IoT Honeypots and Rogue Appliances

Presented at Diana Initiative 2020 Virtual, Aug. 22, 2020, 9 a.m. (60 minutes).

Honeypots AND IoT security, all in one place? Yes, why YES I tell you, and this is it! Oh sure, honeypots are not new, but how they are used is what makes this talk just a little bit different. Presented for your viewing pleasure will be IoT specific honeypot configurations, some deployed with k8s (some not) and how they are used to not only trap attacks against your IoT devices but also detect attacks FROM a compromised IoT device. Introduction - who I am and where this idea came from (2 mins) Introduction to IoT devices and why they continue to be a serious issue with consumer and corporate security. I will discuss the 5 verticals of IoT devices while focusing on some of the typical attacks that have been used in the past few years. It is important to understand why vendors produce insecure devices and that they will continue to do so. (3 mins) Introduction to Honeypots and key issues with planning, architecture and deployment. One of the biggest issues with honeypots is not setting them up, but using them the right way. Now referred to as “deception tech”, honeypots can provide a level of detection and defense against rogue IoT devices. Several examples will be presented with recorded sessions (or live demos if the demo gods are in a good mood) showing how to plan and deploy the right honeypots to the right environments. (5 mins) Now for the fun! In this next section I will show IoT honeypots used for protection in the wild. The wild will consist of your home network, corp network, and even deployed in DMZs and other locations. Several examples of how honeypots were used to detect “angry appliances” doing things they should not have been doing will be shown. A more recent example in my own private home network will show how an intelligent thermostat was found to be scanning the network. This sections gets fun with various devices from light bulbs, IoT hubs and more. (10 mins) Summary and Key Takeaways - Here I bring it all to a conclusion by providing key takeaways for the How and the Whys of planning and deployment and what to expect from private and hostile environments. The key point here is that attendees will walk away with real tools and ideas to use right away and not just some theory. This is actually a detailed section reviewing key points of the takeaways, not just a summary slide (10 mins) Q&A - (5 mins) 5 minutes to spare from a 40 minute session!! Woo Hoo! Demos will make this fun, with one live and a couple of recorded demos to cap it all off. Key takeaways: 1. Different levels of IoT devices 2. Threat modeling techniques for IoT devices 3. Honeypots and deception tech - not your mother’s honeypot 4. Planning stages - this is CRITICAL for successful deployment 5. Setting up collectors/SIEM for analysis 6. CCAD

Presenters:

  • Kat Fitzgerald - Google
    Based in Seattle and a natural creature of winter, you can typically find me sipping Grand Mayan Extra Anejo whilst simultaneously defending my systems using OSS, magic spells and Dancing Flamingos. Honeypots & Refrigerators are a few of my favorite things! Fun Fact: I rescue Feral Pop Tarts and have the only Pop Tart Sanctuary in the Seattle area.

Links:

Similar Presentations: