This presentation by Heather Goudey (independent researcher) and Jasmine Sesso (Microsoft) was delivered at VB2015 in Prague, Czech Republic.

The Internet of Things (IoT) is where the virtual world meets the physical world. Physical objects (such as refrigerators or cars - sometimes even people) are labelled, identified and connected. Massive amounts of data are gathered from a multitude of omnipresent sensor nodes, and analysed to solve difficult, real-world problems. The applications of these systems are seemingly endless and range from automating your whole house, to monitoring your health, to managing large-scale industry. The future proposed by this recent computing paradigm shift is exciting, and some of it is already here.

However, even a brief analysis of the possible implications of this type of ubiquitous computing suggests a more dystopian outcome. While the wonders of the IoT are many and varied, the privacy and security implications are somewhat unknown. By 2020, it is estimated that there will be approximately 50 billion nodes in operation worldwide. Even if you choose to not be virtualized by the IoT, escaping unrecorded by its many nodes will be nigh on impossible, and its tangible effects on physical systems means that traditional notions of what constitutes risk will need to be rethought. One thing is certain though - the threats of malware have never been more real.

This paper looks at the state of the AV industry in the context of the IoT in 2015, then drills down into the specific security implications faced, as well as the current approaches taken to address them. We examine the behaviour of current malware found in the wild already targeting the IoT, extrapolate trends, take a critical look at recent recommendations from the FTC's (Federal Trade Commission) 'Internet of Things - Privacy and Security in a Connected World' staff report and discuss the relevance of AV in this brave new world.