SlideShare uma empresa Scribd logo

IoT Fofoqueiro

Transferir como PPTX, PDF
Anchises Moraes
Anchises Moraes

IoT Fofoqueiro Nossos dispositivos IoT não sabem guardar um segredo! Nesta palestra vamos rever vários casos recentes sobre dispositivos de Internet das Coisas que, deliberadamente ou não, revelavam dados pessoais de seus usuários. A Internet das Coisas (do inglês Internet of Things, ou IoT) está cada vez mais presente em nosso dia-a-dia em dispositivos pessoais, computação vestível, automação residencial, carros inteligentes e muito mais. Conforme eles se proliferam, crescem tambem os casos de exposição de dados pessoais. Nessa apresentação vamos rever alguns casos interessantes de dispositivos IoT que não tinham os devidos cuidados com privacidade. Palestra apresentada em 04/05/2018 na CryptoRave #CR2018

Tecnologia
1 de 39
5/5/2018 Apresenta…
IoF Internet of Fofoca (IoTs Fofoqueiros) @anchisesbr @RSAFraud @Garoahc @BSidesSP @CSAbr
Imagem: giphy iot fofoqueiro?
IoT Fofoqueiro: s.m. Dispositivo IoT que tem acesso não autorizado a dados pessoais de seu usuário, permitindo o compartilhamentou indevido e/ou acesso por terceiros. Imagem: giphy
objetivo • Popularização da Internet das Coisas (IoT) Imagem: xkcd
objetivo • Problemas de segurança no mundo IoT Imagem: xkcd
Foco • Casos de mau uso • Compartilhamento de dados pessoais Imagem: giphy
Risco • Privacidade Imagem: giphy
motivação Tempo INsegurança Lançamento Padrões de segurança Popularização Problemas!!! Patches Imagens: xkcd
Imagem: giphy casos
“LIFX mesh network protocol was largely unencrypted”
https://thehackernews.com/2013/11/your-tv-now-watching-you-too-lg-smart.html
https://doctorbeet.blogspot.com.br/2013/11/lg-smart-tvs-logging-usb-filenames-and.html Opção escondida
https://thehackernews.com/2017/07/irobot-roomba-vacuums.html
Imagem: giphy “CEO of iRobot has revealed that the robotic vacuum cleaner builds a map of your home while cleaning”
https://thehackernews.com/2017/10/smart-iot-device-hacking.html
Fonte: The Hacker News, Checkpoint https://www.youtube.com/watch?v=BnAHfZWPaCs
https://www.theguardian.com/technology/2015/nov/26/hackers-can-hijack-wi-fi-hello-barbie-to-spy-on-your-children
“When connected to Wi-Fi the doll was vulnerable to hacking, allowing him easy access to the doll’s system information, account information, stored audio files and direct access to the microphone.”
https://thehackernews.com/2016/12/amazon-echo-murder.html
“The police said they were able to extract data from Echo, though it's uncertain what they were able to uncover and how useful that data would be in their investigation.” Imagem: Amazon
“According to court records, Bates' smart water meter shows that his home ran 140 gallons of water between 1 AM and 3 AM the night Collins was found dead in Bates' hot tub. The prosecution claims that the water was used to wash away evidence after he killed Collins. ”
https://thehackernews.com/2017/01/cartapping-connected-cars.html
“In 2014, satellite radio and telematics provider SiriusXM provided location information of a Toyota 4- Runner following a warrant by New York police (…). The warrant asked SiriusXM "to activate and monitor as a tracking device the SIRIUS XM Satellite Radio installed on the Target Vehicle" for ten days, and the company admitted to Forbes that it complied with the order. (…) The company simply turned on the stolen vehicle recovery feature of its Connected Vehicle Services technology on the target vehicle, (…).” ” The Hacker News
“In 2007, OnStar was ordered to provide audio data from a Chevrolet Tahoe belonging to Gareth Wilson in Ohio. An emergency button in Wilson's car was automatically pushed without his knowledge, which allowed an officer from the Office of the Fairfield County Sheriff to listen to the conversation about a possible drug deal (…). After that, when the feds located and searched the car, they found marijuana. (…).” ” The Hacker News
Samsung F8000 Weeping Angel
https://www.youtube.com/watch?v=P2_ZWKwM5Bw “Alexa Are You Connected to the CIA?”
https://www.theguardian.com/world/2018/jan/28/fitness-tracking-app-gives-away-location-of-secret-us-army-bases
Imagem: Strava, The Guardian
E agora !?
Privacidade x Conveniência Imagem: giphy
Cuidados básicos Imagem: Facebook
Cuidados básicos • Altere as senhas padrão • Desativar o recurso Universal Plug-and- Play (UPnP) • Revisar restrições de Gerenciamento Remoto • Verifique as atualizações de software Fonte: The Hacker News
Online scan http://iotscanner.bullguard.com
Para saber mais... Artigo - Notícias sobre ameaças em IoT https://anchisesbr.blogspot.com/2018/02/seguranca-noticias-sobre-ameacas-em-iot.html Artigo – IoT Espião https://anchisesbr.blogspot.com.br/2017/03/seguranca-iot-espiao.html Security Guidance for Early Adopters of the IoT” https://cloudsecurityalliance.org/download/new-security-guidance-for-early-adopters-of- the-iot/ "Future-proofing the Connected World: 13 Steps to Developing Secure IoT Products“ https://cloudsecurityalliance.org/download/future-proofing-the-connected-world/ @Internet of Shit https://twitter.com/internetofshit
5/5/2018 Obrigado garoa.net.br @anchisesbr @garoahc
Participe! http://sp15.securitybsides.com.br 19 e 20 / Maio / 2018

Recomendados

Catching imsi catchers
Catching imsi catchersCatching imsi catchers
Catching imsi catchersGeoffrey Vaughan
 
The Dark Web
The Dark WebThe Dark Web
The Dark Webjamiecornista
 
Dark web markets: from the silk road to alphabay, trends and developments
Dark web markets: from the silk road to alphabay, trends and developmentsDark web markets: from the silk road to alphabay, trends and developments
Dark web markets: from the silk road to alphabay, trends and developmentsAndres Baravalle
 
ANDROID SECURITY
ANDROID SECURITYANDROID SECURITY
ANDROID SECURITYyogeshraut090
 
Guide to dark web
Guide to dark webGuide to dark web
Guide to dark webJspider - Noida
 
Dark and Deep web
Dark and Deep webDark and Deep web
Dark and Deep webKhaled Sany
 
Dark net
Dark netDark net
Dark netMudasser Afzal
 
Deep web
Deep webDeep web
Deep webJANNAULIT
 

Recomendados

Catching imsi catchers
Catching imsi catchersCatching imsi catchers
Catching imsi catchersGeoffrey Vaughan
 
The Dark Web
The Dark WebThe Dark Web
The Dark Webjamiecornista
 
Dark web markets: from the silk road to alphabay, trends and developments
Dark web markets: from the silk road to alphabay, trends and developmentsDark web markets: from the silk road to alphabay, trends and developments
Dark web markets: from the silk road to alphabay, trends and developmentsAndres Baravalle
 
ANDROID SECURITY
ANDROID SECURITYANDROID SECURITY
ANDROID SECURITYyogeshraut090
 
Guide to dark web
Guide to dark webGuide to dark web
Guide to dark webJspider - Noida
 
Dark and Deep web
Dark and Deep webDark and Deep web
Dark and Deep webKhaled Sany
 
Dark net
Dark netDark net
Dark netMudasser Afzal
 
Deep web
Deep webDeep web
Deep webJANNAULIT
 
10 Signs data privacy is the new Wild West
10 Signs data privacy is the new Wild West 10 Signs data privacy is the new Wild West
10 Signs data privacy is the new Wild West Entefy
 
Stealth Mango and the Prevalence of Mobile Surveillanceware
Stealth Mango and the Prevalence of Mobile SurveillancewareStealth Mango and the Prevalence of Mobile Surveillanceware
Stealth Mango and the Prevalence of Mobile SurveillancewarePriyanka Aash
 
News bytes-July 2013
News bytes-July 2013News bytes-July 2013
News bytes-July 2013n|u - The Open Security Community
 
Security News Bytes Null Dec Meet Bangalore
Security News Bytes Null Dec Meet BangaloreSecurity News Bytes Null Dec Meet Bangalore
Security News Bytes Null Dec Meet BangaloreInMobi Technology
 
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"CloudCamp Chicago
 
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...Duo Security
 
Attack on Sony
Attack on SonyAttack on Sony
Attack on SonyKirti Ahirrao
 
9 Alarming developments in the fight for digital privacy
9 Alarming developments in the fight for digital privacy9 Alarming developments in the fight for digital privacy
9 Alarming developments in the fight for digital privacyEntefy
 
Privacy Exposed: Ramifications of Social Media and Mobile Technology
Privacy Exposed: Ramifications of Social Media and Mobile TechnologyPrivacy Exposed: Ramifications of Social Media and Mobile Technology
Privacy Exposed: Ramifications of Social Media and Mobile TechnologyTom Eston
 
Collected, bundled, and sold: your sensitive private data
Collected, bundled, and sold: your sensitive private dataCollected, bundled, and sold: your sensitive private data
Collected, bundled, and sold: your sensitive private dataEntefy
 
C|EH Introduction
C|EH IntroductionC|EH Introduction
C|EH Introductionsunnysmith
 
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...Alisha Deboer
 
Software Backdoors, Chiaravalle
Software Backdoors, ChiaravalleSoftware Backdoors, Chiaravalle
Software Backdoors, ChiaravalleAdam Chiaravalle
 
Newsbytes_NULLHYD_Dec
Newsbytes_NULLHYD_DecNewsbytes_NULLHYD_Dec
Newsbytes_NULLHYD_DecRaghunath G
 
SEC 573 Project 1 2.22.15
SEC 573 Project 1 2.22.15SEC 573 Project 1 2.22.15
SEC 573 Project 1 2.22.15haney888
 
Fbi Ppt Que Vazou Cisco Falsificado Omb Briefing 2008 01 11 A
Fbi Ppt Que Vazou Cisco Falsificado Omb Briefing 2008 01 11 AFbi Ppt Que Vazou Cisco Falsificado Omb Briefing 2008 01 11 A
Fbi Ppt Que Vazou Cisco Falsificado Omb Briefing 2008 01 11 ACarlos Alberto Teixeira
 
On April 19, 2011, system administrators at Sonys On April 22, Sony .pdf
On April 19, 2011, system administrators at Sonys On April 22, Sony .pdf On April 19, 2011, system administrators at Sonys On April 22, Sony .pdf
On April 19, 2011, system administrators at Sonys On April 22, Sony .pdfamcointernationaljam
 
Mobile Security
Mobile SecurityMobile Security
Mobile SecurityPatrick Vogel
 
US Foreign Corrupt Practices Act and the Economics of Bribery by @EricPesik
US Foreign Corrupt Practices Act and the Economics of Bribery by @EricPesikUS Foreign Corrupt Practices Act and the Economics of Bribery by @EricPesik
US Foreign Corrupt Practices Act and the Economics of Bribery by @EricPesikEric Pesik
 
Forged authenticity: the case of deepfakes
Forged authenticity: the case of deepfakesForged authenticity: the case of deepfakes
Forged authenticity: the case of deepfakesAnca Georgiana Rusu
 
Post pandemics threat scenario
Post pandemics threat scenarioPost pandemics threat scenario
Post pandemics threat scenarioAnchises Moraes
 
Como se proteger na internet
Como se proteger na internetComo se proteger na internet
Como se proteger na internetAnchises Moraes
 

Mais conteúdo relacionado

Semelhante a IoT Fofoqueiro

10 Signs data privacy is the new Wild West
10 Signs data privacy is the new Wild West 10 Signs data privacy is the new Wild West
10 Signs data privacy is the new Wild West Entefy
 
Stealth Mango and the Prevalence of Mobile Surveillanceware
Stealth Mango and the Prevalence of Mobile SurveillancewareStealth Mango and the Prevalence of Mobile Surveillanceware
Stealth Mango and the Prevalence of Mobile SurveillancewarePriyanka Aash
 
Security News Bytes Null Dec Meet Bangalore
Security News Bytes Null Dec Meet BangaloreSecurity News Bytes Null Dec Meet Bangalore
Security News Bytes Null Dec Meet BangaloreInMobi Technology
 
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"CloudCamp Chicago
 
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...Duo Security
 
9 Alarming developments in the fight for digital privacy
9 Alarming developments in the fight for digital privacy9 Alarming developments in the fight for digital privacy
9 Alarming developments in the fight for digital privacyEntefy
 
Privacy Exposed: Ramifications of Social Media and Mobile Technology
Privacy Exposed: Ramifications of Social Media and Mobile TechnologyPrivacy Exposed: Ramifications of Social Media and Mobile Technology
Privacy Exposed: Ramifications of Social Media and Mobile TechnologyTom Eston
 
Collected, bundled, and sold: your sensitive private data
Collected, bundled, and sold: your sensitive private dataCollected, bundled, and sold: your sensitive private data
Collected, bundled, and sold: your sensitive private dataEntefy
 
C|EH Introduction
C|EH IntroductionC|EH Introduction
C|EH Introductionsunnysmith
 
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...Alisha Deboer
 
Software Backdoors, Chiaravalle
Software Backdoors, ChiaravalleSoftware Backdoors, Chiaravalle
Software Backdoors, ChiaravalleAdam Chiaravalle
 
Newsbytes_NULLHYD_Dec
Newsbytes_NULLHYD_DecNewsbytes_NULLHYD_Dec
Newsbytes_NULLHYD_DecRaghunath G
 
SEC 573 Project 1 2.22.15
SEC 573 Project 1 2.22.15SEC 573 Project 1 2.22.15
SEC 573 Project 1 2.22.15haney888
 
Fbi Ppt Que Vazou Cisco Falsificado Omb Briefing 2008 01 11 A
Fbi Ppt Que Vazou Cisco Falsificado Omb Briefing 2008 01 11 AFbi Ppt Que Vazou Cisco Falsificado Omb Briefing 2008 01 11 A
Fbi Ppt Que Vazou Cisco Falsificado Omb Briefing 2008 01 11 ACarlos Alberto Teixeira
 
On April 19, 2011, system administrators at Sonys On April 22, Sony .pdf
On April 19, 2011, system administrators at Sonys On April 22, Sony .pdf On April 19, 2011, system administrators at Sonys On April 22, Sony .pdf
On April 19, 2011, system administrators at Sonys On April 22, Sony .pdfamcointernationaljam
 
US Foreign Corrupt Practices Act and the Economics of Bribery by @EricPesik
US Foreign Corrupt Practices Act and the Economics of Bribery by @EricPesikUS Foreign Corrupt Practices Act and the Economics of Bribery by @EricPesik
US Foreign Corrupt Practices Act and the Economics of Bribery by @EricPesikEric Pesik
 
Forged authenticity: the case of deepfakes
Forged authenticity: the case of deepfakesForged authenticity: the case of deepfakes
Forged authenticity: the case of deepfakesAnca Georgiana Rusu
 

Semelhante a IoT Fofoqueiro (20)

10 Signs data privacy is the new Wild West
10 Signs data privacy is the new Wild West 10 Signs data privacy is the new Wild West
10 Signs data privacy is the new Wild West
 
Stealth Mango and the Prevalence of Mobile Surveillanceware
Stealth Mango and the Prevalence of Mobile SurveillancewareStealth Mango and the Prevalence of Mobile Surveillanceware
Stealth Mango and the Prevalence of Mobile Surveillanceware
 
News bytes-July 2013
News bytes-July 2013News bytes-July 2013
News bytes-July 2013
 
Security News Bytes Null Dec Meet Bangalore
Security News Bytes Null Dec Meet BangaloreSecurity News Bytes Null Dec Meet Bangalore
Security News Bytes Null Dec Meet Bangalore
 
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"
Cloudcamp Chicago Nov 2104 Fintech - Dwight Koop "East / West Chalkboard Talk"
 
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
 
Attack on Sony
Attack on SonyAttack on Sony
Attack on Sony
 
9 Alarming developments in the fight for digital privacy
9 Alarming developments in the fight for digital privacy9 Alarming developments in the fight for digital privacy
9 Alarming developments in the fight for digital privacy
 
Privacy Exposed: Ramifications of Social Media and Mobile Technology
Privacy Exposed: Ramifications of Social Media and Mobile TechnologyPrivacy Exposed: Ramifications of Social Media and Mobile Technology
Privacy Exposed: Ramifications of Social Media and Mobile Technology
 
Collected, bundled, and sold: your sensitive private data
Collected, bundled, and sold: your sensitive private dataCollected, bundled, and sold: your sensitive private data
Collected, bundled, and sold: your sensitive private data
 
C|EH Introduction
C|EH IntroductionC|EH Introduction
C|EH Introduction
 
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
 
Software Backdoors, Chiaravalle
Software Backdoors, ChiaravalleSoftware Backdoors, Chiaravalle
Software Backdoors, Chiaravalle
 
Newsbytes_NULLHYD_Dec
Newsbytes_NULLHYD_DecNewsbytes_NULLHYD_Dec
Newsbytes_NULLHYD_Dec
 
SEC 573 Project 1 2.22.15
SEC 573 Project 1 2.22.15SEC 573 Project 1 2.22.15
SEC 573 Project 1 2.22.15
 
Fbi Ppt Que Vazou Cisco Falsificado Omb Briefing 2008 01 11 A
Fbi Ppt Que Vazou Cisco Falsificado Omb Briefing 2008 01 11 AFbi Ppt Que Vazou Cisco Falsificado Omb Briefing 2008 01 11 A
Fbi Ppt Que Vazou Cisco Falsificado Omb Briefing 2008 01 11 A
 
On April 19, 2011, system administrators at Sonys On April 22, Sony .pdf
On April 19, 2011, system administrators at Sonys On April 22, Sony .pdf On April 19, 2011, system administrators at Sonys On April 22, Sony .pdf
On April 19, 2011, system administrators at Sonys On April 22, Sony .pdf
 
Mobile Security
Mobile SecurityMobile Security
Mobile Security
 
US Foreign Corrupt Practices Act and the Economics of Bribery by @EricPesik
US Foreign Corrupt Practices Act and the Economics of Bribery by @EricPesikUS Foreign Corrupt Practices Act and the Economics of Bribery by @EricPesik
US Foreign Corrupt Practices Act and the Economics of Bribery by @EricPesik
 
Forged authenticity: the case of deepfakes
Forged authenticity: the case of deepfakesForged authenticity: the case of deepfakes
Forged authenticity: the case of deepfakes
 

Mais de Anchises Moraes

Post pandemics threat scenario
Post pandemics threat scenarioPost pandemics threat scenario
Post pandemics threat scenarioAnchises Moraes
 
Como se proteger na internet
Como se proteger na internetComo se proteger na internet
Como se proteger na internetAnchises Moraes
 
Fatos, mitos e palpites do cenário de segurança pós-pandemia
Fatos, mitos e palpites do cenário de segurança pós-pandemiaFatos, mitos e palpites do cenário de segurança pós-pandemia
Fatos, mitos e palpites do cenário de segurança pós-pandemiaAnchises Moraes
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachAnchises Moraes
 
Praticas de gestão de segurança
Praticas de gestão de segurançaPraticas de gestão de segurança
Praticas de gestão de segurançaAnchises Moraes
 
Ciber crime e desafios de segurança durante uma pandemia e home office
Ciber crime e desafios de segurança durante uma pandemia e home officeCiber crime e desafios de segurança durante uma pandemia e home office
Ciber crime e desafios de segurança durante uma pandemia e home officeAnchises Moraes
 
Cyber Cultura em tempos de Coronavírus
Cyber Cultura em tempos de CoronavírusCyber Cultura em tempos de Coronavírus
Cyber Cultura em tempos de CoronavírusAnchises Moraes
 
Hunting bugs - C0r0n4con
Hunting bugs - C0r0n4conHunting bugs - C0r0n4con
Hunting bugs - C0r0n4conAnchises Moraes
 
Fintechs e os desafios de segurança
Fintechs e os desafios de segurançaFintechs e os desafios de segurança
Fintechs e os desafios de segurançaAnchises Moraes
 
5 passos para a Lei Geral de Proteção de Dados (LGPD) - CryptoRave 2019
5 passos para a Lei Geral de Proteção de Dados (LGPD) - CryptoRave 20195 passos para a Lei Geral de Proteção de Dados (LGPD) - CryptoRave 2019
5 passos para a Lei Geral de Proteção de Dados (LGPD) - CryptoRave 2019Anchises Moraes
 
Segurança além do Pentest
Segurança além do PentestSegurança além do Pentest
Segurança além do PentestAnchises Moraes
 
Só o Pentest não resolve!
Só o Pentest não resolve!Só o Pentest não resolve!
Só o Pentest não resolve!Anchises Moraes
 
Carreira em Segurança da Informação
Carreira em Segurança da InformaçãoCarreira em Segurança da Informação
Carreira em Segurança da InformaçãoAnchises Moraes
 
Carta de oposição ao Sindpd 2018
Carta de oposição ao Sindpd 2018Carta de oposição ao Sindpd 2018
Carta de oposição ao Sindpd 2018Anchises Moraes
 
Como se tornar um Jedi na área de Segurança
Como se tornar um Jedi na área de SegurançaComo se tornar um Jedi na área de Segurança
Como se tornar um Jedi na área de SegurançaAnchises Moraes
 
É possível existir segurança para IoT?
É possível existir segurança para IoT?É possível existir segurança para IoT?
É possível existir segurança para IoT?Anchises Moraes
 

Mais de Anchises Moraes (20)

Post pandemics threat scenario
Post pandemics threat scenarioPost pandemics threat scenario
Post pandemics threat scenario
 
Como se proteger na internet
Como se proteger na internetComo se proteger na internet
Como se proteger na internet
 
Fatos, mitos e palpites do cenário de segurança pós-pandemia
Fatos, mitos e palpites do cenário de segurança pós-pandemiaFatos, mitos e palpites do cenário de segurança pós-pandemia
Fatos, mitos e palpites do cenário de segurança pós-pandemia
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data Breach
 
Vamos caçar bugs!?
Vamos caçar bugs!?Vamos caçar bugs!?
Vamos caçar bugs!?
 
Praticas de gestão de segurança
Praticas de gestão de segurançaPraticas de gestão de segurança
Praticas de gestão de segurança
 
Ciber crime e desafios de segurança durante uma pandemia e home office
Ciber crime e desafios de segurança durante uma pandemia e home officeCiber crime e desafios de segurança durante uma pandemia e home office
Ciber crime e desafios de segurança durante uma pandemia e home office
 
Cyber Cultura em tempos de Coronavírus
Cyber Cultura em tempos de CoronavírusCyber Cultura em tempos de Coronavírus
Cyber Cultura em tempos de Coronavírus
 
Hunting bugs - C0r0n4con
Hunting bugs - C0r0n4conHunting bugs - C0r0n4con
Hunting bugs - C0r0n4con
 
Fintechs e os desafios de segurança
Fintechs e os desafios de segurançaFintechs e os desafios de segurança
Fintechs e os desafios de segurança
 
5 passos para a Lei Geral de Proteção de Dados (LGPD) - CryptoRave 2019
5 passos para a Lei Geral de Proteção de Dados (LGPD) - CryptoRave 20195 passos para a Lei Geral de Proteção de Dados (LGPD) - CryptoRave 2019
5 passos para a Lei Geral de Proteção de Dados (LGPD) - CryptoRave 2019
 
Segurança além do Pentest
Segurança além do PentestSegurança além do Pentest
Segurança além do Pentest
 
Só o Pentest não resolve!
Só o Pentest não resolve!Só o Pentest não resolve!
Só o Pentest não resolve!
 
Carreira em Segurança da Informação
Carreira em Segurança da InformaçãoCarreira em Segurança da Informação
Carreira em Segurança da Informação
 
Carta de oposição ao Sindpd 2018
Carta de oposição ao Sindpd 2018Carta de oposição ao Sindpd 2018
Carta de oposição ao Sindpd 2018
 
Segurança na Internet
Segurança na InternetSegurança na Internet
Segurança na Internet
 
Como se tornar um Jedi na área de Segurança
Como se tornar um Jedi na área de SegurançaComo se tornar um Jedi na área de Segurança
Como se tornar um Jedi na área de Segurança
 
Deep Web e Ciber Crime
Deep Web e Ciber CrimeDeep Web e Ciber Crime
Deep Web e Ciber Crime
 
É possível existir segurança para IoT?
É possível existir segurança para IoT?É possível existir segurança para IoT?
É possível existir segurança para IoT?
 
Hacker Passport Brazil
Hacker Passport BrazilHacker Passport Brazil
Hacker Passport Brazil
 

Último

The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 

Último (20)

The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 

IoT Fofoqueiro

Notas do Editor

  1. Licença: http://creativecommons.org/licenses/by-sa/3.0/
  2. Licença: http://creativecommons.org/licenses/by-sa/3.0/ IoT Fofoqueiro Nossos dispositivos IoT não sabem guardar um segredo! Nesta palestra vamos rever vários casos recentes sobre dispositivos de Internet das Coisas que, deliberadamente ou não, revelavam dados pessoais de seus usuários. A Internet das Coisas (do inglês Internet of Things, ou IoT) está cada vez mais presente em nosso dia-a-dia em dispositivos pessoais, computação vestível, automação residencial, carros inteligentes e muito mais. Conforme eles se proliferam, crescem tambem os casos de exposição de dados pessoais. Nessa apresentaçao vamos rever alguns casos interessantes de dispositivos IoT que não tinham os devidos cuidados com privacidade.
  3. Pic source: https://giphy.com/gifs/iot-V5DdDPEPCd4wo
  4. Pic source: https://giphy.com/gifs/yevbel-1AIhcW1oFvt3TsG2kp
  5. Pic source: https://xkcd.com/1912/
  6. Pic source: https://xkcd.com/1966/
  7. Pic source: https://giphy.com/gifs/seal-mJJczeZNee3uw
  8. Pic source:
  9. Pic sources: https://xkcd.com/54/ https://xkcd.com/987/ https://xkcd.com/1989/ https://xkcd.com/927/ http://mitadmissions.org/blogs/entry/what-if-randall-munroe
  10. https://giphy.com/gifs/alcrego-loop-eternal-yoJC2jbP1b6zgZ63zq
  11. https://www.forbes.com/sites/leoking/2014/07/09/smart-home-these-connected-led-light-bulbs-could-leak-your-wi-fi-password/#2a6554c934d0
  12. Context Information Security found that the LIFX mesh network protocol was largely unencrypted, allowing it to "easily dissect the protocol, crop messages to control the light bulbs and replay arbitrary packet payloads". By monitoring packets from the mesh network when adding new bulbs, it was able to identify those which contained Wi-Fi network credentials: when any new bulbs are added, messages are transmitted from the master bulb containing Wi-Fi details. PIC: https://www.lifx.com
  13. Your TV now watching you too! LG Smart TV caught collecting owners' Habits and USB file names https://thehackernews.com/2013/11/your-tv-now-watching-you-too-lg-smart.html https://doctorbeet.blogspot.com.br/2013/11/lg-smart-tvs-logging-usb-filenames-and.html A UK blogger, developer and Linux enthusiast, known only as DoctorBeet has discovered that LG's smart TVs are sending personal information back to the company's servers about what channels you watch and viewing habits. Actually, LG conducts the data collection for its Smart Ad function, which advertisers can use to see when it is best to target their products at the most suitable audience.
  14. Smart Vacuum Cleaners Making Map Of Your Home — And Wants to Sell It https://thehackernews.com/2017/07/irobot-roomba-vacuums.html
  15. https://giphy.com/gifs/roomba-floof-floofin-hmGQKkNaUIgHS During an interview with Reuters, the CEO of iRobot, the company which manufactured Roomba device, has revealed that the robotic vacuum cleaner also builds a map of your home while cleaning — and is now planning to sell this data to third-party companies.
  16. Hackers Could Turn LG Smart Appliances Into Remote-Controlled Spy Robot https://thehackernews.com/2017/10/smart-iot-device-hacking.html Check Point researchers discovered a security vulnerability in LG SmartThinQ smart home devices that allowed them to hijack internet-connected devices like refrigerators, ovens, dishwashers, air conditioners, dryers, and washing machines manufactured by LG. Hackers could even remotely take control of LG's Hom-Bot, a camera-equipped robotic vacuum cleaner, and access the live video feed to spy on anything in the device's vicinity.
  17. https://www.youtube.com/watch?v=BnAHfZWPaCs
  18. Hackers can hijack Wi-Fi Hello Barbie to spy on your children https://www.theguardian.com/technology/2015/nov/26/hackers-can-hijack-wi-fi-hello-barbie-to-spy-on-your-children Security researcher warns hackers could steal personal information and turn the microphone of the doll into a surveillance device It connects to the internet via Wi-Fi and has a microphone to record children and send that information off to third-parties for processing before responding with natural language responses. But US security researcher Matt Jakubowski discovered that when connected to Wi-Fi the doll was vulnerable to hacking, allowing him easy access to the doll’s system information, account information, stored audio files and direct access to the microphone.
  19. https://www.ebay.com/itm/Hello-Barbie-Doll-/322821871976
  20. Police Ask for Amazon Echo Data to Help Solve a Murder Case https://thehackernews.com/2016/12/amazon-echo-murder.html
  21. Collins died on November 21 last year while visiting the house of Bates, his friend from work, in Bentonville, Arkansas. The next morning, Collins' dead body was discovered in a hot tub, and Bates was charged with first-degree murder. As part of the investigation, authorities seized an Amazon Echo device belonging to Bates, among other internet-connected devices in his home, including a water meter, a Nest thermostat, and a Honeywell alarm system. However, due to its always-on feature, it's usual for The police said they were able to extract data from Echo, though it's uncertain what they were able to uncover and how useful that data would be in their investigation.the Echo to activate by mistake and grab snippets of audio that users may not have known was being recorded. Picture: https://www.amazon.co.uk/Amazon-Echo-2nd-Generation-Charcoal-Fabric/dp/B06Y5ZW72J
  22. Collins died on November 21 last year while visiting the house of Bates, his friend from work, in Bentonville, Arkansas. The next morning, Collins' dead body was discovered in a hot tub, and Bates was charged with first-degree murder. As part of the investigation, authorities seized an Amazon Echo device belonging to Bates, among other internet-connected devices in his home, including a water meter, a Nest thermostat, and a Honeywell alarm system. However, due to its always-on feature, it's usual for The police said they were able to extract data from Echo, though it's uncertain what they were able to uncover and how useful that data would be in their investigation.the Echo to activate by mistake and grab snippets of audio that users may not have known was being recorded.
  23. Court Documents Reveal How Feds Spied On Connected Cars For 15 Years https://thehackernews.com/2017/01/cartapping-connected-cars.html
  24. https://thehackernews.com/2017/01/cartapping-connected-cars.html
  25. https://thehackernews.com/2017/01/cartapping-connected-cars.html
  26. WikiLeaks: The CIA is using popular TVs, smartphones and cars to spy on their owners https://www.washingtonpost.com/news/the-switch/wp/2017/03/07/why-the-cia-is-using-your-tvs-smartphones-and-cars-for-spying/
  27. http://www.wired.co.uk/article/cia-files-wikileaks-vault-7 https://www.nytimes.com/2017/03/07/world/europe/wikileaks-cia-hacking.html
  28. https://www.youtube.com/watch?v=P2_ZWKwM5Bw Published on Mar 9, 2017
  29. Fitness tracking app Strava gives away locate https://www.theguardian.com/world/2018/jan/28/fitness-tracking-app-gives-away-location-of-secret-us-army-baseson of secret US army bases
  30. Sensitive information about the location and staffing of military bases and spy outposts around the world has been revealed by a fitness tracking company. The details were released by Strava in a data visualisation map that shows all the activity tracked by users of its app, which allows people to record their exercise and share it with others. The map, released in November 2017, shows every single activity ever uploaded to Strava – more than 3 trillion individual GPS data points, according to the company. The app can be used on various devices including smartphones and fitness trackers like Fitbit to see popular running routes in major cities, or spot individuals in more remote areas who have unusual exercise patterns.
  31. E aí, eu pergunto....
  32. Fonte: http://giphy.com/gifs/design-tech-dogs-cXJ24Lb6zdk1G
  33. https://www.facebook.com/photo.php?fbid=10102910644965951&set=a.612287952871.2204760.4&type=3&theater https://anchisesbr.blogspot.com.br/2016/06/seguranca-tampem-suas-cameras-e-seus.html https://pt.aliexpress.com/item/Nova-Webcam-Capa-Ultra-Fina-Slide-Tampa-Da-C-mera-Protetor-de-Privacidade-Para-O-Port/32842031705.html https://www.amazon.com/dp/B01LPQJGA2/?coliid=I3IJ8L3Y9LF7N&colid=21MF02T3NN81A&ref_=lv_ov_lig_dp_it&th=1
  34. Fonte: https://thehackernews.com/2016/10/ddos-attack-mirai-iot.html