Wires Gone Rogue: IoT Security at the Cable Level

hello everyone H I want to start off by saying a big thank you to bid for hosting such a welcomeing event um it's a real priv privilege here to be speaking today to such a diverse audience with that said um just a bit about me I'm a third year side security student at man Manchester Metropolitan University um network security and AI is quite some fascinating topics that I've took a key and interest in in my spare time I'm working towards becoming the top 1% in h 101 and as well as some Cisco certified certificates um with that out the way we can now move forward into the introduction so cabled iot devices are everywhere around us whether you

recognize it or not and just to name a few you've got ring doorbells you got cctvs that or camera systems that are being integrated with mobile apps as well as the recent advancements of VoIP technology um unfort Ely due to the lack of standards and regulations most of these are left vulnerable um so we'll start off by looking at some bad cabling practices on both domestic properties and Commercial properties some vulnerabilities associated with them and some of some of the implications and we'll conclude on the mitigations um so now that that's been covered a bit just to provide a bit of context behind why I've chosen to speak about today's discussion I want to dedicate the next

minute or two explaining the story that led up to the idea so as a student I'm in some student accommodation we didn't originally have um a Wi-Fi connection established when we originally moved in so the landlord set up some Network technicians to come and establish a fiber optic connection um I face the the technicians try to get the the fiber optic box at the front of the house at the front of the property as this was just the most convenient connection point um unfortunately after a couple hours of trying to establish that connection it wasn't possible this resulted in the fiber optic box being placed in the garden as opposed to the front of the

house now as you do I was weighing the pros and cons at this and I found there was a lot more Pros to having the box at the back of the house as opposed to the front where there's a lot of um public foot path and accessibility um and I found this kind of spir into a little tangent of our businesses taking care of their own cables um and to my surprise there is a lot of vulnerabilities even on the commercial side of things so to give you a better perspective on the problem at hand here are some images that I've taken myself this is no more than a 30C walk from my University and as you can

see the cables here are visible and easily accessible it's probably worth noting that there was some sort of attempt made here to to kind of cover the bottom half of the cable in but in my opinion it's just not adequate there're still visible cables it's still easily accessible um some services on here that we can identify are some network connections a fire alarm system and on the other side of the property there was a camera system too um obviously it wasn't captured in this photo now on domestic properties this is a fiberoptic connection as you can see it's just placed beside the front door on the on the front of the property um so now to get a better understanding of

the implications of poor cabling we must face discuss the vulnerabilities associated with poor CA and first and foremost you've got a denial of service attack um if the cables are visible and if they're accessible then you're prone to attacker potentially tampering damaging or cutting the cables to deny your service next vulnerability will be an EES dropping vulnerability um an attack could use something such as a data socket to intercept the traffic passing through the um wire um and this would be the EES dropping a step further from the EES dropping is a man in the middle of theack um if you're able to intercept that data then you're most likely able to alter the data to um following our

discussion we can now move on to the implications of P cablin what does PA cablin actually mean for the business owner or the homeowner um starting with businesses the combination of downtime data breaches Financial loss and Chaos could force his closure downtime alone is cting businesses and average of 3.6 million every year um and for domestic properties having your cables cut could be a big pain in the backside quite frankly um it could be weeks of weeks of waiting for a new connection to be established so that's for domestic properties now in my opinion a physical layer attack is most effective Ive when it's combined with other attack vectors for example um universities and hospitals all have different departments

within their building so you could you could potentially attack a sa in dep Department's physical layer and combine it and launch another attack in another department to kind of become a more effective attack um and on the right side you've got a little table just briefly showing you how each vulnerability except affects the CIA Triad um as you can see more or less every every area is covered here just by free vulnerabilities alone finally moving on to our final segments we'll take a look at this some of the mitigations that can solve Pro sorry that can help solve poor CA in practices starting with poor cable uh placing cables in concealed areas so in my case with my story that led up to the

idea the the fiber optic connection was placed in the garden this simply just meant that it was outside of public view no one had easy access to it therefore it kind of lowered that attack surface and this could be done in uh commercial areas too I appreciate that not every building has concealed areas or private areas um and that's where our second mitigation comes into play and that will be cable C now attached an image to kind of Vis give you a little visualization of what this may look like it essentially is just shielding the cablin with some sort of cover and in this case this was plastic but it can be in metal it can be in

rubber all very adequate um and as your last little line of defense you've got encrypting sensitive data in transit and at rest this this should be done regardless to be honest with you but if you've got it done then it does act as that last line of defense if an attacker is is able to intercept your data at least it's not readable and there's still a lot of data breaches where the data being stored is in plain text no good with that said thank you all so much for listening um I'll open the floor to questions I'm going to leave this screenshot on the screen right now if you do wish to get in contact with me

there's me website thank you so much again for listening and any questions are [Applause] welcome cheers for that um just wondering with say commercial or Residential Properties by having cables in a concealed area how much would that potentially help a malicious actor well it's out of sight if it's out of sight it's lowering that attack surface um you can't guarantee that it won't happen but at least you're doing something to prevent it that's the easiest op option for you it doesn't really take much cost um you can always position it in the garden for example um and yeah it'll with that attack saers for you no worries um I was just wondering obviously one of the vmis you talked

about is e dropping how how easy is it actually to e drop on a cable is that easy to do is that quite sophisticated technique well I've got a reference on the next slide which gives you a very good walk through on how to do it however from my knowledge it's a matter of getting the data socker splicing the wires getting those wires into the data socket and then connecting it to the laptop to some sort of software that can analyze that traffic um the difficulty of it I would say it's not too difficult it's just in theory it's possible in practice it may not be possible because if you're attacking wires on the outside of a building

you're going to have to be St outside the building um it's a bit awkward so yeah the difficulty is not too bad but in practice you may have some trouble with it thank you anyone else oh than what do you think uh recommendation wise uh people would take up cuz I can't see BT or anyone like virgin listening to what you're saying because of the cost because of cost um well well your face mitigation has near enough no cost if if you're a homeowner yourself you can probably talk to those Network technicians and say listen mate can I just have this placed at the back back of the house instead of the front where it's accessible and I'm

pretty sure they'll be understanding with you so in that regard there isn't too much cost for homeowners it may become a problem when you're dealing with commercial properties um that's where your cost might become a bit higher and you may have to weigh those pros and cons and see if that's the right choice for for your business um I have a question myself in fact um before I pass on um is there tamper evident uh Solutions instead of trying to Tamper proof these cables is there a tamper evidence sorry can you just so temper evident as in is there a way or is there solutions for like the cladding for example so that you would

be able to clearly see and perhaps identify attackers who were interacting ah okay uh um I guess there should be it would be a good idea if there was um if not you can install cameras on the property that could maybe help um but yeah I'm sure I'm sure there would be ways of identifying if it has been tampered and if you have cable capping then you can assure that if it's being changed or tampered with you'll be able to identify the movement of the cable C but yeah hopefully that answers your question

[Music] yeah um outside of just attacking um the end points of people's houses would it not be a more um how do I say it uh viable way to attack like the the switch boxes at the end of each streak cuz I know with BT and other infrastructure providers they'll have like cober cables coming out from those possibly I have for about that myself yeah but you're you're more than likely correct um that's something that's kind of out of your control so this one looks at what you can do yeah um so yeah hopefully that answers your question

yeah yeah question over there no one more yeah this will be the last one [Music] then have you seen any examples of attacks like this happening in the wild and do you know the kind of cost of an attack I haven't um actually when researching this presentation there was near enough nothing no statistics on it um I think it's something that goes unnoticed and untalked about whether it's because of it it's not happening or whether someone's just not paying attention to it I don't know um but the vulnerabilities associ associated with them are quite critical enough to at least bring it up um so yeah hopefully that answers your question yep and however much a high V jacket cost I can

imagine yeah so yeah thank you again to speaker thank you