Security Threats to Machine Clouds

Presented by Georg-Christian Pranschke at B-Sides Cape Town

With the expansion of cellular networks throughout the world there has been an increase in businesses inter-connecting their equipment. Example applications include fleet tracking, utility metering and industrial control systems. While it would be easy to simply connect these devices to cellular networks using the small form factor GSM hardware available today, managing hundreds or thousands of devices can be difficult. As a result, there has been a growing demand in recent years for hosted device management solutions know as Machine to Machine (M2M) Device Clouds. These device clouds, much like other computing clouds, provide elastic scalability and remote management capability to organisations.This expansion of industrial automation controls into the cloud,implies greater exposure to attacks, as cloud based access and administration channels are more readily accessible than VPN solutions often used previously.
This talk introduces the general architecture of device clouds, enumerate potential threats and possible attack vectors they could face. Finally, SensePost's findings based on an initial security evaluation of these platforms are presented.