Understanding the IoT Threat Landscape and a Home Appliance Manufacturer's Approach to Counter Threats to IoT

Conference:  BlackHat EU 2019



As we live in a world where billions of IoT devices are connected to the Internet, there are streams of news articles that depict damages caused by malware and other threats that target such devices. While there are some things that users can do to prevent such damages, consumers expect manufacturers to consider security as part of the product design in the development lifecycle.Panasonic, being a device manufacturer, is able to collect information on these threats by connecting our own devices in the development / pre-shipment phases to a honeypot that we have developed. Since its deployment, Panasonic has been able to find 179 million attack cases and 25 thousand malware samples, of which 4,800 were unique samples targeting IoT. 20% of the samples were new and hashes for them did not exist when querying Virustotal. In addition, we discovered 0-day attacks against the SMB protocol, allowing attackers to access data on compromised home appliances.We have developed a system where information being collected through the honeypot is sent to a Sandbox for automated analysis, to address our concern for having a limited number of security experts. What this system allows Panasonic to do is collect "malware targeting/exploiting Panasonic IoT devices" for quicker remediation, in addition to "popular malware" targeting a wide-range of IoT devices.In this session, we will discuss the details of this project and share some analysis of malware that have been collected. By leveraging this information, Panasonic aims to develop products that are resilient to malware. In addition, we are looking for ways to use this threat and remediation information to develop an IoT SOC.