Duo Tech Talk: My Pet Fish Drove Downtown (An IoT Security Video)
In February, Duo Security hosted another Duo Tech Talk featuring guest speaker Don Bailey, founding partner of Capitol Hill Consultants, LLC. Don presented on the security perspective of the Internet of Things (IoT).
What is meant by the “Internet of Things” (IoT)? Referring to the explosive growth of the number of devices and innovative technology connecting to the Internet, the IoT is a reflection of rapid vendor response to consumer demand. This presents a number of unregulated security issues with the lack of standardization of the new technology, leaving consumers vulnerable to numerous new security threats.
Entitled, My Fish Drove Downtown To Get Some Sushi, Don’s talk opens with an explanation of a pet fish tank on wheels that was able to control his own trajectory as an example of how we can integrate relatively simple technology into our physical lives with innovative IoT.
He references the DARPA-funded car hacking described in a previous Duo Tech Talk by Chris Valasek, Director of Security Intelligence at IOActive and Dr. Charlie Miller, and the popular misconception that local security attacks don’t affect the larger majority - point being, IoT has brought these risks home by connecting cars online.
Don’s work, funded primarily by DARPA Cyber Fast Track, allowed him to spend an entire year hacking IoT technology to find these type of vulnerabilities - technology that we not only use on a day-to-day basis, but automated technology that runs the entire infrastructure behind our society.
He covers the evolution of IoT from the early days when it used to be called M2M (Machine to Machine) in the early 90s, initially used as radio technology in the shipping industry. He goes on to differentiate between legacy M2M components and modern M2M used in IoT technology today.
Find out more about Don’s talk by watching the video! And join our Duo Tech Talk Meetup group to stay updated on upcoming talks hosted at our Ann Arbor office.
One IoT security initiative started by Duo Security’s own Security Evangelist Mark Stanislav and Senior Security Research Zach Lanier is BuildItSecure.ly, an online community designed to connect innovative IoT entrepreneurs, designers and developers with security professionals to join forces in creating secure new technology before it hits the market.
Vendors and organizations in the Internet of Things space are highly encouraged to reach out to Mark and Zach if they would like to be part of the initiative. Over the coming months, they will be working with security researchers, vendors, and relevant organizations to begin to formalize resources and process to help secure the devices we’re all putting on the Internet in droves.
Stay updated on the latest BuildItSecure.ly news by following @BuildItSecurely on Twitter.
Don A. Bailey, Founding Partner, Capitol Hill Consultants, LLC
Don has discovered many unknown security vulnerabilities in well used software, analyzed new and proprietary protocols for design and implementation flaws, and helped design and integrate security solutions for up and coming internet software.
While Don's primary expertise is in developing exploit technologies, he is also well versed at reverse engineering, fuzzing, enterprise and embedded programming, source code auditing, rootkit detection and design, and network penetration testing. In addition, Don has helped develop and enhance risk management programs for several Fortune 500 companies and has been invited to speak about risk management from a CISO perspective at government organized conferences.
For the past six years, Don has presented research at several international security conferences discussing topics such as stealth root-kit design, zero-day exploit technology, telephony security, and most recently, machine to machine security. In the past year, Don has given lectures at Black Hat Barcelona 2011, Black Hat Las Vegas 2011, SyScan Singapore 2011, and Hack In The Box KL 2011, regarding vulnerabilities in embedded architectures and wide spread machine to machine vulnerabilities.