1

The Internet-of-Insecure-ThingsCauses, Trends and Responses

( @ RIPE 77 )

Arman Noroozian( Economics of Cybersecurity, TPM, @TU DelG, Netherlands )

https://xkcd.com/1966/

2

3https://www.ncta.com/sites/default/files/platform-images/wp-content/uploads/2014/05/growth-of-internet-of-things-hero-1024x585.jpg

NCTA — The Internet & Television Association

4

Whole Lo(a Ques-ons Raised!!• How?• How did we get into this mess?• How do we get out of this mess?

5

How did we get here?• Fragmented landscape• Vendors without competence or incen5ves• Lack of visibility into which ‘things’ fail• Dependencies in value chains

6

How do we get out of it?(Mopping While the Tap is S8ll Running)

7

► Awareness raising(but don’t blame the victim)

► Monitoring and transparency(name, shame, and praise)

► Certifications and standards (FTC fining ASUS, D-Link)

► Liability, duty to care(make vendors bear the cost)

► Intermediary Role(ask ISPs to cut off access)

► Strengthening user rights(opt in, data minimization)

Governance Strategies Being Discussed

8

► Awareness raising(but don’t blame the victim)

► Monitoring and transparency(name, shame, and praise)

► Certifications and standards (FTC fining ASUS, D-Link)

► Liability, duty to care(make vendors bear the cost)

► Intermediary Role(ask ISPs to cut off access)

► Strengthening user rights(opt in, data minimization)

Governance Strategies

9

Where are the hacked devices?

10

Monitoring IoT compromise• Honeypot infrastructure with Yokohama Na6onal

University (Japan)

• Emulated and physical devices

• Port 22, 23, 80, 8080, 53413, …

• Log interac6ons, scan back, aLacking devices

11

Who operates the network?

12

Infec&on rates across ISPs

13

Who operates the network (NL)?hosting3%

isp-broadband54%

isp-mobile1%

isp-other13%

NULL27%

other-intermediary2%

14

Cleaning IoT Devices (KPN)• Walled Garden• Cutting off access to infected devices• 1736 quarantining actions • 1208 customers• 50% clean infections• Most quarantined once

Let Me Out! Evaluating the Effectiveness of Quarantining Compromised Users in Walled Gardens. Orçun Çetin, Lisette Altena, Carlos Gañán, Michel van Eeten. In SOUPS 2018

15

Cleaning IoT Devices (Cont.)• Randomized Control

Experiment• 220 Customers

16

Cleaning IoT Devices (Cont.)• Randomized Control Experiment• 92% Cleaned• In 14 days!

17

► Awareness raising(but don’t blame the vic7m)

► Monitoring and transparency(name, shame, and praise)

► Cer7fica7ons and standards (FTC fining ASUS, D-Link)

► Liability, duty to care(make vendors bear the cost)

► Intermediary Role(ask ISPs to cut off access)

► Strengthening user rights(opt in, data minimization)

In ConclusionNetwork operators can significantly help

18

Future Research

MINIONS - Mi#gatINg IOt-based DDoS a3acks via the DNS

19

CPE

DVR

Environment Monitoring Unit

EOC

EOC Slave

Firewall

Gateway

HVR

IP Camera

mobile router

Modem

Motherboard

NAS

NVR

Router

Security Appliances

Set-Top-Box

USB Device Server

Web Accelerator and SSL appliance

Web Camera

Web Camera/DVR

Wi-Fi Disk

AR BG BR CA CL CN CO CR EG ES FR GB ID IL IN IR IT KR MD MX MY PH PK PL RO RU TH TR TT TW UA US VE VN ZA

100

1,000

5,000

20,000# Devices

20

Thank you!

Follow our research onhttps://www.tudelft.nl/cybersecurity