Final_--The Hacker's Perspective_ Zephyr OS and on-device runtime protection(1).pptx.pdf

1、The Hackers Perspective:Zephyr OS and On-device Runtime Protection Zephyr Developer Summit 2023|Natali TshuvaThe challenge for connected device manufacturers is to strike a delicate balance between security,reliability,scalability,and meeting the increasing demand for smart solutions.It requires unw

2、avering dedication,innovation,and a customer-centric mindset to shape the future of connected devices and transform the way we live,work,and thrive in the digital age.Rachel Patel,Technology StrategistAbout MeNatali TshuvaCEO&Co-founderSternumComputer Science Student(age 14)Reverse Engineer,Unit 820

3、0(Israel NSA)Exploit Designer Sternum Co-founder Talking to You Today!Forbes 30 Under 30Working with LeadersBacked by Top InvestorsBest IoT Product AwardApplication Security Layers Overview In Dev:Post-Production:Dynamic Analysis Static Analysis Stack CanariesBest Practices:Encryption/Data Protectio

4、n/User mgmtSoftware composition Analysis Endpoint ProtectionApplication Performance MonitoringReal-Time Alerts Zero-Day attack prevention and detection Endpoint ProtectionPermissions&PoliciesContinuous MonitoringStack CanariesMemory Isolation/Segmentation/CanariesSecure API with userspace Secure Boo

5、t+OTA Hardware Security Application SecurityUser Space SecuritySecure OS and InfrastructureSecurity Layers-The“Embedded”StatusIn Dev:Post-Production:Static Analysis Stack CanariesDynamic Analysis Best Practices:Encryption/Data Protection/User mgmt Software composition Analysis Endpoint ProtectionApp

6、lication Performance MonitoringReal-Time Alerts Zero-Day attack prevention and detection Endpoint ProtectionPermissions&PoliciesContinuous MonitoringStack CanariesMemory Isolation/Segmentation/CanariesSecure API with userspaceSecure Boot+OTA Hardware SecurityUser Space SecuritySecure OS and Infrastr

7、uctureApplication SecurityWhat Happened to Real-time Monitoring and Protection?Uniquely Deterministic Nature No user interface Predictable operation Minimal input channels etc.IoT/Embedded Security is Different.Software Vulnerabilities Are The Main ThreatDifferent Threat Landscape Phishing,malicious

8、 websites,viruses,file manipulations,poisoning,etc.are not a major threat for IoT.Limited Available Resources Compute Memory Battery Bandwidthetc.New security solutions are required.Uniquely Diversified 100+different operating systems Communication stacks Applications&Industries Status TodayStatic a

9、nalysisSBOMEncryption Vulnerability management Static analysis misses 50%of vulnerabilities SBOM and vulnerability mgmt only takes care of public,well known vulnerabilitiesPatches takes time and moneyEncryption does not prevent software vulnerability exploitationNo zero-day preventionNo real-time ap

10、plication security and monitoring OS memory protections does not prevent memory vulnerabilities in user-space and application No real-time alerts and monitoring Result:Embedded Endpoints are far behind,and blind The GAPSBest Practices:OS Security features covers the first layers.Secure/trusted boot

11、Over the air(OTA)updates Memory separation Stack protection Thread separation Support for crypto and TEENo monitoring and protection leads to Device issues recalls Software issues and vulnerabilitiesVulnerabilities are Inevitable and EndlessSoftware vulnerabilities are the main threat for IoTNew CVE

12、s Each Month2000Patch Tuesdays Due To Memory Vulnerabilities70%Companies Have A Publicly Available Exploit.58%15Vulnerabilities Per 1000 Lines Of CodeMany third-party code vulnerabilities left undiscovered by static analysis toolsI know a vulnerabilityexists Many Attack VectorsNetwork Vulnerabilitie

13、sMobile AppvulnerabilitiesProtocol vulnerabilitiesChip level vulnerabilitiesSmart CameraSmart plugVulnerable connected devices3rd party CodeVulnerabilitiesHackerDefenderHacker View:Cisco RouterNo prevention on-device.No search for indicators of attack.HACKER ON THE INTERNETLIMITED OPTIONS:REACT.PATC

14、H.Full EnterprizeNetworkExposedCHANGE CONTROLSLATERAL MOVEMENTRANSOMWARE DISRUPT SERVICE CVE-2022-20699MEMORY CORRUPTIONExploit publicly availableDirect access from the Internet Complete takeover on the VPN/GatewayACCESSES THE NETWORK AND DEVICESCISCO RV340 BUSINESS CLASS ROUTER Exploitation Video:h

15、ttps:/youtu.be/O1uK_b1TmtsHacker View:Wemo Smart PlugSternum Disclosed a Critical Vulnerability in Wemo DevicesHACKER ON THE INTERNETComplete Takeover Read the full research here:https:/ CORRUPTIONCVE-2023-27217Wemo Smart plug mini v2Current Approaches Reactive.Imposing.Not Holistic.Patching is Reac

16、tive&Costly but Cant SafeguardStatic Analysis Finds Only 50%of Vulnerabilities “Usually there are much simpler ways of penetrating the security system than cracking the crypto”Adi ShamirWhat can we do to protect against zero-days and unpatched vulnerabilities?While Every Vulnerability is Different,E

17、xploitations Share a Unique FingerprintWhat is exploitation?“To exploit a vulnerability,an attacker must have at least one applicable tool or technique that can connect to a system weakness.”“An exploit is a piece of software,a chunk of data,or a sequence of commands that takes advantage of a bug or

18、 vulnerability to cause unintended or unanticipated behavior to occur on computer software,hardware,or something electronic(usually computerized).”Sternum Is Uniquely Able to Deliver The Benefits of EPP/XDR&RASPExploitation Fingerprint Patented TechnologyMemory override (stack,heap,data,overflow)Man

19、ipulation of execution flowInjection of malicious codeInformation leakCommand injectionPOWER FLIPSTACK OVERFLOW VULNERABILITY CVE-2023-27217Wemo smart plug mini v2HACKER ON THE INTERNETNO REACTION REQUIREDExploitation Fingerprint:Memory corruptionCommand InjectionManipulation of execution flowInform

20、ation leakInjection of malicious codeReal-time monitoring Anomaly detectionDEVICE INTEGRITY MAINTAINEDNOTIFICATION SENTFORENSICS SHAREDVISIBILITY INTO BIGGER PICTUREDefender View-Wemo Smart PlugPower Flips.Integrating runtime protection and monitoring to an embedded device?This must be a nightmareZe

21、phyr Integration With Sternum:Easy as 123Just add our directory and a few lines to the CMakeLists.No code changes necessary.1.Sternum runtime security will immediately auto-activate and can be controlled directly from Kconfig.2.With sternum on your Zephyr devices,you get an additional layer of runti

22、me protection,as well as access to live and historical data,AI-powered anomaly detection,advanced investigation capabilities,and moreYou can deploy custom traces to set up your monitoring strategy and start collecting device-level data.3.The Sternum PlatformEmbedded SecurityAgentless runtime protect

23、ion,AI-powered threat detectionContinuous MonitoringLive remote monitoring&analysis,AI-powered anomaly detectionBusiness&Operational InsightsOperational insights,fleet management,business analyticsAgentless Runtime Protection Universal Telemetry&Monitoring SDK DeviceThe Sternum Platform OverviewClou

24、d AI-powered Security&MonitoringAnomaly detection Threat intelligence Business&operational insightsPolicies ManagementFleet ManagementCybersecurity MonitoringCustomizable views,dashboards,queries,alertsOperating System Anti-Exploitations:Command injections,unallowed operations 3Patented:Memory Integ

25、rity Protection,fileless attacks,in-memory attacks(top threat 70%of vulnerabilities)1Detection Layer:Overall system monitoring,AI-powered anomaly detection and policy setting:brute-force,DDoS,malicious connections,anti-malware etc4Patented control flow integrity for embedded systems,execution integr

26、ity(remote code execution prevention)2End-to-End Device SecurityEmbedded Prevention,AI Detection,Cloud Management and Response This is simulated data *Screenshot from the next version of our platform,currently in development This is simulated data *Screenshot from the next version of our platform,cu

27、rrently in development This is simulated data *Screenshot from the next version of our platform,currently in development Security and Monitoring are Tied TogetherOperational Cost-savingDevice SecurityEmbedded Endpoint ProtectionAlertsAnomaly detectionRoot-cause analysisPolicy managementPost producti

28、on monitoringReal time debugging,performance monitoring and operational insights50 Employees around the worldTrusted by Leaders Undisclosed Fortune 50 Company“Sternum saves us time,manpower,and money.”Kyle Ericson,Product Security DirectorThe device-centric security&data platformRuntime ProtectionCo

29、ntinuous MonitoringOperational&Business InsightsWorking With Largest Device Manufacturers“Sternum gives us the opportunity to do advanced planning,triage the issue,and manage the situation.”Chas Meyer,Sr.Principal Product Security EngineerMultiple Patents Raised$40M,10 x in sales this year Unit 8200 heritage Awards:Best IoT Product Thank You ZDS