-architecture binary analysis platform, with the capability to perform dynamic symbolic execution (like Mayhem, KLEE, etc) and various static analyses on binaries. Several challenges must be overcome to do this, and angr has components that meet all of these challenges:
* Loading a binary into the analysis program.
* Translating a binary into an intermediate representation (IR).
* Translating that IR into a semantic representation (i.e., what it does, not just what it is).
* Performing the actual analysis. This could be:
     + A full-program static analysis (i.e., type inference, program slicing).
     + A symbolic exploration of the program’s state space (i.e., “Can we execute it until we find an overflow?”).
     + Some combination of the above (i.e., “Let’s execute only program slices that lead to a memory write, to find an overflow.”)

The talk:

Using Static Binary Analysis To Find Vulnerabilities And Backdoors in Firmware
Chris Kruegel, Chief Scientist, Lastline
Over the last few years, as the world has moved closer to realizing the idea of the Internet of Things, an increasing number of the analog things with which we used to interact every day have been replaced with connected devices. The increasingly-complex systems that drive these devices have one thing in common – they must all communicate to carry out their intended functionality. Such communication is handled by firmware embedded in the device. And firmware, like any piece of software, is susceptible to a wide range of errors and vulnerabilities.

http://angr.io/
https://github.com/angr/angr
http://www.fiercemobileit.com/story/backdoors-firmware-can-leave-iot-devices-open-hackers-researchers-warn/2015-08-07
http://landing.lastline.com/blackhat2015

ARM acquires Sansa Security for IoT security

July 31, 2015 ~ hucktech ~ Leave a comment

Yesterday ARM Ltd announced acquisition of Sansa Security, the acquisition will offer hardware and software-based security features, boosting protection for sensitive data and content on any connected device. Press release:

ARM has acquired Israel-based Sansa Security, a provider of hardware security IP and software for advanced system-on-chip components deployed in IoT and mobile devices. The company currently enables security in more than 150 million products a year and Sansa Security technology is deployed across a range of smart connected devices and enterprise systems. The deal complements the ARM security portfolio, including ARM(R) TrustZone(R) technology and SecurCore(R) processor IP. Terms have not been disclosed.

“Any connected device could be a target for a malicious attack so we must embed security at every potential attack point,” said Mike Muller, CTO, ARM. “Protection against hackers works best when it is multi-layered, so we are extending our security technology capability into hardware subsystems and trusted software. This means our partners will be able to license a comprehensive security suite from a single source.”

Sansa Security technology makes it easier for manufacturers to build secure products by offering a complete hardware subsystem that adds additional isolation of security operations from the main application processor. This is complemented by software components operating on top of trusted execution environments to perform security-sensitive operations. The acquisition builds upon ARM’s embedded TrustZone technology, creating extra protection against malware and malicious software. It is a system-wide approach that underpins security-related chipset and trusted software needs. This enables the protection of any connected device and management of sensitive data and content.

“Our technology is already being used to protect data gathered and transmitted by a multitude of IoT and mobile devices,” said Coby Sella, CEO, Sansa Security. “Joining ARM will enable us to scale the business by helping ARM’s global technology partners to address their most pressing security needs. Aligning what we do with the world’s leading IP company, allows us to develop our products and capability to new levels.”

Security forms one of the main pillars of ARM’s business. The company offers the world’s most comprehensive IP security portfolio for smart connected devices. The acquisition of Sansa Security is the latest in a series of acquisitions and product launches aimed at simplifying the development and deployment of secure connected devices. Other activity in the development of ARM’s IoT business during the last 12 months includes:

    June 1, 2015: Launched a IoT sub-system IP package to de-risk the design cycle for IoT chips
    April 16, 2015: Launched ARM Cordio(R), the IT industry’s first sub-one-volt self-contained radio block and related firmware to simplify radio deployment in IoT devices
    Feb. 24, 2015: Launch the ARM mbed(TM) IoT starter kit to simplify the process of adding IoT capabilities and secure cloud connectivity for device manufacturers
    Feb. 9, 2015: Announced the acquisition of Offspark to integrate the world’s most pervasive embedded Transport Layer Security (TLS) solution in to the ARM mbed portfolio
    Oct. 1, 2014: Launched ARM mbed, a new software platform and free operating system to simplify and speed up the creation and deployment of Internet of Things (IoT) products.

Sansa Security is a world-leading provider of system-wide security operating from the silicon chipset level to provisioning security in the enterprise cloud. Its technology enables the creation of secure devices through hardware security IP that complements ARM TrustZone. The company’s trusted software security IP, running in TrustZone-based Trusted Execution Environments, also protects code and data assets. Sansa Security’s IP will be integrated in to ARM’s TrustZone and IoT portfolios.

More Information:
https://www.sansasecurity.com/

#ARM expands #IoT security capability with acquisition of Sansa Security http://t.co/xhceStyE4Z

— Arm Holdings (@ArmHoldings) July 30, 2015

http://www.arm.com/about/newsroom/arm-expands-iot-security-capability-with-acquisition-of-sansa-security.php?utm_content=sf39691877&utm_medium=spredfast&utm_source=twitter&utm_campaign=ARM+Social+Media&sf39691877=1

OSCON post-conference proceedings

July 25, 2015 ~ hucktech ~ Leave a comment

OSCON2015, the O’Reilly Open Source Convention, just ended. In addition to Matthew’s TPM CloudOS talk, there were a few other interesting talks:

Building a trustworthy computer
Matthew Garrett (CoreOS)
As we become more and more reliant on our computers, attackers become more and more sophisticated. How can we build a computer that’s resilient to some of the more subtle attacks such as firmware modification?
http://cdn.oreillystatic.com/en/assets/1/event/129/Building%20a%20trustworthy%20computer%20Presentation.odp

Closed devices powered by open source software? The IoT Paradox.
Peter Hoddie (Marvell)
The Internet of Things is built on open source software, and yet the devices are far from open. This isn’t the future that free and open source contributors have been working toward. It’s a disappointment for the Open Source Community, but we can lead the way to freedom, transparency, and collaboration in IoT. And we must—to avert impending frustration for increasingly savvy consumers.
http://cdn.oreillystatic.com/en/assets/1/event/129/Closed%20devices%20powered%20by%20open%20source%20software_%20The%20IoT%20Paradox_%20Presentation.pdf

Hacking smart electronics
Robert Gallup (XOBXOB)
Prototypes allow us to see, touch, feel, and refine ideas and designs. Starting from zero, this hands-on workshop explores smart hardware prototyping using a micro-controller and basic electronic components. You’ll connect LEDs, buttons, and knobs, then program a micro-controller to define behavior. Through this you’ll better understand the tools and process of designing smart, connected products.
http://cdn.oreillystatic.com/en/assets/1/event/129/Hacking%20smart%20electronics%20Presentation.zip
http://robertgallup.github.io/get/OSCONCourseware.zip

Introduction to developing embedded Linux device drivers
Nick Gudman (Hewlett Packard)
Learning to develop device drivers can be intimidating, but Linux makes it simpler than ever to write your own device driver. Using a simple driver for a monochromatic character display as a guide, we will briefly explore important topics for developing embedded Linux device drivers.
http://cdn.oreillystatic.com/en/assets/1/event/129/Introduction%20to%20developing%20embedded%20Linux%20device%20drivers%20Presentation.odp

Ironic: A modern approach to hardware provisioning
Devananda van der Veen (HP Cloud)
Ironic is a modern tool for hardware provisioning. Combining a RESTful API, scalable control plane, and pluggable hardware drivers, Ironic installs operating systems efficiently and repeatably on diverse hardware. We will demonstrate Ironic with Ansible, install, build, and deploy a machine image, and discuss the project’s architecture, history, and goals. Deep knowledge is not required.
http://cdn.oreillystatic.com/en/assets/1/event/129/Ironic_%20A%20modern%20approach%20to%20hardware%20provisioning%20Presentation.pdf

Raspberry Pi hacks
Ruth Suehle (Red Hat), Tom “spot” Callaway (Red Hat)
Ruth Suehle and Tom Callaway, authors of _Raspberry Pi Hacks_ (O’Reilly, December 2013) offer technical tips for makers, hackers, and tinkerers who want to take advantage of the Raspberry Pi. You’ll learn universally useful things, like how to add a power switch, followed by a show-and-tell of fun things that Ruth and Tom as well as many others have built.
http://cdn.oreillystatic.com/en/assets/1/event/129/Raspberry%20Pi%20hacks%20Presentation.pdf

Using open source tools to secure containers and clouds
Derek Thurston (Booz Allen Hamilton)
Is your cloud secure? Is your cloud of containers secure? Security should be built-in from Day Zero, and not layered in as an afterthought. What open source tools are out there now to help you in your quest to not be on the front page of the news? How are all of the latest hacks happening, and how can we put tools in place to prevent these from happening again?
http://cdn.oreillystatic.com/en/assets/1/event/129/Using%20open%20source%20tools%20to%20secure%20containers%20and%20clouds%20Presentation.ppt

I’m sure there’re some other gems too, the above list is what caught my eye… Mr. O’Reilly, please make the video — or at least audio — publicly-available too, don’t just for post-conference proceedings!

http://www.oscon.com/open-source-2015/public/schedule/proceedings

Intel Chip Chat on Iot Security

July 17, 2015 ~ hucktech ~ Leave a comment

Today the Intel Chip Chat podcast has an episode on IoT security:

“Brian McCarson, Senior Principal Engineer and Senior IoT System Architect for the IoT Group at Intel chats about the amazing innovations happening within the IoT arena and the core technology from Intel that enables IoT to achieve its’ full potential. He emphasizes how important security and accuracy of data is as the amount of IoT devices grows to potentially 50 Billion devices by 2020 and how Intel provides world class security software capabilities and hardware level security which are helping to protect from any risks associated with deploying IoT solutions. Brian also describes the Intel IoT Platform that is designed to promote security, scalability, and interoperability and creates a standard that allows customers to reduce time to market and increase trust when deploying IoT solutions.”

https://embedded.communities.intel.com/docs/DOC-8488

Firmware security checks and IoT network security

May 11, 2015 ~ hucktech ~ Leave a comment

In Mobile Enterprise, Laurie Lamberth and Steve Brumer have a story on IoT network security. Previous articles on topic have mentioned issues with out-of-date device firmware.

Excerpt:

3. Periodic endpoint integrity checks: With thousands of devices of all different types being connected to the enterprise networks, over different networks with different access control protocols, after the fact as well as real-time access monitoring is a good idea. Periodically checking each device’s security software and policies, firmware, software, and other resources such as anti-virus protection, can root out vulnerabilities before they become problems.

Read the full story:
http://mobileenterprise.edgl.com/news/3-Options-for-Securing-the-IoT-Network-99910

Do you know how to check the firmware on your system?

Book Review: Embedded Firmware Solutions

May 9, 2015 ~ hucktech ~ Leave a comment

Embedded Firmware Solutions: Development Best Practices for the Internet of Things
APress Media
ISBN 978-4842-0071-1
February 2015
Jiming Sun, Marc Jones, Stefan Reinauer, Vincent Zimmer
http://www.apress.com/9781484200711

[I recently finished reading this book. Sadly, I didn’t know about it until the other day, after my LinuxFestNorthWest talk on firmware security tools, someone from Sage pointed out that I omitted this from my More Information slides.]

If you care about firmware development — or just understanding current firmware architecture — you should have this book. It is the only current book with information about modern firmware in use today. The authors are all experienced and well-known firmware developers, including members of the Coreboot and UEFI teams, and there is also an impressive list of tech reviewers. There are 4 areas that this book focuses on:
* Intel Firmware Support Package (FSP), and it’s use in Coreboot and UEFI.
* UEFI and it’s dev platform.
* Coreboot and Chrome use of it.
* Intel Quark and UEFI firmware.

Intel Press has a handful of other UEFI books, but they are years old, this book is only a few months old, and has fresher details on UEFI. I don’t know of any other book with this kind of information on Coreboot, or on Intel FSP. There are a variety of books on Intel’s Minnowboard and Quark/Galileo IoT hardware: most of those books talk about how to write user-level apps, this is the only book that talks about updating the firmware of Intel IoT devices.

I’m looking forward to a second edition in a year or so, once tech changes enough.

Firmware and IoT Security

May 1, 2015 ~ hucktech ~ Leave a comment

Richard Quinnell of EDN has a story about IoT security, “First three rules of IoT security”.

Excerpt: “First, plan on making your device able to have its firmware remotely updated in a secure manner.”

Read the entire document here:
http://www.edn.com/electronics-blogs/eye-on-iot-/4439342/First-three-rules-of-IoT-security