networked home appliances and vulnerabilities. by yukihisa horibe
DESCRIPTION
A decade has passed since the introduction of network enabled home appliances into the market. Every year these appliances advance in functionality and inter device integrations, such as the integration with cell phones/smart phones , service servers/ cloud services and more. This has lead to a significant increase in the information and value that the network enabled house hold appliances handle. Under such circumstances a vulnerability in the house hold appliance could be leveraged to gain access to other devices and information. In this presentation I will present whether such risks can be actualised and the changes of functionality and vulnerabilities in network enabled house hold appliances,looking at those changes from a user's and developer'sperspective. Yukihisa Horibe Panasonic Corporation Analysis Cente Panasonic PSIRT member. Over 10 years of experience in vulnerability research and risk analysis regarding networked household appliances and embedded systems.TRANSCRIPT
Networked Home Appliances and Vulnerabilities.
Panasonic Corporation Analysis CenterYukihisa Horibe
Profile
堀部 千壽(Yukihisa Horibe)
2
Panasonic Corporation Analysis CenterPanasonic-PSIRT Member
Focusing on improving security for networked home appliances
Vulnerability assessment of house hold appliances and embedded systemsVulnerability assessment of home service serversTable top analysis of networks including house hold appliances.Over 10 years of experience in security evaluation related work
Agenda
3
Changes in the feature of connected CE products
The risks to connect
Performance and trends in the Vulnerability Assessment for connected CE products
Security functions required for CE products in the time of IoT
Closing
Agenda
4
Changes in the feature of connected CE products
The risks to connect
Performance and trends in the Vulnerability Assessment for connected CE products
Security functions required for CE products in the time of IoT
Closing
Evolving Home Appliances.
5
Remote Control Media Server
HDD Recorder
Image UploadWifi Data Transfer
Digital Camera/Video Cam
CDDB
Audio System
Browser Media Player Smartphone like apps
Browser Media Player Smartphone like apps
Digital TVDigital TV Browser Media Player Smartphone like apps
Digital TV
Door Chimes Notification Communications
Measurements data transfer
Scales
DeviceIntegration
SmartphoneIntegration
CloudIntegration
Monitoring Power Control On Demand
Control
HEMS Monitorin Remote Control
Air Conditioner
Historical Overview of Function and Data Information of Networked Home Appliances(~2005:Growth Period)
6
Internet(Household)
Cellphones
Digital TV
Recorders
Cooking Appliances
201220102008200620042002ADSL
mova3G
Browser
Remote operations
Status Notifications
Historical Overview of Function and Data Information of Networked Home Appliances(~2005:Growth Period)
7
Internet (Household)
Cellphones
Digital TV
Recorders
Cooking Appliances
201220102008200620042002ADSL
mova3G
Browsers
Remote Operation
Status Notifications
ID/PasswordRecording
Information
email addressStatus Info on
operations
Access History
Most of the functions are contained within each appliance and the information they handle is limited.
Historical Overview of Function and Data Information of Networked Home Appliances(2005~2010:Evolution Phase)
8
Internet(Household)
Cellphone
Digital TV
Recorder
Audio System/Music
Digital Camera/Camcorders
Cooking Appliances
Home Related
201220102008200620042002ADSL
FTTH(Optical Fiber)mova
3G
Browser
Remote Operations
CDDB
Appliance Integration(DLNA)
VOD
Status notifications
Security: Status MonitoringDoor Chime:Visitor Notification
HEMS
Image Upload
Historical Overview of Function and Data Information of Networked Home Appliances(2005~2010:Evolution Phase)
9
Internet (Household)
Cellphones
Digital TV
Recorder
Audio Systems/Music
DigitalCamera/Camcorder
Cooking Appliance
Home Related
201220102008200620042002ADSL
FTTH(Fiber Optic)mova
3G
ブラウザ
宅外操作
CDDB
Device Integration(DLNA)
VOD
状態通知
Security Status MonitoringDoor Chime Visitor Notifications
HEMS
Image upload
CD Ownership List
Payment InfoViewing History
“at home” infoOperational Info of each appliance
Image InformationBlog/UL Service
AccountVisitor Info
email Address
Content Ownership InfoDevice Ownership Info
Operational Info of each device
Power usage infoWith the increase in server/inter-device integration the importance of information also grew
Historical Overview of Function and Data Information of Networked Home Appliances(2010~:Mature Phase)
10
Internet(Household)
Cellphone
DigitalTV
Recorder
Audio System/Music
Digital Camera/Cammcorder
Health Care Appliances
Cooking Appliances
Home Related
201220102008200620042002ADSL
FTTH(Fiber Optic)mova
3Gsmartphone
Browser
Remote Operations
CDDB
Device Integration(DLNA)
VOD
Status Notifications
Security Status MonitoringDoor Chimes Visitor Notification
applications
HEMS
Smartphone Integration
ACRemote Operations
Image Upload
Historical Overview of Function and Data Information of Networked Home Appliances(2010~:Mature Phase)
11
Internet(Household)
Cellphone
Digital TV
Recorder
Audio System/Music
Digital Camera/Cammcorder
Health Care Appliances
Cooking Appliances
Home related
201220102008200620042002ADSL
FTTH(Fiber Optic)mova
3GSmart Phones
Browser
Remote Operation
CDDB
機器連携(DLNA)
VOD
Status Notification
Security Status Monitoringドアホン 来客通知
Apps
HEMS
Smartphone Integration
ACRemote Operation
Image Upload
Payment InfoPurchase History
Address/NameBlog/SNS Account
Physical InfoService Account
Operation InfoService Account
Historical Overview of Function and Data Information of Networked Home Appliances(2010~:Mature Phase)
12
Internet(Household)
Cellphones
Digital TV
Recorder
Audio System/Music
Digital Camera/Camcorder
Health Care Appliances
Cooking Appliance
Home Related
201220102008200620042002ADSL
FTTH(光回線)GSM(cHTML)
広帯域CDMA(HTML/Java)Smartphone
ブラウザ
宅外操作
CDDB
機器連携(DLNA)
VOD
状態通知
Security Operational Infoドアホン 来客通知
Apps
HEMS
スマホ連携
エアコン遠隔操作
画像アップロード
Cloud Integration allows the information linkage to include everything including smartphones.
ID/PassworrRecording history
Email AddressDevice Operation Info
Access History
CD Ownership List
Payment InfoViewing History
Vacancy InfoOperational Info of each device
Image InfoBlog/UL Service
account infoVisitor Info
Email address
Content OwnershipDevice Ownership
Operational Info of each device.
Power Usage Info
Payment InfoPurchase History
住所氏名ブログ/SNSアカウント
Physical Information
Service Account
Operation InfoService Account
Cloud Integration
Address BookVideo/ImageAccount info
The Evolution of Networked Home Appliances Functionality and Information (Near Future)
House hold(Audio Visual, Home , Cosmetic)
PC, Game terminal,InformationterminalSmartphone, Cellphones, Land linesHousing Equipment(Single Family,complexes)
13
Inside the home
connecting
The Evolution of Networked Home Appliances Functionality and Information (Near Future)
Home Appliances(Audio Visual,House hold,Cosmetic)PC,Game Terminal,Information TerminalsSmartphone,Cellphones,LandlinesHousing Equipment( Single Family, Complexes)
Medical Devices (Individual , Institutional)
Public Services(Municipal offices, schools)
Public Transportations(Bus、Trains)
Cars/Automotive equipmentInfrastructure(Power、Gas、Water)Retail(Large scale, individual)
14
Is the era when household appliances , home and public,commercial services are all connected near?
Everything is
connected
Inside the home
connecting
Agenda
15
Changes in the feature of connected CE products
The risks to connect
Performance and trends in the Vulnerability Assessment for connected CE products
Security functions required for CE products in the time of IoT
Closing
Risks of Home Appliances Having Network Capabilities
The possibility of unauthorized access via the network
Many devices have global IPs assigned.
Possibility of attacks leveraging vulnerabilities in home appliances.
Attack by forcing a download of malware
Targeted attacks leveraging XSS/CSRF16
Using search engines you can find sites that hint they
are home appliances.
Fake Firmware or Contents
CVE-2008-3482 (2008)Network Camera made by Panasonic , Reflected XSS vulnerabilityDefect in escaping routine of the display on the error page
Defcon17 (2009)CSRF vulnerability in household network camera by PanasonicMany vulnerabilities were disclosed for household routers and other embedded web systems.
Reported vulnerabilities on CE category: Panasonic case
17
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000037.html
http://www.blackhat.com/presentations/bh-usa-09/BOJINOV/BHUSA09-Bojinov-EmbeddedMgmt-PAPER.pdf
Reported vulnerabilities on CE category: example of other case
18
Year Product Outline Manufacturer2004 Video recorder Accessible without authentication (springboard) Japan
2008 NAS CSRF (remote data deletion) Japan
2010 Digital camera Arbitrary code execution from SD card Japan
2011 MFP Authentication bypass and more Japan & overseas
2012 Digital TV DoS Japan
2012 Many Devices Arbitrary code execution by UPnP vulnerability Japan & overseas
2013 Digital TV DoS & restart by malformed packets Japan & overseas
2013 Smart phone Intrusion of malware through power cable Japan & overseas
2013 Digital TV Authority seizure & remote control by illegal application Overseas
2013 Lighting system Force unable to turn on Overseas
2013 Home GW Vulnerability in authentication, CSRF and more (electric lock unlock by malicious third party) Overseas
2013 Toilet Hard-Coded Bluetooth PIN Vulnerability Japan
With the advancement of function, the reports of vulnerability have been increasing after 2012
Agenda
19
Changes in the feature of connected CE products
The risks to connect
Performance and trends in the Vulnerability Assessment for connected CE products
Security functions required for CE products in the time of IoT
Closing
Vulnerability Eradication Efforts at Panasonic
20
Base Knowledge
(Awareness/Education)
Base foundation of knowledge regarding product securityTwo pillars supporting Product Security
Minimize RiskIncident Response
Minimize Risk Incident Response
Product Security
Improving security of products including house hold appliancesis an important requirement for Panasonic
Network Home Appliances, Embedded Systems, Services
Response based on product lifecycles.
21
ShippingProduct Lifecycle
Contamination Prevention(Avoid building vulnerabilities into)
Inspection/Removal(Detect vulnerability and
remove)
Maintain/Improve(Response after
shipping)
Resp
onse
Table Top Risk Analysis(Vulnerability
Analysis)
Security Design
・Secure Coding
・Static Analysis
・Vulnerability analysis(Security Inspection)
・Incident response
The need to respond throughout the product lifecycles
Sale/ServiceTestImplementDesignPlan
Disposal
Minimize Risks Incident Response
Response based on product lifecycles.
22
ShippingProduct Lifecycle
Contamination Prevention(Avoid building vulnerabilities into)
Inspection/Removal(Detect vulnerability and
remove)
Maintain/Improve(Response after
shipping)
Resp
onse
Table Top Risk Analysis(Vulnerability
Analysis)
Security Design
・Secure Coding
・Static Analysis
・Vulnerability analysis(Security Inspection)
・Incident response
The need to respond throughout the product lifecycles
Sale/ServiceTestImplementDesignPlan
Disposal
Minimize Risks Incident Response
Vulnerability Analysis for Panasonic House hold appliances and embedded systems
23
The number and details for the vulnerability are for vulnerabilities found “pre shipping”The detected vulnerabilities were patched prior to shippingThese vulnerabilities do not exist in current products available in the general market.
Actual results I will present
Vulnerability assessments for Panasonic house hold appliances and embedded systems
24
Vulnerability assessments for Panasonic house hold appliances and embedded systems
25
Trend of vulnerability : Rise period(2003-05) of Connected CE products
26
Trend of vulnerability : Early progressive period(2006-08)of Connected CE products
27
Trend of vulnerability : late progressive period(2009-10)of Connected CE products
28
Trend of vulnerability : Mature stage(2011-13)of Connected CE products
29
Agenda
30
Changes in the feature of connected CE products
The risks to connect
Performance and trends in the Vulnerability Assessment for connected CE products
Security functions required for CE products in the time of IoT
Closing
Historical Overview of Function and Data Information of Networked Home Appliances(2010~:Mature Phase)
31
Internet(Household)
Cellphones
Digital TV
Recorder
Audio System/Music
Digital Camera/Camcorder
Health Care Appliances
Cooking Appliance
Home Related
201220102008200620042002ADSL
FTTH(光回線)GSM(cHTML)
広帯域CDMA(HTML/Java)Smartphone
ブラウザ
宅外操作
CDDB
機器連携(DLNA)
VOD
状態通知
Security Operational Infoドアホン 来客通知
Apps
HEMS
スマホ連携
エアコン遠隔操作
画像アップロード
Cloud Integration allows the information linkage to include everything including smartphones.
ID/PassworrRecording history
Email AddressDevice Operation Info
Access History
CD Ownership List
Payment InfoViewing History
Vacancy InfoOperational Info of each device
Image InfoBlog/UL Service
account infoVisitor Info
Email address
Content OwnershipDevice Ownership
Operational Info of each device.
Power Usage Info
Payment InfoPurchase History
住所氏名ブログ/SNSアカウント
Physical Information
Service Account
Operation InfoService Account
Cloud Integration
Address BookVideo/ImageAccount info
The Evolution of Networked Home Appliances Functionality and Information (Near Future)
Home Appliances(Audio Visual,House hold,Cosmetic)PC,Game Terminal,Information TerminalsSmartphone,Cellphones,LandlinesHousing Equipment( Single Family, Complexes)
Medical Devices (Individual , Institutional)
Public Services(Municipal offices, schools)
Public Transportations(Bus、Trains)
Cars/Automotive equipmentInfrastructure(Power、Gas、Water)Retail(Large scale, individual)
32
Is the era when household appliances , home and public,commercial services are all connected near?
Everything is
connected
Inside the home
connecting
Future prediction
Spread to the whole of human life
Rapid increase of device
Connect to the various industries
33
Spread to the whole of human life
34
Risk of Serious accident Higher reliabilityFire due to incorrect control of CE productInvalidation of electric lock securityAccident and runaway of automotive
Connect to various device of various manufacturerWe want to guarantee at least minimum level securityWill you need the standard like Industry standard ?
it is not the problem of one company
Entire House, Linkage to automotive, home security and gas app…Information assets = life of customer
The minimum level security ?
Spread to the whole of human life
35
The risk due to share of authentication informationAdoption of SSO is also being investigated in CE productsInfluence of vulnerability will spread to other services that share authentication information
it is not the problem of one provider or one vendor
Constantly connected communications, share of authentication information Useful …
Authentication provider
CE
Smart phone
application
Webservice
Automotive
HEMSgame
CE
Share of authentication
information
What must we do to make product secure ?
SNS
application
Rapid increase of device
36
Lighting, switch, sensor, electric socket, etc.Maintenance of various and huge amount of devices
After vulnerability is reported, software must be updatedLighting, sensor, electric socket…update all ?How to update ?
Service engineers ?Automatic update ?
Disclaimer of firmware updateLifetime of CE product is long (over 10 years)Up to when ?
The update method, the period to continue to care security ?
Connect to the various industries
37
Diversification of I/F, protocolECHONET Lite, CAN, DLNA…Bluetooth, NFC, TransferJet, ZigBee, Z-Wave…Original communication protocol, 920MHz…
Security verification technology must catch upOnly knowledge of the IP network is not enoughKnowledge other than the IP network is necessary
Knowledge of Non-IT engineers will be neededThink tank beyond the type of industry?
Diversification of I/F of the linkage to infrastructure, automotiveand healthcare, security technology catch up
The structure which takes in knowledge of various fields?
Agenda
38
Changes in the feature of connected CE products
The risks to connect
Performance and trends in the Vulnerability Assessment for connected CE products
Security functions required for CE products in the time of IoT
Closing
Closing
39
Several billion of IoT(Internet of Things) will be connected
It is difficult to guarantee security by one companyThe approach beyond the industry/type of industry /position must be needed
Unite for the IoT security !
Internet
Store
Social infrastructure
Public Service Housing equipment
Automotivein-car device
Smart phoneInformation device
PCConnected CE product
Contact
41
Analysis Center Panasonic Corporationhttp://www2.panasonic.co.jp/aec/ns/index.htmlSorry, Japanese Only…
Panasonic-PSIRThttp://panasonic.co.jp/info/psirt/en/[email protected]