将基于蜂窝网络的物联网技术武器化——利用智能设备获取立足点.pdf

1、#BHUSA BlackHatEventsWeaponization Of CellularWeaponization Of CellularBased IoT TechnologyBased IoT TechnologyLeveraging Smart Devices to Gain a FootholdDeral Heiland&Carlota Bindner#BHUSA BlackHatEventsDeral Heiland Principal Security Research(IoT),Rapid7deral_percent_xCarlota BindnerLead Product

2、Security ResearcherThermo Fisher Scientificcarlotabindner#BHUSA BlackHatEventsProject Introduction#BHUSA BlackHatEventsObservations Growing use of cellular in IoT Lack of effective knowledge Lack of security testing methodsGoal Understand technology Build testing methodologies Answer needed security

3、 question#BHUSA BlackHatEventsNBNB-IoTIoT Slow(26-127 kbits)Telemetry Data Half-duplex Latency (1.6-10s)LTELTE-M M Faster(1-4 mbits)Voice,Images,Video Full-duplex Latency(10-15ms)#BHUSA BlackHatEventsInterInter-Chip CommunicationChip Communication Encryption(Unlikely)Easy to sniff Easy to inject&con

4、trol#BHUSA BlackHatEventsMainCPUCellularModuleInternet of Things HardwareCellularServiceTypically Encrypted&FCC RegulatedInter-Chip CommunicationNot Typically Encrypted#BHUSA BlackHatEventsTrustTrust Machine-to-Machine(overly trusted)Implicit Trust Automated Authentication&Validation Limited Contain

5、ment&Segmentation#BHUSA BlackHatEventsMainCPUCellularModuleInternet of Things HardwareCellularServiceInter-Chip CommunicationServicesCloud&InternetPrivate Network#BHUSA BlackHatEventsMainCPUCellularModuleInternet of Things HardwareCellularServiceInter-Chip CommunicationServicesCloud&InternetPrivate

6、Network#BHUSA BlackHatEventsMainCPUCellularModuleInternet of Things HardwareCellularServiceInter-Chip CommunicationServicesCloud&InternetPrivate NetworkBy controlling these,I have access to all trusted resources#BHUSA BlackHatEventsHow To Interact With Cellular Modules#BHUSA BlackHatEventsUSBUSB Sta