Hackers of India

IoT Supply Chain Blues and the way forward

By Aseem Jakhar , Kedar Sovani , Anantharaman Iyer , Suvabrata Sinha , Sudarshan Rajagopal , Sachin Jain on 06 Sep 2022 @ Nullcon
πŸ“Ή Video
#iot-device-management #iot-pentesting #supply-chain-security #embedded-systems #firmware-analysis #device-security
Focus Areas: πŸ”§ Hardware Security , πŸ“¦ Software Supply Chain Security , 🏭 Industrial Control Systems Security , πŸ“‘ IoT Security , πŸ”¬ Reverse Engineering

Presentation Material

AI Generated Summary

Here is a summarized version of the content:

The discussion revolves around the challenges of securing IoT devices and networks. The expert highlights the complexities of hacking and compromising these systems, citing examples such as WannaCry malware and CCTV networks. They emphasize that defense alone is not enough and that threat actors can be anyone.

The conversation touches on the importance of collaboration between organizations, sharing intelligence, and converging OT (Operational Technology) and IT expertise to combat threats. The expert notes that there are many organizations and consortia working together to address these challenges.

Privacy is also discussed, with the expert stating that it’s a myth in today’s connected world. They reference an incident where Garmin accidentally shared US military personnel locations.

The discussion concludes by highlighting the need for:

  1. Specialized skill sets around IoT and embedded systems.
  2. Collaboration with third-party vendors on standards.
  3. Establishing a responsibility chain for attacks or incidents.
  4. Building trust from the ground up.
  5. Basic cryptography practices.

Overall, the conversation emphasizes the complexities and challenges of securing IoT devices and networks, and the need for collaborative efforts to address these issues.

Disclaimer: This summary was auto-generated from the video transcript using AI and may contain inaccuracies. It is intended as a quick overview β€” always refer to the original talk for authoritative content. Learn more about our AI experiments.