The Internet of Hackable Things

Dojo by BullGuard

• The market leading IoT security platform for CSPs

• Dojo delivers advanced IoT security and parental control service

• Dojo’s intelligent IoT security Platform (DIP) detects and mitigates a wide range of

IoT-related cyber threats

© Copyrights 2016. Dojo Labs by BullGuard®. All rights reserved. Proprietary and Confidential.

The State of IoT Security

© Copyrights 2016. Dojo Labs by BullGuard®. All rights reserved. Proprietary and Confidential.

Ring Video Doorbell

• Smart doorbell, allowing users to monitor and operate doors remotely

• Two way audio communication and one way video communication

• Users can open the door remotely via separate lock app

• WIFI connectivity

© Copyrights 2016. Dojo Labs by BullGuard®. All rights reserved. Proprietary and Confidential.

Hacking Ring Video Doorbell

Normal operation

Hacked

• ARP poisoning the router using arpspoof tool

• Collecting RTP traffic using rtpdump tool

• Duplicating the traffic arriving to the attacking computer using iptables

Ring Doorbell Hack – Step 1

© Copyrights 2016. Dojo Labs by BullGuard®. All rights reserved. Proprietary and Confidential.

Ring Doorbell Hack – Step 2

• ARP poisoning the router using arpspoof tool

• Blocking the traffic to the user app using iptables

• Streaming the stored video capture to the app using rtpsend

© Copyrights 2016. Dojo Labs by BullGuard®. All rights reserved. Proprietary and Confidential.

Ring Video Doorbell Hack Summary

• Most IoT devices are vulnerable to cyberattacks, and not only the poorly designed ones

• Vulnerability derived risks:

• Denial of Service

• Privacy breach

• Physical risk

• The IoT industry must act on securing the connected world

© Copyrights 2016. Dojo Labs by BullGuard®. All rights reserved. Proprietary and Confidential.

Thank You!