Won’t Get Fooled Again: The expected future of IoT malware and what to do about it.

BSidesNOVA 2017

Presented by: Blaine Mulugeta, Marc Schneider
Date: Saturday February 25, 2017
Time: 15:00 - 16:00
Location: Auditorium
Track: Track 1

Internet of Things (IoT) devices differ from computers, in that their main function isn’t to compute. However, it stands that computation is a means to an end for these devices. This ability has revealed that IoT devices are able to be exploited through vulnerabilities analogous to that of computer systems. George Santayana famously said “Those who cannot remember the past are condemned to repeat it.” It has been over 45 years since the first known instance of a computer worm was written. Yet in the fall of 2016, the Mirai worm spread between IoT devices by exploiting a vulnerability known since the early 1960’s. Are we condemned to repeat the cybersecurity mistakes of the past?

Security of IoT devices is often forerunner of design and features/capabilities for many developers. Nevertheless, with the popularity and maturity of IoT devices rising steadily, and so much at stake, it is important to be proactive when securing this space. By reviewing the history of malware, defenses deployed to thwart it, and malware’s evolution to defeat these defenses on earlier platforms, we will be able to discuss what can be done to prevent repeating these mistakes with IoT. We will also present best practices that can be utilized to strengthen security against recent IoT attacks.

Marc Schneider

Marc Schneider has over 20 years of experience in network engineering and cybersecurity in both the public and private sector. In 2001, as a consultant to the research arm of personal digital assistant (PDA) and cell phone manufacturer Palm Inc., Marc pioneered what would later grow to become the Internet of Things (IoT), prototyping a home automation system which could be controlled from a cell phone or PDA. Other work includes efficient implementation of cryptography algorithms on power constrained embedded devices, and research on secure telemedicine protocols. Marc is a co-inventor on several patents in the areas of automated analysis of network and application data, and network packet capture. Marc is currently a Principal Cybersecurity Engineer for The MITRE Corporation’s National Cybersecurity FFRDC (NCF). The NCF supports the National Institute of Standards and Technology’s National Cybersecurity Center of Excellence, where Marc operates an Internet of Things research laboratory, and is the principal investigator on a research project studying cybersecurity challenges emerging from complex IoT systems of systems. In addition to this role, he supports projects on Smart Homes, and the Internet of Medical Things. Marc holds a Bachelor of Science from Case Western Reserve University and a Master of Science from Columbia University, both in Electrical Engineering.

Blaine Mulugeta

Blaine is currently working as a Multi-Disciplinary Engineer at the MITRE Corporation. She recently obtained her Bachelor’s degree in Computer Science with a focus in Cyber Security from Towson University. During her short time at MITRE she has begun work in support of the National Cybersecurity Center of Excellence, where she has been supporting the implementation of risk based multifactor authentication solution for e-commerce transactions, as well as partaking in work related to Internet of Things devices. In her spare time she enjoys biking the trails at the Potomac falls and is a volunteer foster-parent with the Dogs Deserve Better organization.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats