THE HACKERS MEETUP — October Event

The Hackers Meetup
10 min readNov 8, 2024

--

“The Hackers Meet-up” is a monthly must attend Meet-up which features in the calendars of security researchers, hackers and professionals around the nation.

The event aims to bring together primarily security researchers, hackers, business leaders, entrepreneurs but also includes practitioners from academia, industry, government organizations as well as students to elaborate and discuss the IT Security challenges that we are facing today and also about the next generation computer security issues.

This month’s meetup was on the topic of IoT and Smart Security. The meetup took place at DevX, Vastrapur, Ahmedabad, from 10 am to 3 pm on October 27, 2024. Our event was hosted by Prashant Bhavasar and featured esteemed speakers Aastha Thakker, Aniket Tripathi, and Markand Pathak. With the engaging presentations and insights from experts, the event attracted a full house attendees, providing a fantastic platform for discussions on the intersection of IoT and security advancements.

Host Prashant Bhavasar began with a brief introduction to IoT and security, setting the stage for the day’s discussions. Following him, Viral Parmar provided insights into The Hackers Meetup (THM), explaining its mission and the significance of IoT within the cybersecurity landscape.

Session 1: “IoT: Connect the Unconnected” by Aastha Thakker

Our first speaker was Aastha Thakker, a student at Gujarat University currently interning as a SOC Analyst. She is an active blogger, sharing her insights on LinkedIn and Medium, and has led the documentation team for The Hackers Meetup for the past 11 months. In addition to her role as documentation head, Aastha has also hosted several previous THM events. This was her first session as a speaker, and she shared her knowledge exceptionally well.

Topics Covered:

  1. What is IoT?
    The Internet of Things (IoT) aims to connect everyday objects to the internet, creating a smarter, interactive network of devices. This concept, coined by Kevin Ashton in 1999, goes beyond simply connecting computers and smartphones. IoT makes it possible for everyday objects, such as business gear and household appliances, to exchange data and connect with one another. IoT connects the digital and physical worlds by giving computers sensory capabilities. This allows for smooth integration for increased productivity, automation, and data-driven insights.
  2. Evolution of IoT:
  • Initial Phase (Pre-Internet): Operational Technology (OT) began with standalone systems controlling industrial processes, typically isolated and operated manually or semi-automatically without network connectivity.
  • Integration with IT (Early 2000s): OT systems gradually integrated with Information Technology (IT), enabling centralized control, data collection, and remote monitoring but increasing exposure to cyber threats.
  • IoT and Cybersecurity Focus (Present): With the rise of IoT, OT has evolved into interconnected smart systems, enhancing efficiency and real-time data analytics while necessitating advanced cybersecurity measures to protect against complex threats.

3. IT, OT, and Digitization:

Operational Technology (OT) and Information Technology (IT) converge in the IoT ecosystem. OT deals with the actual instruments used in industries for operations monitoring and control, whereas IT concentrates on the data and apps that power corporate processes. By combining IT and OT, IoT overcomes these gaps and improves digitization by developing data-driven, automated solutions that increase efficiency, streamline processes, and produce insights in industries like manufacturing, healthcare, and transportation.

4. IoTWFIoT World Forum

Industry leaders get together at the IoT World Forum (IoTWF) to establish standards, foster innovation, and work together on IoT projects. IoTWF provides a forum for enterprises to share ideas and create frameworks for IoT expansion by discussing a range of topics related to IoT, from security procedures to technological developments. By tackling important issues and promoting collaborations across sectors, the forum plays a crucial role in determining the direction of IoT.

5. Cloud, Fog, and Edge Computing:

6. Sensors and Actuators:
Sensors are devices that detect physical changes, such as temperature, light, motion, or pressure, and convert them into electrical signals. Actuators receive these signals and respond by performing actions, like moving a robotic arm or adjusting a thermostat. Sensors and actuators are essential in IoT because they collect data and enable devices to interact with their environments, forming the foundation for automation in applications like smart homes, healthcare, and industrial monitoring.

7. SANET (Sensor Actuator Networks):
Sensor Actuator Networks (SANET) consist of interconnected sensors and actuators that communicate over a network to monitor and manage physical environments. SANET enables IoT devices to sense environmental data (temperature, humidity, motion, etc.) and perform specific actions based on that data, making it crucial for real-time applications in fields like agriculture, manufacturing, and environmental monitoring.

8. Application Layer Protocols (CoAP and MQTT): Application layer protocols facilitate efficient communication between IoT devices.

  • CoAP (Constrained Application Protocol): Designed for resource-constrained devices, CoAP allows IoT devices with limited processing power to communicate over low-bandwidth networks. It operates similarly to HTTP, enabling requests and responses between devices and servers.
  • MQTT (Message Queuing Telemetry Transport): A lightweight, publish-subscribe messaging protocol that enables devices to send data to a central broker, which then distributes it to subscribed clients. MQTT is highly efficient for low-power devices and is widely used in IoT applications like smart homes, where devices need to share data frequently and reliably.

Aastha’s presentation provided a comprehensive overview of IoT, giving attendees an in-depth understanding of IoT’s components, evolution, and the technologies that make it a transformative field in modern technology.

Session 2: “IoT Security from the Lens of Drones” by Aniket Tripathi

Our second speaker, an expert with a wealth of experience, shared valuable insights on IoT Security in relation to drones. Currently pursuing a Ph.D. in Cyber Security from the National Forensic Sciences University, he has an impressive background, having worked as an Information Security Manager at ICICI Bank and now part of the Security and Compliance division at CRED. With a strong interest in AI, Blockchain, Crypto, Legalities, Automation, and Forensics, he brought an in-depth perspective on the complex intersections of IoT and drone security.

Topics Covered

1. IoT and Drone Connection

IoT and drones are increasingly interconnected, with drones acting as mobile IoT devices capable of capturing data, relaying information, and enabling automation. The speaker explained how drones in agriculture, surveillance, and logistics use IoT technology to gather and transmit data, thus creating new opportunities and raising security challenges.

2. Use of Drones in IoT Applications: Drones are now employed in various IoT applications.

  • Agriculture: Monitoring crop health, soil conditions, and livestock.
  • Industrial Inspection: Surveillance of hard-to-reach areas in oil and gas pipelines, power lines, and wind turbines.
  • Delivery: Transporting small packages in logistics.

Drones equipped with IoT capabilities increase efficiency but also introduce unique vulnerabilities that need to be managed carefully.

3. Security Concerns and Applications: While drones are beneficial, they pose significant security concerns:

  • Privacy Risks: Unauthorized data capture and surveillance.
  • Hacking and Exploitation: Drones can be intercepted or hijacked through vulnerabilities in communication protocols.
  • Safety Threats: Potential misuse in restricted areas or to deliver harmful payloads.

The speaker illustrated how these concerns necessitate rigorous security protocols in IoT-enabled drones to prevent misuse and unauthorized access.

4. The Dior Attack

The Dior Attack was presented as a case study to showcase real-world drone security vulnerabilities. This attack method highlights how drones can be compromised through IoT vulnerabilities, serving as a reminder of the need for robust cybersecurity measures in drone technology.

5. Exploiting Drones

Exploring common methods of drone exploitation, the speaker discussed attempts to intercept and manipulate drone signals, override controls, and extract or alter data from onboard storage. These exploits underscore the importance of secure communication protocols and data encryption for IoT-enabled drones.

6. Research in Forensics and Security

Drone forensics is a critical field in understanding and preventing security breaches:

  • Terrorist and Army Attacks: Drones can be weaponized, so forensic analysis helps in counterterrorism and military intelligence.
  • Data Analysis: Forensic investigators analyze captured data to trace the source, identify patterns, and reconstruct events.

7. Memory Analysis and Drone Dismantling

  • Memory Analysis: Reviewing memory storage to extract sensitive data.
  • Dismantling: Examining drone hardware to identify manufacturer details, hardware modifications, and any additional memory modules.

8. Location and IP Address Detection

Techniques like GPS analysis and IP address tracing were explained as ways to track drones. This includes:

  • Coordinates Extraction: Identifying the starting and ending points of a drone’s journey.
  • Log Analysis: Reviewing the drone’s logs to determine the paths it has taken, Wi-Fi SSIDs it has connected to, and other metadata.
  • Geolocation and Mapping: Using geographic markers and coordinates to map the drone’s traveled path, which can be useful in security investigations.

9. From Data Collection to Analysis and Conclusion: The forensic analysis:

  • Data Collection: Gathering all relevant data, such as IP addresses, coordinates, SSIDs, and logs.
  • Data Analysis: Processing and analyzing this data to reach meaningful conclusions.
  • Drawing Conclusions: Based on data, creating a rough and precise report to understand the drone’s movements, origin, and purpose.

QUIZZ!

To enhance the interactive atmosphere of the session, an engaging online quiz was organized, adding an element of excitement and friendly competition to the event. Participants were challenged with ten thought-provoking questions related to cybersecurity, testing their knowledge and understanding of key concepts discussed during the meetup. The top five winners were announced, each rewarded with swag items as tokens of recognition for their impressive performance and dedication to learning.

Session 3: Building a Secure IoT System by Markand Pathak, Co-founder and CTO of Anedya Systems Pvt Ltd

Markand Pathak, an industry leader in IoT security and cloud architecture, shared his insights on creating a secure IoT system. With Anedya’s IoT Infrastructure as a Service (IaaS) supporting over 25,000 devices, Markand’s expertise offered attendees a detailed look into the essential components of IoT security, drawing from his experience and best practices for developing resilient, scalable IoT networks.

1. Defining a Secure IoT System Markand began by highlighting that a secure IoT system is designed to protect both data and device integrity, ensuring only authorized devices and users access the network. Security in IoT involves protecting endpoints, managing data flow, and securing communication channels, each needing its own robust measures.

2. Foundational Security Measures for IoT Devices

  • Use Secure Boot: Secure booting ensures that the device only runs trusted software, preventing malicious code from compromising the device’s functionality.
  • OTP (One-Time Programmable) Memory : Storing critical data in OTP memory prevents unauthorized modifications.
  • Dedicated Authentication ICs: Adding dedicated chips for authentication ensures secure interactions, isolating sensitive keys and cryptographic functions from device firmware.
  • Ensure Genuine Parts : Using authentic hardware components helps prevent backdoor vulnerabilities and unauthorized access risks.

3. Server Authentication: Ensuring Devices Communicate with the Right Server

IoT devices need to be able to verify the identity of the server they are interacting with. Markand discussed some of the best practices to achieve this, emphasizing that trust in the communication process is foundational to IoT security:

  • Implement TLS 1.2 or Higher: Ensuring devices use Transport Layer Security (TLS) version 1.2 or above provides a secure encryption standard.
  • Verify the Server Certificate: Always validate the server’s certificate to avoid man-in-the-middle attacks.
  • Check the Entire Certificate Chain: Authenticating each level of the certificate chain adds a layer of validation.
  • Choose Hardware with SSL/TLS Capability: Use hardware that supports the encryption demands of SSL/TLS to prevent bottlenecks in secure data transmission.
  • Encrypt Certificates and Keys: Avoid transmitting certificates and keys unencrypted to prevent potential interception.

4. Device Authentication: Ensuring the Right User Commands

Markand explained the critical role of user authentication, emphasizing that IoT devices must ensure they are receiving commands from authorized users:

  • Command Authentication : Commands should be verified to ensure they come from authenticated and authorized sources.
  • Challenge and Response Mechanisms: Implementing these mechanisms verifies the identity of the user before the device executes critical commands.

5. System Security Philosophy: No System is Completely Impenetrable

Markand candidly pointed out that “no system in this world is impenetrable; it’s just a matter of time and resources required to break it.” He urged the audience to focus on creating systems resilient enough to withstand common threats and make breaching the system as resource-intensive as possible for attackers.

6. Device Self-Trust: Can a Device Trust Itself? (Example: Vending Machines)

He illustrated the concept of **self-trust** using vending machines as an example. Vending machines, as IoT devices, need to secure their internal processes and hardware integrity to ensure that they haven’t been tampered with, especially in autonomous, remote deployments.

Layered Security Approaches for Self-Trust:

  • Layered Instructions: Implementing multiple layers of security instructions helps prevent unauthorized tampering.
  • Regular Integrity Checks: Devices should perform self-checks on firmware and hardware integrity to detect anomalies.
  • Tamper-Resistant Hardware: Devices should employ tamper-evident or tamper-resistant hardware to signal any unauthorized access.

This session provided a comprehensive roadmap for building and maintaining a secure IoT environment, blending practical tactics with high-level security insights. Markand’s pragmatic approach underscored the importance of layered defenses, strong device-to-server authentication, and continuous system integrity checks, offering participants valuable strategies to protect IoT systems.

Snacks And Networking

The conclusion of the meetup was marked by a group photo, capturing the collective enthusiasm among attendees. Everyone gathered to celebrate the end of the event and to think back on the stimulating discussions and useful learning opportunities that had taken place all during the session. To add a delightful touch, snacks were generously provided to all attendees. Participants were open to networking to their fellow individuals from different cybersecurity background and shared their common interests and aspiration in cybersecurity. It was evidence of the strong sense of community that prevailed at the meetup, as amateurs and experts gathered to share knowledge, work together, and create important contacts for next projects.

Attend this monthly event and become part of this amazing journey.

Official Accounts:

Written By: Deepak S Rodge

--

--

The Hackers Meetup
The Hackers Meetup

Written by The Hackers Meetup

Initiative of @viralparmarhack to provide a proper platform for cyber security researchers & like-minded people to establish a community.

No responses yet