IoT Thames Valley Meetup 19th June Final Agenda & News

We have fantastic line up of Meetup speakers, talks and demos from Amazon Web Services, Arm & Pen Test Partners.

You can register/RSVP for this Meetup here:
https://www.meetup.com/Internet-of-Things-Thames-Valley/events/257305513/

A special thank you to our sponsors Arm and Review Display Systems.

Speakers & Talks:


Andrew Hood, Amazon Web Services
“AWS IoT and Alexa in the connected home”
AWS IoT services for the connected home bring devices and services together for an integrated, autonomous experience that improves a consumers’ lives. Connected home experiences include everything from voice-controlled lights, house-cleaning robots, machine learning-enabled security cameras, and Wi-Fi routers that troubleshoot for you. Additionally, given that voice control is becoming pervasive across smart homes, these devices can also benefit from using voice services like Alexa for an even more seamless customer experience. Thanks to decreasing costs and increasing options for connectivity, these smart home devices, sensors, and tools can be interlinked to create real-time, contextual, and smart experiences for consumers. Learn how in this session.


Tony Gee, Pen Test Partners,
“Systemic flaws in IoT”
As the IoT brings ever more connected capabilities in to our lives we are seeing more and more devices utilising the same backend architecture. We are seeing more and more vendors replicating vulnerabilities across multiple device types, from tracking watches to car alarms. We are seeing zombie vulnerabilities rising from the dead, insecure direct object references which mostly died off back in 2002 are now found on many devices we look at. In this talk we will discuss some of these and show some of our recent research in to the Internet of Things.


Rob Coombs, Arm,
“PSA Certified – building trust in IoT”
Platform Security Architecture was announced by Arm in October 2017 as a security framework for IoT. Arm provides the recipe (security architecture documents) and ingredients (open source software, tools, models, dev boards) to help the electronics industry build secure IoT solutions. At Embedded World this year we introduced PSA Certified, a multi-level security evaluation scheme for IoT chips, software and devices. This presentation will provide an introduction to PSA Certified.


In other news, the companies supporting the Secure IoT cyber security conference on 7th November continues to grow and we have speakers confirmed from:

  • Amazon Web Services
  • Arm
  • Department for Digital, Culture, Media and Sport
  • Device Authority
  • GSMA
  • IBM
  • NCC Group
  • Pen Test Partners
  • SAS

You can book discounted Early Bird tickets here:
https://www.eventbrite.co.uk/e/secure-iot-2019-tickets-59043403409

PSA Certified – building trust in IoT

Rob Coombs @Arm, will be giving a talk “PSA Certified – building trust in IoT” at #IoT Thames Valley Meetup on 19th June at the GreenPark Conference Centre, Reading.

Free to attend. RSVP:

Internet of Things Thames Valley Meetup #26

Platform Security Architecture was announced by Arm in October 2017 as a security framework for IoT. Arm provides the recipe (security architecture documents) and ingredients (open source software, tools, models, dev boards) to help the electronics industry build secure IoT solutions.

At Embedded World this year we introduced PSA Certified, a multi-level security evaluation scheme for IoT chips, software and devices. This presentation will provide an introduction to PSA Certified.

Systemic flaws in IoT

Tony Gee @_tonygee_ of Pen Test Partners, is giving a talk “Systemic flaws in IoT” at the IoT Thames Valley Meetup on 19th June  at the Green Park Conference Centre,  Reading.

This is a free to attend event. To register, please RSVP:

IoT Thames Valley Meetup #26

As the IoT brings ever more connected capabilities in to our lives we are seeing more and more devices utilising the same backend architecture. We are seeing more and more vendors replicating vulnerabilities across multiple device types, from tracking watches to car alarms. We are seeing zombie vulnerabilities rising from the dead, insecure direct object references which mostly died off back in 2002 are now found on many devices we look at. In this talk we will discuss some of these and show some of our recent research in to the Internet of Things.

Internet of Things Cyber Security Conference

Internet of Things Cybersecurity Conference

The third annual Secure IoT, Internet of Things cyber security conference will be held at the Green Park Conference Centre, Reading, on 7th November, 2019.

Learn about the security issues, risks, threats and vulnerabilities associated with IoT systems and connected device. Gain an understanding IoT security best practice and meet leading experts and companies offering security products, solutions and services.

There are a limited no. of Super Early Bird available until 9th June at £60 +VAT and Student tickets £30 + VAT:

Book Tickets

For more information see:

Secure IoT Website

Pindrop brings voice authentication to IoT devices, intelligent assistants, and connected cars

Forget passwords and PIN codes — Pindrop wants to make our lives more secure with voice biometrics.

From VentureBeat Article:

Pindrop brings voice authentication to IoT devices, intelligent assistants, and connected cars

The Atlanta, Georgia-based company today announced Voice Identity Platform, a speech authentication solution for IoT, voice assistants, smart homes and offices, and connected cars.

Its platform-agnostic tech is akin to Google’s Voice Match in Google Assistant, which can differentiate among the unique voice signatures of up to 10 Google Home users, and Amazon’s voice profiles in Alexa.

Pindrop’s patented Pindrop Protect technology takes into account factors such as location, behavior, device type, audio, voice, and time of day to confirm identity. By scoring each voice interaction based on AI-driven anomaly detection and using voice printing to correlate matches with what Pindrop claims is one of the world’s largest audio databases of its kind, the company contends it is able to lower handle times by up to 60 seconds.

European Parliament fails to ensure security for connected consumer products

European Parliament regrettably missed an opportunity to establish mandatory security requirements for connected products such as smart watches, baby monitors or smart locks. This is the outcome of a vote in its industry (ITRE) committee.

PRESS STATEMENT – 10.07.2018 

http://www.beuc.eu/publications/european-parliament-fails-ensure-it-security-connected-consumer-products/html

Consumers in Europe are exposed to a string of unsecure connected products[1]. These range from hackable security cameras, door locks and heating thermostats in people’s homes, to the possibility for strangers to easily tap into connected toys and smart watches for children.

Consumer groups had urged the EU to ensure that the upcoming Cybersecurity Act would plug this gaping hole in EU legislation to finally protect the security of our lives and homes.

Yet, despite the immense threat to consumers and society as a whole because of unsecure connected products, the European Commission, Member States and (as of today) Parliament are content with only a voluntary scheme that will not appropriately protect consumers’ privacy, security or safety.

A Botnet Compromises 18,000 Huawei Routers

A cyber hacker, by the pseudonym Anarchy, claims to have made a botnet within 24 hours by utilizing an old vulnerability that has reportedly compromised 18, 000 routers of Chinese telecom goliath Huawei.

http://www.ehackingnews.com/2018/07/a-botnet-compromises-18000-huawei.html

As indicated by a report in Bleeping Computer, this new botnet was first recognized in this current week by security researchers from a cyber-security organization called Newsky Security.

Following the news, other security firms including Rapid7 and Qihoo 360 Netlab affirmed the presence of the new danger as they saw an immense recent uptick in Huawei device scanning.

The botnet creator contacted NewSky security analyst and researcher Ankit Anubhav who believes that Anarchy may really be a notable danger who was already distinguished as Wicked.

The activity surge was because of outputs looking for devices that are vulnerable against CVE-2017-17215, a critical security imperfection which can be misused through port 37215. These outputs to discover the vulnerable routers against the issue had begun on 18 July.

Russian hackers penetrate US power stations

https://www.bbc.co.uk/news/technology-44937787

Russian hackers have won remote access to the control rooms of many US power suppliers, the Wall Street Journal reports.

The access could have let them shut down networks and cause blackouts, US officials told the newspaper.

The state-backed hackers won access even though command centre computers were not directly linked to the web.

The attacks succeeded by targeting smaller firms which supply utilities with other services.

Only 14% of businesses have implemented even the most basic cybersecurity practices

#IoT #cybersecurity must be a vital and integral part of every organization’s strategic plan.

https://www.techrepublic.com/article/only-14-of-businesses-have-implemented-even-the-most-basic-cybersecurity-practices/

According to a 2018 report from security company Symantec, the number of Internet of Things (IoT) attacks increased from about 6,000 in 2016 to more than 50,000 in 2017, which translates into a 600% rise in just one year. IoT devices are increasingly the attack vector of choice for cybercriminals around the world. IoT is particularly popular for ransomware attacks and illegal cryptocurrency miners.

According to Verizon’s Mobile Security Index 2018, only 14% of the responding organizations said they had implemented even the most basic cybersecurity practices, with an astonishing 32% of these IT professionals admitting that their organization sacrifices mobile security to improve business performance on a regular basis. That general lax attitude toward cybersecurity goes along way toward explaining why IoT attacks have spiked 600% in one year.

Cybersecurity Is the Key to Unlocking Demand in the Internet of Things

 

Research by Bain & Company finds that enterprise customers would be willing to buy more IoT devices if their concerns about cybersecurity risks were addressed—on average, at least 70% more than what they might buy if their concerns remain unresolved (see Figure 2). In addition, 93% of the executives we surveyed said they would pay an average of 22% more for devices with better security. Taken together, Bain estimates that improving security solutions for these devices could grow the IoT cybersecurity market by $9 billion to $11 billion.

See Bain Brief:

Cybersecurity Is the Key to Unlocking Demand in the Internet of Things