Thursday 1 October 09:30 - 10:00, Red room
Heather Goudey (Independent researcher)
Jasmine Sesso (Microsoft)
download slides (PDF)
The Internet of Things (IoT) is where the virtual world meets the physical world. Physical objects (such as refrigerators or cars - sometimes even people) are labelled, identified and connected. Massive amounts of data are gathered from a multitude of omnipresent sensor nodes, and analysed to solve difficult, real-world problems. The applications of these systems are seemingly endless and range from automating your whole house, to monitoring your health, to managing large-scale industry. The future proposed by this recent computing paradigm shift is exciting, and some of it is already here.
However, even a brief analysis of the possible implications of this type of ubiquitous computing suggests a more dystopian outcome. While the wonders of the IoT are many and varied, the privacy and security implications are somewhat unknown. By 2020, it is estimated that there will be approximately 50 billion nodes in operation worldwide. Even if you choose to not be virtualized by the IoT, escaping unrecorded by its many nodes will be nigh on impossible, and its tangible effects on physical systems means that traditional notions of what constitutes risk will need to be rethought. One thing is certain though - the threats of malware have never been more real.
This paper looks at the state of the AV industry in the context of the IoT in 2015, then drills down into the specific security implications faced, as well as the current approaches taken to address them. We examine the behaviour of current malware found in the wild already targeting the IoT, extrapolate trends, take a critical look at recent recommendations from the FTC's (Federal Trade Commission) 'Internet of Things - Privacy and Security in a Connected World' staff report and discuss the relevance of AV in this brave new world.
Heather Goudey is a malware-specialist researcher, content developer and technical writer with over 15 years' experience writing, editing and publishing what she hopes is meaningful and useful computer security-related information for affected users. She worked for seven years with CA's Virus Information Center and then almost six years with the Mi-crosoft Malware Protection Center before becoming an independent re-searcher. She has presented at Virus Bulletin and Eicar conferences on topics such as social engineering, hoaxes, the monetization of malware, and malware analysis automation. Her interests include the infected user experience, usability, information design and speaking to users directly about computer security without being threatening or patronizing.
Jasmine Sesso was born in Melbourne, Australia and divided her school years between Melbourne and St Gallen, Switzerland. After majoring in linguistics at university, she went on to complete a post-graduate diploma in Technical Communications. Jasmine joined Microsoft in 2010 as a Technical Writer, where she specializes in anti-malware research and communications. She is passionate about improving the end-user experience. Jasmine is on the Australian Society of Technical Communicators' committee, and helps organize local speaker events in Melbourne. Outside of work, she enjoys spending time with her husband and young daughter. She's interested in sustainable living, architecture and design, and enjoys cooking with produce grown in her garden.