Scare stories around the Internet of Things (IoT) conjure up images of bad guys in hoodies, living for hacking and making the lives of other people harder, inventing millions of ways to infiltrate your life through your gadgets. Probably nobody cares about his smart-home security, but what about Smart-City threats, which affect billions people? A huge number of public IoT devices are vulnerable for potential abuse, potentially endangering users’ data, networks of companies they belong to, or both. Based on research of various public devices, such as terminals and cameras, we offer a methodology for security analysis of these devices, which would answer the following questions:
How easy it is to compromise a terminal in the park? What can hackers steal from there? What can be done with hacked device? How can the internal network of the installer organization be penetrated? How to protect public devices from attacks? How to protect public devices from attacks?
Vladimir graduated from Ural State Technical University with a degree in information security of telecommunication systems. He started his career as a security engineer at Russian Federal Space Agency. His research interests are pentesting, ICS, security audits, security of different unusual things (like smart toys, TVs, smart city infrastructure) and threat intelligence. Vladimir is a part of Critical Infrastructure Defense Team (CID-Team) in Kaspersky Lab
Denis Makrushin is an expert of the Global Research and Analysis Team at Kaspersky Lab. He graduated from the Information Security Faculty of National Research Nuclear University MEPhI (Moscow Engineering Physics Institute). Specializes in analysis of possible threats and follows the Offensive Security philosophy. Denis has gained an extensive experience in information security; was engaged in penetration testing and security auditing of corporate web applications, stress testing of information and banking systems for exposure to DDoS attacks; helped to organize and conduct an international forum on practical security. At this time, he continues his researches “Targetted Attack detection based on Game Theory methods” in graduate school of MEPhI.