Your (not so) smart TV is currently busy with taking down the Internet

1 like•363 views

The document discusses vulnerabilities in smart devices and highlights the risks they pose if not regularly updated. It emphasizes the importance of keeping various devices updated and backed up to enhance security. Recommendations are provided for users and vendors to improve software quality and security measures.

Technology

Your (not so) smart TV is currently busy
with taking down the Internet
Achim D. Brucker
a.brucker@sheffield.ac.uk https://www.brucker.ch/
Software Assurance & Security Research
Department of Computer Science, The University of Sheffield, Sheffield, UK
https://logicalhacking.com/
May 15, 2017

c 2017 LogicalHacking.com. Public (CC BY-ND 4.0) Page 3 of 21

c 2017 LogicalHacking.com. Public (CC BY-ND 4.0) Page 4 of 21

http://www.comsoc.org/blog/infographic-internet-things-iot
c 2017 LogicalHacking.com. Public (CC BY-ND 4.0) Page 5 of 21

c 2017 LogicalHacking.com. Public (CC BY-ND 4.0) Page 6 of 21

c 2017 LogicalHacking.com. Public (CC BY-ND 4.0) Page 7 of 21

c 2017 LogicalHacking.com. Public (CC BY-ND 4.0) Page 8 of 21

c 2017 LogicalHacking.com. Public (CC BY-ND 4.0) Page 9 of 21

getwww.google.com
c 2017 LogicalHacking.com. Public (CC BY-ND 4.0) Page 9 of 21

getwww.google.com
w
here
is
w
w
w.google.com
c 2017 LogicalHacking.com. Public (CC BY-ND 4.0) Page 9 of 21

getwww.google.com
w
here
is
w
w
w.google.com
itisat
216.58.209.228
c 2017 LogicalHacking.com. Public (CC BY-ND 4.0) Page 9 of 21

getwww.google.com
w
here
is
w
w
w.google.com
itisat
216.58.209.228
216.58.209.228
get www.google.com
c 2017 LogicalHacking.com. Public (CC BY-ND 4.0) Page 9 of 21

getwww.google.com
w
here
is
w
w
w.google.com
itisat
216.58.209.228
216.58.209.228
get www.google.com
www.google.com
c 2017 LogicalHacking.com. Public (CC BY-ND 4.0) Page 9 of 21

getwww.google.com
w
here
is
w
w
w.google.com
itisat
216.58.209.228
216.58.209.228
get www.google.com
www.google.comwww.google.com
c 2017 LogicalHacking.com. Public (CC BY-ND 4.0) Page 9 of 21

Image 1.2m devices
constantly
queering for
google.com ...
c 2017 LogicalHacking.com. Public (CC BY-ND 4.0) Page 10 of 21

Attackers are
exploiting
vulnerabilitties
(bugs) to take control
over YOUR devices
c 2017 LogicalHacking.com. Public (CC BY-ND 4.0) Page 11 of 21

When was the last time you updated your
computer
c 2017 LogicalHacking.com. Public (CC BY-ND 4.0) Page 12 of 21

When was the last time you updated your
computer
wifi router
c 2017 LogicalHacking.com. Public (CC BY-ND 4.0) Page 12 of 21

When was the last time you updated your
computer
wifi router
car
c 2017 LogicalHacking.com. Public (CC BY-ND 4.0) Page 12 of 21

When was the last time you updated your
computer
wifi router
car
fridge
c 2017 LogicalHacking.com. Public (CC BY-ND 4.0) Page 12 of 21

When was the last time you updated your
computer
wifi router
car
fridge
light bulb
c 2017 LogicalHacking.com. Public (CC BY-ND 4.0) Page 12 of 21

Average life span
computers
c 2017 LogicalHacking.com. Public (CC BY-ND 4.0) Page 13 of 21

Average life span
computers: 5 years
c 2017 LogicalHacking.com. Public (CC BY-ND 4.0) Page 13 of 21

Average life span
computers: 5 years
wifi routers
c 2017 LogicalHacking.com. Public (CC BY-ND 4.0) Page 13 of 21

Average life span
computers: 5 years
wifi routers: 7 years
c 2017 LogicalHacking.com. Public (CC BY-ND 4.0) Page 13 of 21

Average life span
computers: 5 years
wifi routers: 7 years
cars
c 2017 LogicalHacking.com. Public (CC BY-ND 4.0) Page 13 of 21

Average life span
computers: 5 years
wifi routers: 7 years
cars: 14 years
c 2017 LogicalHacking.com. Public (CC BY-ND 4.0) Page 13 of 21

Average life span
computers: 5 years
wifi routers: 7 years
cars: 14 years
fridges
c 2017 LogicalHacking.com. Public (CC BY-ND 4.0) Page 13 of 21

Average life span
computers: 5 years
wifi routers: 7 years
cars: 14 years
fridges: 17 years
c 2017 LogicalHacking.com. Public (CC BY-ND 4.0) Page 13 of 21

Average life span
computers: 5 years
wifi routers: 7 years
cars: 14 years
fridges: 17 years
LED
c 2017 LogicalHacking.com. Public (CC BY-ND 4.0) Page 13 of 21

Average life span
computers: 5 years
wifi routers: 7 years
cars: 14 years
fridges: 17 years
LED: 20 years
c 2017 LogicalHacking.com. Public (CC BY-ND 4.0) Page 13 of 21

and now to something
completely
different
c 2017 LogicalHacking.com. Public (CC BY-ND 4.0) Page 14 of 21

and now to something
slightly
different
c 2017 LogicalHacking.com. Public (CC BY-ND 4.0) Page 14 of 21

c 2017 LogicalHacking.com. Public (CC BY-ND 4.0) Page 15 of 21

Dec 11, 1989: 20’000
envelopes
containing a 5.252
flopppy disk loaded
with the first known
ransomware (’AIDS’)
where mailed.
c 2017 LogicalHacking.com. Public (CC BY-ND 4.0) Page 16 of 21

c 2017 LogicalHacking.com. Public (CC BY-ND 4.0) Page 17 of 21

Blaming the victim
does not work!
c 2017 LogicalHacking.com. Public (CC BY-ND 4.0) Page 18 of 21

Recommendations
For users:
update your devices regularly
(for your personal devices: use automated updates, if available)
back-up your data frequently
choose vendors that provide security fixes for their products
during the expected life-time
For researchers and vendors:
make it easier to write high quality software
make it easier to upgrade systems
c 2017 LogicalHacking.com. Public (CC BY-ND 4.0) Page 19 of 21

http://www.geekculture.com/joyoftech/joyarchives/2340.html
Thank You!
Contact: Dr. Achim D. Brucker
Department of Computer Science
University of Sheffield
Regent Court
211 Portobello St.
Sheffield S1 4DP, UK
ƀ a.brucker@sheffield.ac.uk
@adbrucker
https://de.linkedin.com/in/adbrucker/
ĸ https://www.brucker.ch/
į https://logicalhacking.com/blog/

Document Classification and License Information
c 2017 LogicalHacking.com, A.D. Brucker.
This presentation is classified as Public (CC BY-ND 4.0):
Except where otherwise noted, this presentation is licensed under a Creative Commons
Attribution-NoDerivatives 4.0 International Public License (CC BY-ND 4.0).
c 2017 LogicalHacking.com. Public (CC BY-ND 4.0) Page 21 of 21

More Related Content

PDF

Introduction to JavaScript, Washington, DC February 2018Thinkful

PDF

Intro to JavaScriptAaron Lamphere

PDF

Embedded systemsAbhishek Gupta

PDF

Intro to JavaScript - Thinkful DCTJ Stalcup

PDF

El computadorEsteban Garcia

PDF

Davide Montesin - SASAbus HTML5 & related Java Free SoftwareSouth Tyrol Free Software Conference

PDF

Dylan Beattie "Architecture: The Stuff That's Hard to Change"Fwdays

PDF

LAS16-407: Internet of Tiny Linux (IoTL): the sequel.Linaro

Introduction to JavaScript, Washington, DC February 2018Thinkful

Intro to JavaScriptAaron Lamphere

Embedded systemsAbhishek Gupta

Intro to JavaScript - Thinkful DCTJ Stalcup

El computadorEsteban Garcia

Davide Montesin - SASAbus HTML5 & related Java Free SoftwareSouth Tyrol Free Software Conference

Dylan Beattie "Architecture: The Stuff That's Hard to Change"Fwdays

LAS16-407: Internet of Tiny Linux (IoTL): the sequel.Linaro

Similar to Your (not so) smart TV is currently busy with taking down the Internet (20)

PDF

Intro to PythonTJ Stalcup

PDF

Reverse engineering and modifying windows 8 appsAmaan Khan

PDF

DevDay 2018: Ulrich Deiters - Offline First - kein Netz, kein Fehler, zufried...DevDay Dresden

PPTX

Build 2017 - B8004 - App Model evolutionWindows Developer

PDF

Jenkins X - automated CI/CD solution for cloud native applications on KubernetesTed Won

PDF

New NeXt for Advanced DevelopersCisco DevNet

PDF

Modern Release Engineering in a Nutshell - Why Researchers should Care!Bram Adams

PDF

BSD Magazine December issueValerie Heatley

PDF

NiceCover: A Serverless Webapp for Crowdsourcing Data Extraction and Knowledg...Tokyo University of Science

PDF

Intro to PythonTJ Stalcup

PPTX

Highway to heaven - XConf Manchester 2015Christian Deger

PDF

"Will Git Be Around Forever? A List of Possible Successors" at UtrechtJUG🎤 Hanno Embregts 🎸

PDF

IIT-RTC 2017 Qt WebRTC Tutorial (Qt Janus Client)Alexandre Gouaillard

PDF

Intro to js september 19Thinkful

PPTX

Cisco Live: Containers on Enterprise Compute and NetworksMichael Duarte

PDF

Software Bill of Materials (SBOMs) for C applications [FOSDEM 2025]Chris Swan

PDF

stackconf 2023 | Dynamic Image Optimization with imgproxy at Schwarz IT by An...NETWAYS

PDF

Build social network in 4 weeksYan Cui

PDF

Embedded Recipes 2019 - From maintaining I2C to the big (embedded) pictureAnne Nicolas

PDF

Encode Club Hackathon Vanessa Lošić

Intro to PythonTJ Stalcup

Reverse engineering and modifying windows 8 appsAmaan Khan

DevDay 2018: Ulrich Deiters - Offline First - kein Netz, kein Fehler, zufried...DevDay Dresden

Build 2017 - B8004 - App Model evolutionWindows Developer

Jenkins X - automated CI/CD solution for cloud native applications on KubernetesTed Won

New NeXt for Advanced DevelopersCisco DevNet

Modern Release Engineering in a Nutshell - Why Researchers should Care!Bram Adams

BSD Magazine December issueValerie Heatley

NiceCover: A Serverless Webapp for Crowdsourcing Data Extraction and Knowledg...Tokyo University of Science

Intro to PythonTJ Stalcup

Highway to heaven - XConf Manchester 2015Christian Deger

"Will Git Be Around Forever? A List of Possible Successors" at UtrechtJUG🎤 Hanno Embregts 🎸

IIT-RTC 2017 Qt WebRTC Tutorial (Qt Janus Client)Alexandre Gouaillard

Intro to js september 19Thinkful

Cisco Live: Containers on Enterprise Compute and NetworksMichael Duarte

Software Bill of Materials (SBOMs) for C applications [FOSDEM 2025]Chris Swan

stackconf 2023 | Dynamic Image Optimization with imgproxy at Schwarz IT by An...NETWAYS

Build social network in 4 weeksYan Cui

Embedded Recipes 2019 - From maintaining I2C to the big (embedded) pictureAnne Nicolas

Encode Club Hackathon Vanessa Lošić

More from Achim D. Brucker (20)

PDF

Usable Security for Developers: A NightmareAchim D. Brucker

PDF

Formalizing (Web) Standards: An Application of Test and ProofAchim D. Brucker

PDF

Combining the Security Risks of Native and Web Development: Hybrid AppsAchim D. Brucker

PDF

The Evil Friend in Your BrowserAchim D. Brucker

PDF

How to Enable Developers to Deliver Secure CodeAchim D. Brucker

PDF

Developing Secure Software: Experiences From an International Software VendorAchim D. Brucker

PDF

Using Third Party Components for Building an Application Might be More Danger...Achim D. Brucker

PDF

On the Static Analysis of Hybrid Mobile Apps: A Report on the State of Apache...Achim D. Brucker

PDF

Isabelle: Not Only a Proof AssistantAchim D. Brucker

PDF

Agile Secure Software Development in a Large Software Development Organisatio...Achim D. Brucker

PDF

Bringing Security Testing to Development: How to Enable Developers to Act as ...Achim D. Brucker

PDF

Security Testing: Myths, Challenges, and Opportunities - Experiences in Integ...Achim D. Brucker

PDF

Industrial Challenges of Secure Software DevelopmentAchim D. Brucker

PDF

SAST for JavaScript: A Brief Overview of Commercial ToolsAchim D. Brucker

PDF

A Collection of Real World (JavaScript) Security Problems: Examples from 2 1/...Achim D. Brucker

PDF

Deploying Static Application Security Testing on a Large ScaleAchim D. Brucker

PDF

Model-based Conformance Testing of Security PropertiesAchim D. Brucker

PDF

Service Compositions: Curse or Blessing for Security?Achim D. Brucker

PDF

Encoding Object-oriented Datatypes in HOL: Extensible Records RevisitedAchim D. Brucker

PDF

A Framework for Secure Service CompositionAchim D. Brucker