Securing the Internet of Things presented at OWASPAppSecEu 2015

by Steve Lord,

Summary : Sometimes a bandwagon seems more like the fail train. The Internet of Things, a fantabulous, Willie-Wonka-esque larger than life term for “Embedded stuff with sensors that shunts data to and from the cloud” is an amazing, technicolour bandwagon and/or all-in-one security fail train. Will it revolutionise the way we post pictures of recently eaten food on Instagram? Or instead do we face a dystopian Snowpiercer-style fail train future filled with regret as The Internet of Things turns on it’s end users as a result of potentially perverse incentives?
In this talk I will discuss the Information superhighway to hell/paradise on which we find ourselves, the route travelled thus far and point out the many good intentions that pave the road ahead. Along the way I’ll illustrate some practical Internet of Things problems from the OWASP Internet of Things Top Ten and issue a call to arms to AppSec specialists both in the cloud and in embedded systems arenas to help ensure that systems are both traditionally secure and operate within an ethical framework that doesn’t leave end users as the product being sold or spied on.