At this year’s GovWare 2018 in Singapore, SEC Consult Singapore exhibited together with its partners CyberTrap and IoT Inspector. We showcased our consulting services around information security, reaching from penetration testing, source code review, red teaming, and ISO27001 ISMS implementation to security awareness trainings by our SEC Academy. Our partner’s gave insights into their distributed deception platform CyberTrap and the firmware security analysis platform IoT Inspector.
Also, Florian Lukavsky was invited to speak about IoT security related risks in ‘The Internet – Built to outlast nuclear war but fails at small toasters’ at this year’s GovWare 2018 in Singapore. The existence of botnets like Mirai or VPNFilter shows that attackers have now begun to use the Internet of Things for their own purposes. They are on fertile ground because millions of devices are exposed on the Internet and waiting to be hacked.
In his presentation, Florian showcased IoT Inspector, a platform, which was used to automatically analyze the firmware of thousands of IoT devices, looking at various security issues. Vendor backdoors, embedded cryptographic keys, and outdated software versions are commonplace. In his talk, the results of the “large-scale” firmware analysis were presented. In addition, he provided insights into the latest IoT-cloud related security research by the SEC Consult Vulnerability lab:
- Internet of babies – when baby monitors fail to be smart
- True story: the case of a hacked baby monitor (Gwelltimes P2P cloud)
During the Q&A, an interesting discussion with the audience took place on responsibilities for insecure IoT devices and how government regulations, and security standards for IoT vendors can be adopted to increase security of the IoT ecosystem in future.
It was a wonderful experience to join GovWare. We want to thank all delegates and visitors for the interesting discussions we had and thank the organizers for this great opportunity. We are looking forward to next year!