Sunday, August 28, 2016

Dark-Side of Internet of Things (IOT): Security & Privacy Challenges



Recently, I was invited to deliver a talk at the Global IOT Conclave held at The Chancery Pavilion, Bangalore. The talk focussed on the Dark-Side of Internet of Things specific to Security & Privacy Challenges in IOT. Here’s the digest of the presentation.

  • Why is everything getting Smart with the advent of IOT?  Sensors or Cloud or M2M.
  • IOT is bridging the gap between the Physical world & the Digital world and how Digital threats are becoming Physical threats?
  • Top IOT Hacks: Chrysler's Jeep Cherokee, Mattel's Wi-fi Hello Barbie.
  • Eavesdropping through microphones of Smart Dolls, Smart Teddy Bears & Smart TVs. What if the smart doll teaches offensive things to your kid.
  • Exploitable Smart Refrigerators, Smart Thermostats, Smart Insulin Pumps. How Smart TVs have been hacked & infected by malware for automated Ad Clicks and Cryptocurrency mining.
  • IOT Ransomeware is now reality. How much someone would be willing to pay to remove ransomware from a Smart Pacemaker?
  • Denial of Service (DOS) attacks on & through IOT devices. How hackers can turn a Smart Fridge into a spam-bot?
  • Why can't we make smart devices smart enough to be secure? The IOT Security Challenges: Resource Constraints, STRIDE Threat vectors.
  • Security vs Privacy vs Anonymity. Importance of Trust in IOT Privacy.
  • Security by Obscurity vs Security by Design: Proprietary protocols, indigenous hardware & air-gapped networks.
  • Security can not be an afterthought. It has to considered & implemented in all of stages of IOT Business: Planning, Design, Implementation, Verification, Validation, Deployment & Operations.
  • IOT Business Model needs to change. Earlier we used to Build product, Ship them & forget about them until we had to Service them, but now we have to Ship & Remember.

Below is the presentation for the delivered talk.

Friday, June 3, 2016

Touring the Dark-Side of Internet: A Journey through IOT, TOR & Docker




Recently, I had the privilege of delivering a talk at ThoughtWorks GeekNight Hyderabad along with my co-speaker @Sarath. The session focussed on the Dark-Side of Internet touching upon the following theme.

With the advent of IOT, Every 'Thing' is getting Smart, starting from the range of smartwatches, smart refrigerators, smart bulbs to smart car, smart healthcare, smart agriculture, smart retail, smart city and what not, even smart planet. But why is every thing getting smart? Is it just a marketing gimmick? 

People are trying to bridge the gap between Digital World & Physical World by means of ubiquitous connectivity to Internet, and when digital things become physical, digital threats also become physical threats. Security & Privacy issues are rising as never before. What if the microphone in your smart TV can be used to eavesdrop the private communications in your bed room? What if a smart driverless car deliberately crashes itself into an accident? What if you want to be Anonymous over Internet and don't want anybody to track you? 

The talk focused on answering the above questions with a view on 'What are we currently doing to protect ourselves' and 'What we need to do'. What are the new security challenges that are coming up and how privacy & anonymity is taking the lead over security. The talk also sensitised the audience about the paradigm shift that is happening in IOT DevOps, with help of Docker Containers and how they can be anonymised using TOR.

The detailed Agenda of the delivered talk:

Friday, April 1, 2016

Digital Disruption - Facts to ponder!

Why didn’t a cab driver think of Ola or Uber? 
Why didn’t a Shopping Mall owner think of Flipkart? 
Why didn’t a Theatre owner think of BookMyShow? 
Why didn’t Airtel or Vodafone think of Paytm? 
Why didn’t Taj or Marriott think of GoIbibo? 


The answer to all above, and the myriad of all other companies displaced by digital disruption, is that at some point they became so busy and coupled with the ongoing need to meet or exceed the quarterly numbers, that they forgot to look far enough outside of their business to see the disruption ahead. A quite convincing reason why so many companies fail to face the disruption is that when someone from the outside uses digital disruption to disrupt you, the strategy most often invoked is to protect and defend the status quo. It is amazing how much time and money organizations spend protecting and defending their current ‘cash cows’. In the past this was a valid strategy that did produce good results. But digital disruption is different. Because it tends to be game-changing with a very low cost of entry, it is not hard for a small startup to quickly disrupt not only a big business, but even an entire industry.



But, why all this is happening now? What is digital disruption?

Wednesday, October 14, 2015

Installing Mac OS X El Capitan 10.10 on Vmware ESXi 6.0


After a long struggle of 48 hours, I could finally able to install the Apple's latest Mac OS X El Capitan v10.11  on a Virtual Machine (VM). The experiment was conducted on Vmware ESXi 6.0 virtualization platform running over physical IBM Server X3650 M3.


Following are the installation steps:

Setting up ESXi for running Apple Mac OS X 

Vmware ESXi 6.0 doesn’t support OS X out of the box.
  1. So, the first thing you need to do is to customise the hypervisor layer by executing

Remote Desktop Connection to Abhinav's Mac On Cloud.