Abstract image of a woman sitting on books and studying on a laptop

Mark de Groot - Meetup: Help Mijn IoT-device wordt gehackt?

IoT Academy, profile picture
IoT Academy

The document discusses the concept of smart cities, emphasizing the importance of secure implementation of IoT technology to enhance urban living. It outlines the stages of cyber intrusion and addresses challenges in cybersecurity, architecture, and vulnerability management in the context of smart city development. Additionally, it highlights the necessity for regular security assessments and fostering collaboration between cybersecurity professionals and organizations.

Technology
Related topics:
Information Security
1 of 21
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
KPN REDTEAM Be Smart Be Secure
KPN REDTEAM What is a Smart City? Using modern ICT and IoT technology in a secure way to manage a city’s asset and improve urban space with interaction with citizens to increase quality of life
KPN REDTEAM Implementations: • Lanterns • Industrial Cooling • Smart waste • Legionella detector • Street cover • Sea pumps • Bike • Luxury asset • Solar Panel • Smart office space • Parking • Transport management • Health sector • City information
KPN REDTEAM
KPN REDTEAM Kill Chain Stages of a Target Cyber Intrusion Stage Action Methodology Stage 1 Reconnaissance Harvesting Email Addresses, Social Networking, Passive Search, IP Port Scanning Weaponization Developing Exploit with Payload Creation, Malware, Delivery systems, Decoys Delivery Spear Phishing, Infected Website, Service Provider, USB Stage 2 Exploitation Activation, Execute Code, Establish Foothold, 3rd party Exploitation Installation Trojan or Backdoor, Escalate Privileges, Root Kit, Establish Persistence Stage 3 Command & Control Command Channel, Lateral Movement, Internal Recon, Maintain Persistence Actions on Target Expand Compromise, Consolidate Persistence, identify Targets, Data Ex-filtration
KPN REDTEAM
KPN REDTEAM
KPN REDTEAM
KPN REDTEAM Some of the challenges Contracts What about cyber security and privacy? Development With all of the technology and standards how can we make this secure? Monitor How can we monitor attacks and unusual behavior? Architecture Can we scale the architecture for the long term? And what about multiple layers of defense? Maintain How can we update and manage so many devices?
KPN REDTEAM Contract challenges How does cyber security fit into a 30 year contract?
KPN REDTEAM Development challenges Extensive—but not exhaustive—list of Internet of Things (IoT) protocols: Bluetooth BLE ZigBee Z-Wave 6LoWPAN Thread WiFi-ah (HaLow) 2G (GSM) 3G & 4G LTE Cat 0, 1, & 3 LTE-M1 NB-IoT 5G NFC RFID SigFox LoRaWAN Ingenu Weightless-W ANT & ANT+ DigiMesh MiWi EnOcean Dash7 The application shall communicate with mobiles, cloud, data hub and sensors from all of our suppliers. Oh yeah, it must be secure and we need it next week
KPN REDTEAM Architecture challenges How flexible is our architecture with the amount of growing devices and standards? How to deal with segmentation to reduce risks in case of a compromise?
KPN REDTEAM Vulnerability management How do we perform patch management? Can we reduce the life time of a sensor?
KPN REDTEAM REDteaming model Level 3 Level 2 Level 1 Cyber Zero knowledge Physical Zero knowledge Human Zero knowledge Cyber Limited insider Physical Limited insider Human Limited insider Cyber Trusted insider Physical Trusted insider Human Trusted insider Target
KPN REDTEAM Elements of REDteaming A red team exercise simulates criminal activity to challenge a company on their social, technical, and physical defenses: Physical Finding weaknesses in your physical defenses • Gaining unauthorized access to buildings and area’s • Tailgating, • Badge ID’s • Drones • Lock picking doors Cyber Finding weaknesses in your technical defenses • Gaining unauthorized access to your infrastructure and your data • Malware attack • Password brute force on all systems Human Finding weaknesses in your social defenses • Gaining unauthorized access through your employees • Social engineering • Infected USB sticks • Excuses to gain access • Gain trust from employees
KPN REDTEAM
KPN REDTEAM Take away • Embed security into the DNA of smart city development • Hug the hackers and promote responsible disclosure • Perform regular REDteam/simulation exercises
KPN REDTEAM • Twee losse arduino’s • De rechter heeft een temp sensor • De linker heeft een LCD scherm • Middels 433 mhz verbinding wordt de temperatuur verzonden.
KPN REDTEAM GQRX • De signaal kunnen we capturen met een SDR software defined Radio • Het signaal recorden en vervolgens analyseren
KPN REDTEAM Audacity • Het signaal heeft een binary structuur • De temperatuur is 22 graden 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 01 1 0
KPN REDTEAM Thank you Mark de Groot TeamLead KPN REDteam markdegroot@kpn.com IoT is all about the application and infrastructure and it must be secure from the start and into the future

More Related Content

PPTX
Security Impact of Data Visibility - Your New 90-Second Superpower
ThinAir
 
PPTX
Irdeto Spokesman Yuan Xiang Gu Speaks At ISI SSP Beijing 2011
EASTWEST Public Relations
 
PPTX
Mobile device forensics
Suresh Kumar
 
PPT
Why Risk Management is Impossible
Richard Stiennon
 
PPTX
Physical Security and Digital Security
PLN9 Security Services Pvt. Ltd.
 
PPTX
Modern Cyber Threat Protection techniques for Enterprises
Abhinav Biswas
 
PDF
Security News Bytes
Raghunath G
 
PPTX
BRIDGING THE KNOWLEDGE GAP: From Higher Institution Theory to Real Life Pract...
Segun Ebenezer Olaniyan
 
Security Impact of Data Visibility - Your New 90-Second Superpower
ThinAir
 
Irdeto Spokesman Yuan Xiang Gu Speaks At ISI SSP Beijing 2011
EASTWEST Public Relations
 
Mobile device forensics
Suresh Kumar
 
Why Risk Management is Impossible
Richard Stiennon
 
Physical Security and Digital Security
PLN9 Security Services Pvt. Ltd.
 
Modern Cyber Threat Protection techniques for Enterprises
Abhinav Biswas
 
Security News Bytes
Raghunath G
 
BRIDGING THE KNOWLEDGE GAP: From Higher Institution Theory to Real Life Pract...
Segun Ebenezer Olaniyan
 

What's hot (20)

PPTX
Weaponizing the Nokia N900 -- TakeDownCon, Dallas, 2011
shawn_merdinger
 
PPTX
Wireless Networking
jvonschilling
 
PPT
Nguyen nielsenkim palmvein
Nikhila07
 
PDF
Securing IoT Applications
WSO2
 
PPTX
The New frontiers in Information Security
Vineet Sood
 
PPTX
IoT Security
Tim Groenwals
 
ODP
Ethical hacking for beginners and professionals
Hackingmantra
 
PDF
Securing Internet of Things
Swapnil Deshmukh
 
PPTX
Embedded Systems: Future trends, Employer Expectations
Career Communications Group
 
PPTX
Privacy and Security in the Internet of Things
Jeff Katz
 
PDF
Man in the Binder
nitayart
 
PDF
Blackhat USA Mobile Security Panel 2011
Tyler Shields
 
PDF
MacIT 2014
tperfitt
 
PPTX
Cyber Crime
Waqas Abbasi
 
PDF
DARPA: Cyber Analytical Framework (Kaufman)
Michael Scovetta
 
PDF
iOS Threats - Malicious Configuration Profiles, Threat, Detection & Mitigation
Lacoon Mobile Security
 
DOCX
Markbrakent war
kent neri
 
PPTX
The value of Deep Instinct’s prediction model – Copy Cat Test Case
Ally Benoliel
 
PDF
Black Hat USA 2014 - A Practical Attack Against Virtual Desktop Infrastructur...
Lacoon Mobile Security
 
PPTX
Digital Watermarking Report
OECLIB Odisha Electronics Control Library
 
Weaponizing the Nokia N900 -- TakeDownCon, Dallas, 2011
shawn_merdinger
 
Wireless Networking
jvonschilling
 
Nguyen nielsenkim palmvein
Nikhila07
 
Securing IoT Applications
WSO2
 
The New frontiers in Information Security
Vineet Sood
 
IoT Security
Tim Groenwals
 
Ethical hacking for beginners and professionals
Hackingmantra
 
Securing Internet of Things
Swapnil Deshmukh
 
Embedded Systems: Future trends, Employer Expectations
Career Communications Group
 
Privacy and Security in the Internet of Things
Jeff Katz
 
Man in the Binder
nitayart
 
Blackhat USA Mobile Security Panel 2011
Tyler Shields
 
MacIT 2014
tperfitt
 
Cyber Crime
Waqas Abbasi
 
DARPA: Cyber Analytical Framework (Kaufman)
Michael Scovetta
 
iOS Threats - Malicious Configuration Profiles, Threat, Detection & Mitigation
Lacoon Mobile Security
 
Markbrakent war
kent neri
 
The value of Deep Instinct’s prediction model – Copy Cat Test Case
Ally Benoliel
 
Black Hat USA 2014 - A Practical Attack Against Virtual Desktop Infrastructur...
Lacoon Mobile Security
 
Digital Watermarking Report
OECLIB Odisha Electronics Control Library
 

Similar to Mark de Groot - Meetup: Help Mijn IoT-device wordt gehackt? (20)

PDF
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Angeloluca Barba
 
PDF
Cybersecurity Risk from User Perspective
AvinantaTarigan
 
PDF
Soc analyst course content
ShivamSharma909
 
PDF
Soc analyst course content v3
ShivamSharma909
 
PDF
Tecomex Forensics Brochure 2014
Dr. Idris Ahmed
 
PDF
Cyber intelligence for corporate security
G3 intelligence Ltd
 
PPTX
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Abhinav Biswas
 
PPTX
Domain 2 of CEH v11 Reconnaissance Techniques (21%).pptx
Infosectrain3
 
PDF
What You’ll Learn in a Cybersecurity Course
stephannedumpally09
 
PDF
Cyber Defense - How to be prepared to APT
Simone Onofri
 
PDF
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Jiunn-Jer Sun
 
PPTX
Avila 3 b
Michael Chastain
 
PDF
Compliance made easy. Pass your audits stress-free.
AlgoSec
 
PPTX
2012 Reenergize the Americas 3B: Angel Avila
Reenergize
 
PPTX
Workshop on Cyber security and investigation
Shekh Md Mehedi Hasan
 
PPTX
LoginCat - Zero Trust Integrated Cybersecurity
Rohit Kapoor
 
PPTX
IoT Security, Threats and Challenges By V.P.Prabhakaran
Koenig Solutions Ltd.
 
PDF
Io t security defense in depth charles li v1 20180425c
Charles Li
 
PPTX
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
SuhailShaik16
 
PPTX
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
IBM Security
 
Lessons Learned Fighting Modern Cyberthreats in Critical ICS Networks
Angeloluca Barba
 
Cybersecurity Risk from User Perspective
AvinantaTarigan
 
Soc analyst course content
ShivamSharma909
 
Soc analyst course content v3
ShivamSharma909
 
Tecomex Forensics Brochure 2014
Dr. Idris Ahmed
 
Cyber intelligence for corporate security
G3 intelligence Ltd
 
Touring the Dark Side of Internet: A Journey through IOT, TOR & Docker
Abhinav Biswas
 
Domain 2 of CEH v11 Reconnaissance Techniques (21%).pptx
Infosectrain3
 
What You’ll Learn in a Cybersecurity Course
stephannedumpally09
 
Cyber Defense - How to be prepared to APT
Simone Onofri
 
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Jiunn-Jer Sun
 
Avila 3 b
Michael Chastain
 
Compliance made easy. Pass your audits stress-free.
AlgoSec
 
2012 Reenergize the Americas 3B: Angel Avila
Reenergize
 
Workshop on Cyber security and investigation
Shekh Md Mehedi Hasan
 
LoginCat - Zero Trust Integrated Cybersecurity
Rohit Kapoor
 
IoT Security, Threats and Challenges By V.P.Prabhakaran
Koenig Solutions Ltd.
 
Io t security defense in depth charles li v1 20180425c
Charles Li
 
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
SuhailShaik16
 
Nowhere to Hide: Expose Threats in Real-time with IBM QRadar Network Insights
IBM Security
 

More from IoT Academy (20)

PDF
Online meetup 28 mei | IoT Academy
IoT Academy
 
PDF
KVK meetup januari 2020 | IoT Academy
IoT Academy
 
PDF
IoT Academy Meetup Januari 2020 | ABN Amro & Firmhouse
IoT Academy
 
PPTX
Smart Building - Wageningen University & Research | IoT Meetup November 2019
IoT Academy
 
PDF
Lonely Rooftop | IoT Academy Meetup November 2019
IoT Academy
 
PDF
IoT Update Oktober 2019 | Paul Coppes @ KPN | De do's en don'ts als je start ...
IoT Academy
 
PDF
IoT Update Oktober 2019 | Irene Barten @Munisense | Online & Real-time metingen
IoT Academy
 
PDF
IoT Update Oktober 2019 | Sijmen Ruwhof @KPN | Huidige staat van IoT Cyber S...
IoT Academy
 
PDF
IoT Update Oktober 2019 | Jan Depping @Microsoft | The next step in IoT
IoT Academy
 
PDF
IoT Update Oktober 2019 | Industrie 4.0 en nu?
IoT Academy
 
PDF
IoT Update oktober 2019 | Introductie van IoT educatie kit
IoT Academy
 
PDF
IoT Update Oktober 2019 | Pedro de Smit @Clickey Solutions |
IoT Academy
 
PDF
IoT Update Oktober 2019 | Titia Houwing @KPN | De rol van 5G in een verbonden...
IoT Academy
 
PDF
IoT Update | Hoe implementeer je IoT Schaalbaar in je IT landschap
IoT Academy
 
PDF
IoT Update Oktober 2019 | Wilfred Harbers CTO Benelux @ Software AG | Edge co...
IoT Academy
 
PDF
IoT Meetup September 2019
IoT Academy
 
PDF
Lte-m Sierra Wireless V1
IoT Academy
 
PDF
IoT Academy Meetup - LTE-M: wat kun je ermee?
IoT Academy
 
PDF
Whitepaper IoT Platformen
IoT Academy
 
PDF
IoT meetup september 2017
IoT Academy
 
Online meetup 28 mei | IoT Academy
IoT Academy
 
KVK meetup januari 2020 | IoT Academy
IoT Academy
 
IoT Academy Meetup Januari 2020 | ABN Amro & Firmhouse
IoT Academy
 
Smart Building - Wageningen University & Research | IoT Meetup November 2019
IoT Academy
 
Lonely Rooftop | IoT Academy Meetup November 2019
IoT Academy
 
IoT Update Oktober 2019 | Paul Coppes @ KPN | De do's en don'ts als je start ...
IoT Academy
 
IoT Update Oktober 2019 | Irene Barten @Munisense | Online & Real-time metingen
IoT Academy
 
IoT Update Oktober 2019 | Sijmen Ruwhof @KPN | Huidige staat van IoT Cyber S...
IoT Academy
 
IoT Update Oktober 2019 | Jan Depping @Microsoft | The next step in IoT
IoT Academy
 
IoT Update Oktober 2019 | Industrie 4.0 en nu?
IoT Academy
 
IoT Update oktober 2019 | Introductie van IoT educatie kit
IoT Academy
 
IoT Update Oktober 2019 | Pedro de Smit @Clickey Solutions |
IoT Academy
 
IoT Update Oktober 2019 | Titia Houwing @KPN | De rol van 5G in een verbonden...
IoT Academy
 
IoT Update | Hoe implementeer je IoT Schaalbaar in je IT landschap
IoT Academy
 
IoT Update Oktober 2019 | Wilfred Harbers CTO Benelux @ Software AG | Edge co...
IoT Academy
 
IoT Meetup September 2019
IoT Academy
 
Lte-m Sierra Wireless V1
IoT Academy
 
IoT Academy Meetup - LTE-M: wat kun je ermee?
IoT Academy
 
Whitepaper IoT Platformen
IoT Academy
 
IoT meetup september 2017
IoT Academy
 

Recently uploaded (20)

PPTX
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
PPT
Module 1.ppt Iot fundamentals and Architecture
nanditha7766
 
PDF
A Late Bloomer's Guide to GenAI: Ethics, Bias, and Effective Prompting - Boha...
Mindy Bohannon
 
PDF
Hybrid horned lizard optimization algorithm-aquila optimizer for DC motor
IAESIJAI
 
PDF
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
PDF
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
PDF
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
PPTX
observCloud-Native Containerability and monitoring.pptx
anupsingh76937
 
PPTX
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
PPTX
Benefits of Physical activity for teenagers.pptx
Nokwanda Thabethe
 
PDF
Hybrid model detection and classification of lung cancer
IAESIJAI
 
PDF
sustainability-14-14877-v2.pddhzftheheeeee
VenkateshGovindaraja9
 
PDF
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
PDF
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
PDF
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
PDF
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
PDF
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
PPT
What is a Computer? Input Devices /output devices
GulJan8
 
PDF
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
rameswartudu05
 
PDF
Five Habits of High-Impact Board Members
OnBoard
 
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
Module 1.ppt Iot fundamentals and Architecture
nanditha7766
 
A Late Bloomer's Guide to GenAI: Ethics, Bias, and Effective Prompting - Boha...
Mindy Bohannon
 
Hybrid horned lizard optimization algorithm-aquila optimizer for DC motor
IAESIJAI
 
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
observCloud-Native Containerability and monitoring.pptx
anupsingh76937
 
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
Benefits of Physical activity for teenagers.pptx
Nokwanda Thabethe
 
Hybrid model detection and classification of lung cancer
IAESIJAI
 
sustainability-14-14877-v2.pddhzftheheeeee
VenkateshGovindaraja9
 
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
What is a Computer? Input Devices /output devices
GulJan8
 
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
rameswartudu05
 
Five Habits of High-Impact Board Members
OnBoard
 

Mark de Groot - Meetup: Help Mijn IoT-device wordt gehackt?

  • 2. KPN REDTEAM What is a Smart City? Using modern ICT and IoT technology in a secure way to manage a city’s asset and improve urban space with interaction with citizens to increase quality of life
  • 3. KPN REDTEAM Implementations: • Lanterns • Industrial Cooling • Smart waste • Legionella detector • Street cover • Sea pumps • Bike • Luxury asset • Solar Panel • Smart office space • Parking • Transport management • Health sector • City information
  • 5. KPN REDTEAM Kill Chain Stages of a Target Cyber Intrusion Stage Action Methodology Stage 1 Reconnaissance Harvesting Email Addresses, Social Networking, Passive Search, IP Port Scanning Weaponization Developing Exploit with Payload Creation, Malware, Delivery systems, Decoys Delivery Spear Phishing, Infected Website, Service Provider, USB Stage 2 Exploitation Activation, Execute Code, Establish Foothold, 3rd party Exploitation Installation Trojan or Backdoor, Escalate Privileges, Root Kit, Establish Persistence Stage 3 Command & Control Command Channel, Lateral Movement, Internal Recon, Maintain Persistence Actions on Target Expand Compromise, Consolidate Persistence, identify Targets, Data Ex-filtration
  • 9. KPN REDTEAM Some of the challenges Contracts What about cyber security and privacy? Development With all of the technology and standards how can we make this secure? Monitor How can we monitor attacks and unusual behavior? Architecture Can we scale the architecture for the long term? And what about multiple layers of defense? Maintain How can we update and manage so many devices?
  • 10. KPN REDTEAM Contract challenges How does cyber security fit into a 30 year contract?
  • 11. KPN REDTEAM Development challenges Extensive—but not exhaustive—list of Internet of Things (IoT) protocols: Bluetooth BLE ZigBee Z-Wave 6LoWPAN Thread WiFi-ah (HaLow) 2G (GSM) 3G & 4G LTE Cat 0, 1, & 3 LTE-M1 NB-IoT 5G NFC RFID SigFox LoRaWAN Ingenu Weightless-W ANT & ANT+ DigiMesh MiWi EnOcean Dash7 The application shall communicate with mobiles, cloud, data hub and sensors from all of our suppliers. Oh yeah, it must be secure and we need it next week
  • 12. KPN REDTEAM Architecture challenges How flexible is our architecture with the amount of growing devices and standards? How to deal with segmentation to reduce risks in case of a compromise?
  • 13. KPN REDTEAM Vulnerability management How do we perform patch management? Can we reduce the life time of a sensor?
  • 14. KPN REDTEAM REDteaming model Level 3 Level 2 Level 1 Cyber Zero knowledge Physical Zero knowledge Human Zero knowledge Cyber Limited insider Physical Limited insider Human Limited insider Cyber Trusted insider Physical Trusted insider Human Trusted insider Target
  • 15. KPN REDTEAM Elements of REDteaming A red team exercise simulates criminal activity to challenge a company on their social, technical, and physical defenses: Physical Finding weaknesses in your physical defenses • Gaining unauthorized access to buildings and area’s • Tailgating, • Badge ID’s • Drones • Lock picking doors Cyber Finding weaknesses in your technical defenses • Gaining unauthorized access to your infrastructure and your data • Malware attack • Password brute force on all systems Human Finding weaknesses in your social defenses • Gaining unauthorized access through your employees • Social engineering • Infected USB sticks • Excuses to gain access • Gain trust from employees
  • 17. KPN REDTEAM Take away • Embed security into the DNA of smart city development • Hug the hackers and promote responsible disclosure • Perform regular REDteam/simulation exercises
  • 18. KPN REDTEAM • Twee losse arduino’s • De rechter heeft een temp sensor • De linker heeft een LCD scherm • Middels 433 mhz verbinding wordt de temperatuur verzonden.
  • 19. KPN REDTEAM GQRX • De signaal kunnen we capturen met een SDR software defined Radio • Het signaal recorden en vervolgens analyseren
  • 20. KPN REDTEAM Audacity • Het signaal heeft een binary structuur • De temperatuur is 22 graden 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 01 1 0
  • 21. KPN REDTEAM Thank you Mark de Groot TeamLead KPN REDteam markdegroot@kpn.com IoT is all about the application and infrastructure and it must be secure from the start and into the future