SlideShare ist ein Scribd-Unternehmen logo

Home Automation Benchmarking Report

Synack
Synack

Synack completed a benchmarking test in a series of home automation devices from cameras to home automation controllers to thermostats. The devices were examined head to head to derive conclusions on the relative state of security across the board. Interested in what we found?

Technologie
1 von 9
Downloaden Sie, um offline zu lesen
www.synack.com Home Automation Benchmarking
Project Scope Cameras Thermostats Smoke / CO Home Automation Controllers Dlink DCS-2132L Ecobee First Alert SC9120B Control4 HC-250 Dropcam Pro Hive Kidde i2010S Lowes Iris Foscam FI9826W Honeywell Lyric Nest Protect Revolv Simplicam Nest Thermostat SmartThings Withings Baby Monitor
Cameras • All communications encrypted • No public services • Automatic firmware updates • No default credentials • Hardwired connection available • Public firmware is encrypted to some extent • Credential change required on first boot • Encrypted automatic updates • Lost communications alerting • Automatic firmware updates • No hardwired connection • No SSL pinning in mobile app • Communications default to unencrypted • Obfuscates, rather than secures data in transit • Publicly available firmware • Maximum 12 character passwords • Communications default to unencrypted • Obfuscates, rather than secures data in transit • Weak password policy • No certificate validation • Multiple communications are unencrypted • Credentials easily pulled from backups • Hard-coded shared password • Considerable network footprint BEST PRODUCT QUALITIES WORST PRODUCT QUALITIES *The qualities outlined for each product are a result of individual product analysis conducted in isolation from other products examined in this research.
Thermostats • All communications encrypted • Automatic firmware updates • Proper SSL usage / encrypted traffic • Public firmware is encrypted to some extent • Credential change required on first boot • Built on widely used platform • Automatic firmware updates • Encrypted communication • Weak password policy • Weak password policy • Easily guessable configuration token used • Lack of SSL pinning in mobile app • Insecure initial configuration • History of vulnerabilities across product lines • Not all traffic is encrypted • Moderate password policy BEST PRODUCT QUALITIES WORST PRODUCT QUALITIES *The qualities outlined for each product are a result of individual product analysis conducted in isolation from other products examined in this research.
Smoke and CO Detectors • Audible power loss notification • Encrypted network communication • Difficult to tamper with • Impossible to remotely hack, because it lacks connectivity • Impossible to remotely hack, because it lacks connectivity • Weak password policy • Custom configuration protocol / short pairing codes • Not applicable because this is not a “smart” device • Not applicable because this is not a “smart” device BEST PRODUCT QUALITIES WORST PRODUCT QUALITIES *The qualities outlined for each product are a result of individual product analysis conducted in isolation from other products examined in this research.
Home Automation Controllers • Encrypted communications • Strong pairing mechanics • Encrypted communications • Notified if goes offline • Strong password policy • Encrypted communications • Automatic firmware updates • Unsigned firmware • Custom remote management feature • Open ports • Hardcoded API keys • Weak password policy • Exposed telnet service • History of unpatched security issues • Built-in unauthenticated remote management feature • Moderate password policy BEST PRODUCT QUALITIES WORST PRODUCT QUALITIES *The qualities outlined for each product are a result of individual product analysis conducted in isolation from other products examined in this research.
Takeaways • Overall, IoT security is poor, with cameras scoring the lowest • With few exceptions, Nest leads the industry in security practices • A sinking tide incident will likely hit home automation • The industry needs some basic standards to set the bar
Areas to Watch Wi-Fi Jamming • With few exceptions, all Wi-Fi devices are susceptible to jamming • Diversification of used spectrum (2.5Ghz + 5 Ghz, etc.) reduces risk • Hardwired Ethernet options also reduce the risk • Jamming/network down incidents should result in a proactive alert to the user Password strength, Reuse, and Attack Resistance • Basic Password strength requirements should be enforced • Horizontal and vertical password guessing countermeasures should be implemented at application and network layers
Areas to Watch Unencrypted and unauthenticated communications • All communications should use bidirectional encryption • Unauthenticated servers, communications and services should not be allowed Misconfiguration of Encryption • Independent encryption architecture reviews should always be performed. There are thousands of ways to get it wrong, and only a handful of ways to get it right • SSL pinning should be used to prevent man-in-the-middle attacks • Certificate validation should always be performed against a 3rd party • Self-signed certificates should never be used

Empfohlen

Internet of Things
Internet of ThingsInternet of Things
Internet of ThingsPrithwis Mukerjee
 
Different system of fire suppression
Different system of fire suppressionDifferent system of fire suppression
Different system of fire suppressionKamran Hassan
 
ISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness TrainingISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness Traininghimalya sharma
 
Gas tester
Gas testerGas tester
Gas tester智 李
 
Security Guard Services Proposal Template PowerPoint Presentation Slides
Security Guard Services Proposal Template PowerPoint Presentation SlidesSecurity Guard Services Proposal Template PowerPoint Presentation Slides
Security Guard Services Proposal Template PowerPoint Presentation SlidesSlideTeam
 
Why IoT needs Fog Computing ?
Why IoT needs Fog Computing ?Why IoT needs Fog Computing ?
Why IoT needs Fog Computing ?Ahmed Banafa
 
Selecting rpe
Selecting rpeSelecting rpe
Selecting rpeMike Slater
 
Contractor Safety Orientation - Sappi.ppt
Contractor Safety Orientation - Sappi.pptContractor Safety Orientation - Sappi.ppt
Contractor Safety Orientation - Sappi.pptAndreAntWilliams
 

Empfohlen

Internet of Things
Internet of ThingsInternet of Things
Internet of ThingsPrithwis Mukerjee
 
Different system of fire suppression
Different system of fire suppressionDifferent system of fire suppression
Different system of fire suppressionKamran Hassan
 
ISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness TrainingISO 27001 Training | ISMS Awareness Training
ISO 27001 Training | ISMS Awareness Traininghimalya sharma
 
Gas tester
Gas testerGas tester
Gas tester智 李
 
Security Guard Services Proposal Template PowerPoint Presentation Slides
Security Guard Services Proposal Template PowerPoint Presentation SlidesSecurity Guard Services Proposal Template PowerPoint Presentation Slides
Security Guard Services Proposal Template PowerPoint Presentation SlidesSlideTeam
 
Why IoT needs Fog Computing ?
Why IoT needs Fog Computing ?Why IoT needs Fog Computing ?
Why IoT needs Fog Computing ?Ahmed Banafa
 
Selecting rpe
Selecting rpeSelecting rpe
Selecting rpeMike Slater
 
Contractor Safety Orientation - Sappi.ppt
Contractor Safety Orientation - Sappi.pptContractor Safety Orientation - Sappi.ppt
Contractor Safety Orientation - Sappi.pptAndreAntWilliams
 
Iso 45001 2018
Iso 45001 2018Iso 45001 2018
Iso 45001 2018Productivity Management Group
 
Wireless Intrusion Prevention Systems or WIPS
Wireless Intrusion Prevention Systems or WIPSWireless Intrusion Prevention Systems or WIPS
Wireless Intrusion Prevention Systems or WIPSMd Sohail Ahmad
 
Isocyanates Awareness Training
Isocyanates Awareness TrainingIsocyanates Awareness Training
Isocyanates Awareness TrainingFTERIESW
 
InformationSecurity.ppt
InformationSecurity.pptInformationSecurity.ppt
InformationSecurity.pptAnshikaGoel42
 
Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)samsontamwaiho
 
WSH ppt - final (on mel)
WSH ppt - final (on mel)WSH ppt - final (on mel)
WSH ppt - final (on mel)fongning04
 
Group6
Group6Group6
Group6vlindjm
 
Hydrogen sulfide
Hydrogen sulfideHydrogen sulfide
Hydrogen sulfideLoay Reda Alaswad
 
Structure of iso 27001
Structure of iso 27001Structure of iso 27001
Structure of iso 27001CUNIX INDIA
 
Fire detectors - Aspiratory smoke detector
Fire detectors - Aspiratory smoke detectorFire detectors - Aspiratory smoke detector
Fire detectors - Aspiratory smoke detectorKamran Hassan
 
Catalogue 2012 safety security and power quality management
Catalogue 2012 safety security and power quality managementCatalogue 2012 safety security and power quality management
Catalogue 2012 safety security and power quality managementFiroze Hussain
 
Site and Plant Security
Site and Plant SecuritySite and Plant Security
Site and Plant SecurityAnwar Munjewar
 
NQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation GuideNQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation GuideNA Putra
 
ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1Tanmay Shinde
 
Advanced Laser Doppler Technology for Non-Contacting Area Velocity Flow Measu...
Advanced Laser Doppler Technology for Non-Contacting Area Velocity Flow Measu...Advanced Laser Doppler Technology for Non-Contacting Area Velocity Flow Measu...
Advanced Laser Doppler Technology for Non-Contacting Area Velocity Flow Measu...Instrument Specialties, Inc.
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity frameworkShriya Rai
 
RA TechED 2019 - NT03 - Building Converged Plantwide Ethernet Architectures
RA TechED 2019 - NT03 - Building Converged Plantwide Ethernet ArchitecturesRA TechED 2019 - NT03 - Building Converged Plantwide Ethernet Architectures
RA TechED 2019 - NT03 - Building Converged Plantwide Ethernet ArchitecturesRockwell Automation
 
ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2Tanmay Shinde
 
Connected Things, IoT and 5G
Connected Things, IoT and 5GConnected Things, IoT and 5G
Connected Things, IoT and 5GEueung Mulyana
 
Ims integrated management system implementation steps-lakshy rev00-240914
Ims integrated management system implementation steps-lakshy rev00-240914Ims integrated management system implementation steps-lakshy rev00-240914
Ims integrated management system implementation steps-lakshy rev00-240914Lakshy Management Consultant Pvt Ltd
 
Let's Hack a House
Let's Hack a HouseLet's Hack a House
Let's Hack a HouseSynack
 
Table of content For My Home Automation report
Table of content For My Home Automation reportTable of content For My Home Automation report
Table of content For My Home Automation reportNaman Gautam
 

Weitere ähnliche Inhalte

Was ist angesagt?

Wireless Intrusion Prevention Systems or WIPS
Wireless Intrusion Prevention Systems or WIPSWireless Intrusion Prevention Systems or WIPS
Wireless Intrusion Prevention Systems or WIPSMd Sohail Ahmad
 
Isocyanates Awareness Training
Isocyanates Awareness TrainingIsocyanates Awareness Training
Isocyanates Awareness TrainingFTERIESW
 
InformationSecurity.ppt
InformationSecurity.pptInformationSecurity.ppt
InformationSecurity.pptAnshikaGoel42
 
Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)samsontamwaiho
 
WSH ppt - final (on mel)
WSH ppt - final (on mel)WSH ppt - final (on mel)
WSH ppt - final (on mel)fongning04
 
Structure of iso 27001
Structure of iso 27001Structure of iso 27001
Structure of iso 27001CUNIX INDIA
 
Fire detectors - Aspiratory smoke detector
Fire detectors - Aspiratory smoke detectorFire detectors - Aspiratory smoke detector
Fire detectors - Aspiratory smoke detectorKamran Hassan
 
Catalogue 2012 safety security and power quality management
Catalogue 2012 safety security and power quality managementCatalogue 2012 safety security and power quality management
Catalogue 2012 safety security and power quality managementFiroze Hussain
 
Site and Plant Security
Site and Plant SecuritySite and Plant Security
Site and Plant SecurityAnwar Munjewar
 
NQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation GuideNQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation GuideNA Putra
 
ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1Tanmay Shinde
 
Advanced Laser Doppler Technology for Non-Contacting Area Velocity Flow Measu...
Advanced Laser Doppler Technology for Non-Contacting Area Velocity Flow Measu...Advanced Laser Doppler Technology for Non-Contacting Area Velocity Flow Measu...
Advanced Laser Doppler Technology for Non-Contacting Area Velocity Flow Measu...Instrument Specialties, Inc.
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity frameworkShriya Rai
 
RA TechED 2019 - NT03 - Building Converged Plantwide Ethernet Architectures
RA TechED 2019 - NT03 - Building Converged Plantwide Ethernet ArchitecturesRA TechED 2019 - NT03 - Building Converged Plantwide Ethernet Architectures
RA TechED 2019 - NT03 - Building Converged Plantwide Ethernet ArchitecturesRockwell Automation
 
ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2Tanmay Shinde
 
Connected Things, IoT and 5G
Connected Things, IoT and 5GConnected Things, IoT and 5G
Connected Things, IoT and 5GEueung Mulyana
 
Ims integrated management system implementation steps-lakshy rev00-240914
Ims integrated management system implementation steps-lakshy rev00-240914Ims integrated management system implementation steps-lakshy rev00-240914
Ims integrated management system implementation steps-lakshy rev00-240914Lakshy Management Consultant Pvt Ltd
 

Was ist angesagt? (20)

Iso 45001 2018
Iso 45001 2018Iso 45001 2018
Iso 45001 2018
 
Wireless Intrusion Prevention Systems or WIPS
Wireless Intrusion Prevention Systems or WIPSWireless Intrusion Prevention Systems or WIPS
Wireless Intrusion Prevention Systems or WIPS
 
Isocyanates Awareness Training
Isocyanates Awareness TrainingIsocyanates Awareness Training
Isocyanates Awareness Training
 
InformationSecurity.ppt
InformationSecurity.pptInformationSecurity.ppt
InformationSecurity.ppt
 
Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)
 
WSH ppt - final (on mel)
WSH ppt - final (on mel)WSH ppt - final (on mel)
WSH ppt - final (on mel)
 
Group6
Group6Group6
Group6
 
Hydrogen sulfide
Hydrogen sulfideHydrogen sulfide
Hydrogen sulfide
 
Structure of iso 27001
Structure of iso 27001Structure of iso 27001
Structure of iso 27001
 
Fire detectors - Aspiratory smoke detector
Fire detectors - Aspiratory smoke detectorFire detectors - Aspiratory smoke detector
Fire detectors - Aspiratory smoke detector
 
Catalogue 2012 safety security and power quality management
Catalogue 2012 safety security and power quality managementCatalogue 2012 safety security and power quality management
Catalogue 2012 safety security and power quality management
 
Site and Plant Security
Site and Plant SecuritySite and Plant Security
Site and Plant Security
 
NQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation GuideNQA ISO 27701 Implementation Guide
NQA ISO 27701 Implementation Guide
 
ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1
 
Advanced Laser Doppler Technology for Non-Contacting Area Velocity Flow Measu...
Advanced Laser Doppler Technology for Non-Contacting Area Velocity Flow Measu...Advanced Laser Doppler Technology for Non-Contacting Area Velocity Flow Measu...
Advanced Laser Doppler Technology for Non-Contacting Area Velocity Flow Measu...
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
 
RA TechED 2019 - NT03 - Building Converged Plantwide Ethernet Architectures
RA TechED 2019 - NT03 - Building Converged Plantwide Ethernet ArchitecturesRA TechED 2019 - NT03 - Building Converged Plantwide Ethernet Architectures
RA TechED 2019 - NT03 - Building Converged Plantwide Ethernet Architectures
 
ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2ISO 27001 - information security user awareness training presentation -part 2
ISO 27001 - information security user awareness training presentation -part 2
 
Connected Things, IoT and 5G
Connected Things, IoT and 5GConnected Things, IoT and 5G
Connected Things, IoT and 5G
 
Ims integrated management system implementation steps-lakshy rev00-240914
Ims integrated management system implementation steps-lakshy rev00-240914Ims integrated management system implementation steps-lakshy rev00-240914
Ims integrated management system implementation steps-lakshy rev00-240914
 

Andere mochten auch

Let's Hack a House
Let's Hack a HouseLet's Hack a House
Let's Hack a HouseSynack
 
Table of content For My Home Automation report
Table of content For My Home Automation reportTable of content For My Home Automation report
Table of content For My Home Automation reportNaman Gautam
 
DEF CON 23: Internet of Things: Hacking 14 Devices
DEF CON 23: Internet of Things: Hacking 14 DevicesDEF CON 23: Internet of Things: Hacking 14 Devices
DEF CON 23: Internet of Things: Hacking 14 DevicesSynack
 
[DefCon 2016] I got 99 Problems, but 
Little Snitch ain’t one!
[DefCon 2016] I got 99 Problems, but 
Little Snitch ain’t one![DefCon 2016] I got 99 Problems, but 
Little Snitch ain’t one!
[DefCon 2016] I got 99 Problems, but 
Little Snitch ain’t one!Synack
 
Zeronights 2016 - Automating iOS blackbox security scanning
Zeronights 2016 - Automating iOS blackbox security scanningZeronights 2016 - Automating iOS blackbox security scanning
Zeronights 2016 - Automating iOS blackbox security scanningSynack
 
Electromagnetic Hypersensitivity and You
Electromagnetic Hypersensitivity and YouElectromagnetic Hypersensitivity and You
Electromagnetic Hypersensitivity and YouSynack
 
Synack at AppSec California with Patrick Wardle
Synack at AppSec California with Patrick WardleSynack at AppSec California with Patrick Wardle
Synack at AppSec California with Patrick WardleSynack
 
Synack at AppSec California 2015 - Geolocation Vulnerabilities
Synack at AppSec California 2015 - Geolocation VulnerabilitiesSynack at AppSec California 2015 - Geolocation Vulnerabilities
Synack at AppSec California 2015 - Geolocation VulnerabilitiesSynack
 
Cognitive Security - Anatomy of Advanced Persistent Threats ('12)
Cognitive Security - Anatomy of Advanced Persistent Threats ('12)Cognitive Security - Anatomy of Advanced Persistent Threats ('12)
Cognitive Security - Anatomy of Advanced Persistent Threats ('12)Gabriel Dusil
 
преимущества и недостатки интернета
преимущества и недостатки интернетапреимущества и недостатки интернета
преимущества и недостатки интернетаAy_sel
 
A touch of sin (lee sweet wan)
A touch of sin (lee sweet wan)A touch of sin (lee sweet wan)
A touch of sin (lee sweet wan)Xiao Yun
 
Documentary proposal
Documentary proposalDocumentary proposal
Documentary proposalXiao Yun
 
10 Passos para mudar sua vida completamente
10 Passos para mudar sua vida completamente 10 Passos para mudar sua vida completamente
10 Passos para mudar sua vida completamente Paulo Nagawa
 
Leading in Local! Advance Auto Parts Discusses How To Win The Local Marketing...
Leading in Local! Advance Auto Parts Discusses How To Win The Local Marketing...Leading in Local! Advance Auto Parts Discusses How To Win The Local Marketing...
Leading in Local! Advance Auto Parts Discusses How To Win The Local Marketing...Placeable
 
iOS Automation Primitives
iOS Automation PrimitivesiOS Automation Primitives
iOS Automation PrimitivesSynack
 
Blended learning
Blended learningBlended learning
Blended learningAy_sel
 
Giver (archetypes)
Giver (archetypes)Giver (archetypes)
Giver (archetypes)Xiao Yun
 

Andere mochten auch (20)

Let's Hack a House
Let's Hack a HouseLet's Hack a House
Let's Hack a House
 
Table of content For My Home Automation report
Table of content For My Home Automation reportTable of content For My Home Automation report
Table of content For My Home Automation report
 
DEF CON 23: Internet of Things: Hacking 14 Devices
DEF CON 23: Internet of Things: Hacking 14 DevicesDEF CON 23: Internet of Things: Hacking 14 Devices
DEF CON 23: Internet of Things: Hacking 14 Devices
 
[DefCon 2016] I got 99 Problems, but 
Little Snitch ain’t one!
[DefCon 2016] I got 99 Problems, but 
Little Snitch ain’t one![DefCon 2016] I got 99 Problems, but 
Little Snitch ain’t one!
[DefCon 2016] I got 99 Problems, but 
Little Snitch ain’t one!
 
Zeronights 2016 - Automating iOS blackbox security scanning
Zeronights 2016 - Automating iOS blackbox security scanningZeronights 2016 - Automating iOS blackbox security scanning
Zeronights 2016 - Automating iOS blackbox security scanning
 
Electromagnetic Hypersensitivity and You
Electromagnetic Hypersensitivity and YouElectromagnetic Hypersensitivity and You
Electromagnetic Hypersensitivity and You
 
Synack at AppSec California with Patrick Wardle
Synack at AppSec California with Patrick WardleSynack at AppSec California with Patrick Wardle
Synack at AppSec California with Patrick Wardle
 
Synack at AppSec California 2015 - Geolocation Vulnerabilities
Synack at AppSec California 2015 - Geolocation VulnerabilitiesSynack at AppSec California 2015 - Geolocation Vulnerabilities
Synack at AppSec California 2015 - Geolocation Vulnerabilities
 
Cognitive Security - Anatomy of Advanced Persistent Threats ('12)
Cognitive Security - Anatomy of Advanced Persistent Threats ('12)Cognitive Security - Anatomy of Advanced Persistent Threats ('12)
Cognitive Security - Anatomy of Advanced Persistent Threats ('12)
 
преимущества и недостатки интернета
преимущества и недостатки интернетапреимущества и недостатки интернета
преимущества и недостатки интернета
 
A touch of sin (lee sweet wan)
A touch of sin (lee sweet wan)A touch of sin (lee sweet wan)
A touch of sin (lee sweet wan)
 
Documentary proposal
Documentary proposalDocumentary proposal
Documentary proposal
 
10 Passos para mudar sua vida completamente
10 Passos para mudar sua vida completamente 10 Passos para mudar sua vida completamente
10 Passos para mudar sua vida completamente
 
Leading in Local! Advance Auto Parts Discusses How To Win The Local Marketing...
Leading in Local! Advance Auto Parts Discusses How To Win The Local Marketing...Leading in Local! Advance Auto Parts Discusses How To Win The Local Marketing...
Leading in Local! Advance Auto Parts Discusses How To Win The Local Marketing...
 
Structural insulated panels price
Structural insulated panels priceStructural insulated panels price
Structural insulated panels price
 
iOS Automation Primitives
iOS Automation PrimitivesiOS Automation Primitives
iOS Automation Primitives
 
Curriculo atualizado
Curriculo atualizadoCurriculo atualizado
Curriculo atualizado
 
Blended learning
Blended learningBlended learning
Blended learning
 
me
meme
me
 
Giver (archetypes)
Giver (archetypes)Giver (archetypes)
Giver (archetypes)
 

Ähnlich wie Home Automation Benchmarking Report

WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet Challenge
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet ChallengeWSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet Challenge
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet ChallengeWSO2
 
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...Positive Hack Days
 
Network Security: Protecting SOHO Networks
Network Security: Protecting SOHO NetworksNetwork Security: Protecting SOHO Networks
Network Security: Protecting SOHO NetworksJim Gilsinn
 
Unified Threat Management
Unified Threat ManagementUnified Threat Management
Unified Threat ManagementTapas Shome
 
Recover Multi-Vendor Network Infrastructure in minutes
Recover Multi-Vendor Network Infrastructure in minutesRecover Multi-Vendor Network Infrastructure in minutes
Recover Multi-Vendor Network Infrastructure in minutesMichael Bell
 
Zero Trust for Private 5G and Edge
Zero Trust for Private 5G and EdgeZero Trust for Private 5G and Edge
Zero Trust for Private 5G and EdgeRebekah Rodriguez
 
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11Waqas Ahmed Nawaz
 
6-IoT protocol.pptx
6-IoT protocol.pptx6-IoT protocol.pptx
6-IoT protocol.pptxPratik Gohel
 
HOME AUTOMATION USING INTERNET OF THINGS.pptx
HOME AUTOMATION USING INTERNET OF THINGS.pptxHOME AUTOMATION USING INTERNET OF THINGS.pptx
HOME AUTOMATION USING INTERNET OF THINGS.pptxKhanArshidIqbal
 
Home automation in kerala ,home automation in calicut , home automation
Home automation in kerala ,home automation in calicut , home automation Home automation in kerala ,home automation in calicut , home automation
Home automation in kerala ,home automation in calicut , home automation Arun Kumar
 
Secure calling for IP telephony - webinar 2016, English
Secure calling for IP telephony - webinar 2016, EnglishSecure calling for IP telephony - webinar 2016, English
Secure calling for IP telephony - webinar 2016, EnglishAskozia
 
Essential Layers of IBM i Security: System-Access Security
Essential Layers of IBM i Security: System-Access SecurityEssential Layers of IBM i Security: System-Access Security
Essential Layers of IBM i Security: System-Access SecurityPrecisely
 
ITN6_Instructor_Materials_Chapter11.pdf
ITN6_Instructor_Materials_Chapter11.pdfITN6_Instructor_Materials_Chapter11.pdf
ITN6_Instructor_Materials_Chapter11.pdfThangDang53
 
CIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptxCIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptxssuserfb92ae
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataPrecisely
 
Power Grid Communications & Control Systems
Power Grid Communications & Control SystemsPower Grid Communications & Control Systems
Power Grid Communications & Control Systemsfajjarrehman
 

Ähnlich wie Home Automation Benchmarking Report (20)

WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet Challenge
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet ChallengeWSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet Challenge
WSO2Con EU 2015: Keynote - The Identity of Things: The Next Internet Challenge
 
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
Privacy and Security in the Internet of Things / Конфиденциальность и безопас...
 
Network Security: Protecting SOHO Networks
Network Security: Protecting SOHO NetworksNetwork Security: Protecting SOHO Networks
Network Security: Protecting SOHO Networks
 
Unified Threat Management
Unified Threat ManagementUnified Threat Management
Unified Threat Management
 
Myles firewalls
Myles firewallsMyles firewalls
Myles firewalls
 
IT infrastructure security 101
IT infrastructure security 101IT infrastructure security 101
IT infrastructure security 101
 
Hugo Fiennes - Security and the IoT - Electric Imp
Hugo Fiennes - Security and the IoT - Electric ImpHugo Fiennes - Security and the IoT - Electric Imp
Hugo Fiennes - Security and the IoT - Electric Imp
 
Recover Multi-Vendor Network Infrastructure in minutes
Recover Multi-Vendor Network Infrastructure in minutesRecover Multi-Vendor Network Infrastructure in minutes
Recover Multi-Vendor Network Infrastructure in minutes
 
Zero Trust for Private 5G and Edge
Zero Trust for Private 5G and EdgeZero Trust for Private 5G and Edge
Zero Trust for Private 5G and Edge
 
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
 
IoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangaloreIoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangalore
 
6-IoT protocol.pptx
6-IoT protocol.pptx6-IoT protocol.pptx
6-IoT protocol.pptx
 
HOME AUTOMATION USING INTERNET OF THINGS.pptx
HOME AUTOMATION USING INTERNET OF THINGS.pptxHOME AUTOMATION USING INTERNET OF THINGS.pptx
HOME AUTOMATION USING INTERNET OF THINGS.pptx
 
Home automation in kerala ,home automation in calicut , home automation
Home automation in kerala ,home automation in calicut , home automation Home automation in kerala ,home automation in calicut , home automation
Home automation in kerala ,home automation in calicut , home automation
 
Secure calling for IP telephony - webinar 2016, English
Secure calling for IP telephony - webinar 2016, EnglishSecure calling for IP telephony - webinar 2016, English
Secure calling for IP telephony - webinar 2016, English
 
Essential Layers of IBM i Security: System-Access Security
Essential Layers of IBM i Security: System-Access SecurityEssential Layers of IBM i Security: System-Access Security
Essential Layers of IBM i Security: System-Access Security
 
ITN6_Instructor_Materials_Chapter11.pdf
ITN6_Instructor_Materials_Chapter11.pdfITN6_Instructor_Materials_Chapter11.pdf
ITN6_Instructor_Materials_Chapter11.pdf
 
CIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptxCIRA Labs - Secure Home Gateway Project 2019-03.pptx
CIRA Labs - Secure Home Gateway Project 2019-03.pptx
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and Data
 
Power Grid Communications & Control Systems
Power Grid Communications & Control SystemsPower Grid Communications & Control Systems
Power Grid Communications & Control Systems
 

Mehr von Synack

Synack cirtical infrasructure webinar
Synack cirtical infrasructure webinarSynack cirtical infrasructure webinar
Synack cirtical infrasructure webinarSynack
 
OS X Malware: Let's Play Doctor
OS X Malware: Let's Play DoctorOS X Malware: Let's Play Doctor
OS X Malware: Let's Play DoctorSynack
 
RSA OSX Malware
RSA OSX MalwareRSA OSX Malware
RSA OSX MalwareSynack
 
Gatekeeper Exposed
Gatekeeper ExposedGatekeeper Exposed
Gatekeeper ExposedSynack
 
Virus Bulletin 2015: Exposing Gatekeeper
Virus Bulletin 2015: Exposing GatekeeperVirus Bulletin 2015: Exposing Gatekeeper
Virus Bulletin 2015: Exposing GatekeeperSynack
 
DEF CON 23: Stick That In Your (root)Pipe & Smoke It
DEF CON 23: Stick That In Your (root)Pipe & Smoke ItDEF CON 23: Stick That In Your (root)Pipe & Smoke It
DEF CON 23: Stick That In Your (root)Pipe & Smoke ItSynack
 
DEF CON 23: Spread Spectrum Satcom Hacking: Attacking The GlobalStar Simplex ...
DEF CON 23: Spread Spectrum Satcom Hacking: Attacking The GlobalStar Simplex ...DEF CON 23: Spread Spectrum Satcom Hacking: Attacking The GlobalStar Simplex ...
DEF CON 23: Spread Spectrum Satcom Hacking: Attacking The GlobalStar Simplex ...Synack
 
DEF CON 23: 'DLL Hijacking' on OS X? #@%& Yeah!
DEF CON 23: 'DLL Hijacking' on OS X? #@%& Yeah!DEF CON 23: 'DLL Hijacking' on OS X? #@%& Yeah!
DEF CON 23: 'DLL Hijacking' on OS X? #@%& Yeah!Synack
 
Black Hat '15: Writing Bad @$$ Malware for OS X
Black Hat '15: Writing Bad @$$ Malware for OS XBlack Hat '15: Writing Bad @$$ Malware for OS X
Black Hat '15: Writing Bad @$$ Malware for OS XSynack
 
Black Hat '15: Spread Spectrum Satcom Hacking: Attacking The GlobalStar Simpl...
Black Hat '15: Spread Spectrum Satcom Hacking: Attacking The GlobalStar Simpl...Black Hat '15: Spread Spectrum Satcom Hacking: Attacking The GlobalStar Simpl...
Black Hat '15: Spread Spectrum Satcom Hacking: Attacking The GlobalStar Simpl...Synack
 
DLL Hijacking on OS X
DLL Hijacking on OS XDLL Hijacking on OS X
DLL Hijacking on OS XSynack
 
Synack at ShmooCon 2015
Synack at ShmooCon 2015Synack at ShmooCon 2015
Synack at ShmooCon 2015Synack
 

Mehr von Synack (12)

Synack cirtical infrasructure webinar
Synack cirtical infrasructure webinarSynack cirtical infrasructure webinar
Synack cirtical infrasructure webinar
 
OS X Malware: Let's Play Doctor
OS X Malware: Let's Play DoctorOS X Malware: Let's Play Doctor
OS X Malware: Let's Play Doctor
 
RSA OSX Malware
RSA OSX MalwareRSA OSX Malware
RSA OSX Malware
 
Gatekeeper Exposed
Gatekeeper ExposedGatekeeper Exposed
Gatekeeper Exposed
 
Virus Bulletin 2015: Exposing Gatekeeper
Virus Bulletin 2015: Exposing GatekeeperVirus Bulletin 2015: Exposing Gatekeeper
Virus Bulletin 2015: Exposing Gatekeeper
 
DEF CON 23: Stick That In Your (root)Pipe & Smoke It
DEF CON 23: Stick That In Your (root)Pipe & Smoke ItDEF CON 23: Stick That In Your (root)Pipe & Smoke It
DEF CON 23: Stick That In Your (root)Pipe & Smoke It
 
DEF CON 23: Spread Spectrum Satcom Hacking: Attacking The GlobalStar Simplex ...
DEF CON 23: Spread Spectrum Satcom Hacking: Attacking The GlobalStar Simplex ...DEF CON 23: Spread Spectrum Satcom Hacking: Attacking The GlobalStar Simplex ...
DEF CON 23: Spread Spectrum Satcom Hacking: Attacking The GlobalStar Simplex ...
 
DEF CON 23: 'DLL Hijacking' on OS X? #@%& Yeah!
DEF CON 23: 'DLL Hijacking' on OS X? #@%& Yeah!DEF CON 23: 'DLL Hijacking' on OS X? #@%& Yeah!
DEF CON 23: 'DLL Hijacking' on OS X? #@%& Yeah!
 
Black Hat '15: Writing Bad @$$ Malware for OS X
Black Hat '15: Writing Bad @$$ Malware for OS XBlack Hat '15: Writing Bad @$$ Malware for OS X
Black Hat '15: Writing Bad @$$ Malware for OS X
 
Black Hat '15: Spread Spectrum Satcom Hacking: Attacking The GlobalStar Simpl...
Black Hat '15: Spread Spectrum Satcom Hacking: Attacking The GlobalStar Simpl...Black Hat '15: Spread Spectrum Satcom Hacking: Attacking The GlobalStar Simpl...
Black Hat '15: Spread Spectrum Satcom Hacking: Attacking The GlobalStar Simpl...
 
DLL Hijacking on OS X
DLL Hijacking on OS XDLL Hijacking on OS X
DLL Hijacking on OS X
 
Synack at ShmooCon 2015
Synack at ShmooCon 2015Synack at ShmooCon 2015
Synack at ShmooCon 2015
 

Kürzlich hochgeladen

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024The Digital Insurer
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 

Kürzlich hochgeladen (20)

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 

Home Automation Benchmarking Report

  • 2. Project Scope Cameras Thermostats Smoke / CO Home Automation Controllers Dlink DCS-2132L Ecobee First Alert SC9120B Control4 HC-250 Dropcam Pro Hive Kidde i2010S Lowes Iris Foscam FI9826W Honeywell Lyric Nest Protect Revolv Simplicam Nest Thermostat SmartThings Withings Baby Monitor
  • 3. Cameras • All communications encrypted • No public services • Automatic firmware updates • No default credentials • Hardwired connection available • Public firmware is encrypted to some extent • Credential change required on first boot • Encrypted automatic updates • Lost communications alerting • Automatic firmware updates • No hardwired connection • No SSL pinning in mobile app • Communications default to unencrypted • Obfuscates, rather than secures data in transit • Publicly available firmware • Maximum 12 character passwords • Communications default to unencrypted • Obfuscates, rather than secures data in transit • Weak password policy • No certificate validation • Multiple communications are unencrypted • Credentials easily pulled from backups • Hard-coded shared password • Considerable network footprint BEST PRODUCT QUALITIES WORST PRODUCT QUALITIES *The qualities outlined for each product are a result of individual product analysis conducted in isolation from other products examined in this research.
  • 4. Thermostats • All communications encrypted • Automatic firmware updates • Proper SSL usage / encrypted traffic • Public firmware is encrypted to some extent • Credential change required on first boot • Built on widely used platform • Automatic firmware updates • Encrypted communication • Weak password policy • Weak password policy • Easily guessable configuration token used • Lack of SSL pinning in mobile app • Insecure initial configuration • History of vulnerabilities across product lines • Not all traffic is encrypted • Moderate password policy BEST PRODUCT QUALITIES WORST PRODUCT QUALITIES *The qualities outlined for each product are a result of individual product analysis conducted in isolation from other products examined in this research.
  • 5. Smoke and CO Detectors • Audible power loss notification • Encrypted network communication • Difficult to tamper with • Impossible to remotely hack, because it lacks connectivity • Impossible to remotely hack, because it lacks connectivity • Weak password policy • Custom configuration protocol / short pairing codes • Not applicable because this is not a “smart” device • Not applicable because this is not a “smart” device BEST PRODUCT QUALITIES WORST PRODUCT QUALITIES *The qualities outlined for each product are a result of individual product analysis conducted in isolation from other products examined in this research.
  • 6. Home Automation Controllers • Encrypted communications • Strong pairing mechanics • Encrypted communications • Notified if goes offline • Strong password policy • Encrypted communications • Automatic firmware updates • Unsigned firmware • Custom remote management feature • Open ports • Hardcoded API keys • Weak password policy • Exposed telnet service • History of unpatched security issues • Built-in unauthenticated remote management feature • Moderate password policy BEST PRODUCT QUALITIES WORST PRODUCT QUALITIES *The qualities outlined for each product are a result of individual product analysis conducted in isolation from other products examined in this research.
  • 7. Takeaways • Overall, IoT security is poor, with cameras scoring the lowest • With few exceptions, Nest leads the industry in security practices • A sinking tide incident will likely hit home automation • The industry needs some basic standards to set the bar
  • 8. Areas to Watch Wi-Fi Jamming • With few exceptions, all Wi-Fi devices are susceptible to jamming • Diversification of used spectrum (2.5Ghz + 5 Ghz, etc.) reduces risk • Hardwired Ethernet options also reduce the risk • Jamming/network down incidents should result in a proactive alert to the user Password strength, Reuse, and Attack Resistance • Basic Password strength requirements should be enforced • Horizontal and vertical password guessing countermeasures should be implemented at application and network layers
  • 9. Areas to Watch Unencrypted and unauthenticated communications • All communications should use bidirectional encryption • Unauthenticated servers, communications and services should not be allowed Misconfiguration of Encryption • Independent encryption architecture reviews should always be performed. There are thousands of ways to get it wrong, and only a handful of ways to get it right • SSL pinning should be used to prevent man-in-the-middle attacks • Certificate validation should always be performed against a 3rd party • Self-signed certificates should never be used