Kai Wang,Shilin Xiao,Xiaoyu Ji,Chen Yan,Chaohao Li,Wenyuan Xu

DOI: https://doi.org/10.1109/sp46215.2023.10179340

2023-01-01

Abstract:This paper analyzes the security of Internet of Things (IoT) devices from the perspective of sensing and actuating. Particularly, we discover a vulnerability in power supply modules and propose Volttack attacks. To launch a Volttack attack, attackers may compromise the power source and inject malicious signals through the power supply module, which is indispensable in most devices. Eventually, Volttack attacks may cause the sensor measurement irrelevant to reality or maneuver the actuator in a way disregarding the desired command. To understand Volttack, we systematically analyze the underlying principle of power supply signals affecting the electronic components, which are building blocks to constitute the sensor or actuator modules. Derived from these findings, we implement and validate Volttack on off-the-shelf products: 6 sensors and 3 actuators, which are used in applications ranging from automobile braking systems, industrial process control to robotic arms. The consequences of manipulating the sensor measurement or actuation include doubled car braking distance and a natural gas leak. The root cause of such a vulnerability stems from the common belief that noises from the power line are unintentional, and our work aims to call for attention to enhancing the security of power supply modules and adding countermeasures to mitigate the attacks.

Yang Li,Anna Maria Mandalari,Isabel Straw

2023-07-26

Abstract:For smart homes to be safe homes, they must be designed with security in mind. Yet, despite the widespread proliferation of connected digital technologies in the home environment, there is a lack of research evaluating the security vulnerabilities and potential risks present within these systems. Our research presents a comprehensive methodology for conducting systematic IoT security attacks, intercepting network traffic and evaluating the security risks of smart home devices. We perform hundreds of automated experiments using 11 popular commercial IoT devices when deployed in a testbed, exposed to a series of real deployed attacks (flooding, port scanning and OS scanning). Our findings indicate that these devices are vulnerable to security attacks and our results are relevant to the security research community, device engineers and the users who rely on these technologies in their daily lives.

Cryptography and Security

Yanmiao Zhang,Xiaoyu Ji,Yushi Cheng,Wenyuan Xu

DOI: https://doi.org/10.23919/ChiCC.2019.8866144

2019-01-01

Abstract:As a modern power transmission network, smart grid connects abundant terminal devices and plays an important role in our daily life. However, along with its growth are the security threats. Different from the separated environment previously, an adversary nowadays can destroy the power system by attacking its terminal devices. As a result, it's critical to ensure the security and safety of terminal devices. To achieve it, detecting the pre-existing vulnerabilities in the terminal program and enhancing its security, are of great importance and necessity. In this paper. we introduce Cker, a novel vulnerability detection tool for smart grid devices, which generates an program model based on device sources and sets rules to perform model checking. We utilize the static analysis to extract necessary information and build corresponding program models. By further checking the model with pre-defined vulnerability patterns, we achieve security detection and error reporting. The evaluation results demonstrate that our method can effectively detect vulnerabilities in smart devices with an acceptable accuracy and false positive rate. In addition, as Cker is realized by pure python. it can be easily scaled to other platforms.

Wei Zhou,Yan Jia,Yao Yao,Lipeng Zhu,Le Guan,Yuhang Mao,Peng Liu,Yuqing Zhang

2018-01-01

Abstract:Smart home connects tens of home devices into the Internet, running a smart algorithm in the cloud that sends remote commands to the devices. While bringing unprecedented convenience, accessibility, and efficiency, it also introduces safety hazards to users. Prior research studied smart home security from various aspects. However, we found that the complexity of the interactions among the participating entities (device, IoT cloud, and mobile app) has not yet been systematically investigated. In this work, we conducted an in-depth analysis to four widely used smart home solutions. Combining firmware reverse-engineering, network traffic interception, and black-box testing, we distill the general state transitions representing the complex interactions among the three entities. Based on the state machine, we reveal several vulnerabilities that lead to unexpected state transitions. While these minor security flaws appear to be irrelevant, we show that combining them in a surprising way poses serious security or privacy hazards to smart home users. To this end, five concrete attacks are constructed and illustrated. We also discuss the implications of the disclosed attacks in the context of business competition. Finally, we propose some general design suggestions for building a more secure smart home solution.

Zian Liu,Chao Chen,Shigang Liu,Dongxi Liu,Yu Wang

DOI: https://doi.org/10.1007/978-981-15-0758-8_12

2019-01-01

Abstract:With the rapid development of Internet of Things (IoT) and smart devices, an increasing number of home security devices are produced and deployed in our daily life. To improve the awareness of the security flaws of these household smart devices, we perform a demo attack in this paper, which utilizes the vulnerability of a security camera to do the exploit. We set up the malicious Wi-Fi environment and our assuming victim in the experiment uses Samsung GALAXY Note 10.1. We demonstrate how to steal the victim’s credential log in information after tricking him into connecting to the malicious Wi-Fi. Our experiment shows that those smart devices lack high-standard security. In our experiment, we show it is trivial and cheap to steal the users credential using a malicious Wi-Fi.

Davide Bonaventura,Sergio Esposito,Giampaolo Bella

DOI: https://doi.org/10.5220/0012767700003767

2024-07-17

Abstract:Despite their apparent simplicity, devices like smart light bulbs and electrical plugs are often perceived as exempt from rigorous security measures. However, this paper challenges this misconception, uncovering how vulnerabilities in these seemingly innocuous devices can expose users to significant risks. This paper extends the findings outlined in previous work, introducing a novel attack scenario. This new attack allows malicious actors to obtain sensitive credentials, including the victim's Tapo account email and password, as well as the SSID and password of her local network. Furthermore, we demonstrate how these findings can be replicated, either partially or fully, across other smart devices within the same IoT ecosystem, specifically those manufactured by Tp-Link. Our investigation focused on the Tp-Link Tapo range, encompassing smart bulbs (Tapo L530E, Tapo L510E V2, and Tapo L630), a smart plug (Tapo P100), and a smart camera (Tapo C200). Utilizing similar communication protocols, or slight variants thereof, we found that the Tapo L530E, Tapo L510E V2, and Tapo L630 are susceptible to complete exploitation of all attack scenarios, including the newly identified one. Conversely, the Tapo P100 and Tapo C200 exhibit vulnerabilities to only a subset of attack scenarios. In conclusion, by highlighting these vulnerabilities and their potential impact, we aim to raise awareness and encourage proactive steps towards mitigating security risks in smart device deployment.

Cryptography and Security

Wei Zhou,Yan Jia,Yao Yao,Lipeng Zhu,Le Guan,Yuhang Mao,Peng Liu,Yuqing Zhang

DOI: https://doi.org/10.48550/arXiv.1811.03241

2019-06-26

Abstract:A smart home connects tens of home devices to the Internet, where an IoT cloud runs various home automation applications. While bringing unprecedented convenience and accessibility, it also introduces various security hazards to users. Prior research studied smart home security from several aspects. However, we found that the complexity of the interactions among the participating entities (i.e., devices, IoT clouds, and mobile apps) has not yet been systematically investigated. In this work, we conducted an in-depth analysis of five widely-used smart home platforms. Combining firmware analysis, network traffic interception, and blackbox testing, we reverse-engineered the details of the interactions among the participating entities. Based on the details, we inferred three legitimate state transition diagrams for the three entities, respectively. Using these state machines as a reference model, we identified a set of unexpected state transitions. To confirm and trigger the unexpected state transitions, we implemented a set of phantom devices to mimic a real device. By instructing the phantom devices to intervene in the normal entity-entity interactions, we have discovered several new vulnerabilities and a spectrum of attacks against real-world smart home platforms.

Cryptography and Security,Networking and Internet Architecture

Bin Yuan,Jun Wan,Yu-Han Wu,De-Qing Zou,Hai Jin

DOI: https://doi.org/10.1007/s11390-023-2488-3

IF: 1.871

2023-01-01

Journal of Computer Science and Technology

Abstract:Among the plethora of IoT(Internet of Things)applications,the smart home is one of the fastest-growing.However,the rapid development of the smart home has also made smart home systems a target for attackers.Recently,re-searchers have made many efforts to investigate and enhance the security of smart home systems.Toward a more secure smart home ecosystem,we present a detailed literature review on the security of smart home systems.Specifically,we cat-egorize smart home systems'security issues into the platform,device,and communication issues.After exploring the re-search and specific issues in each of these security areas,we summarize the root causes of the security flaws in today's smart home systems,which include the heterogeneity of internal components of the systems,vendors'customization,the lack of clear responsibility boundaries and the absence of standard security standards.Finally,to better understand the se-curity of smart home systems and potentially provide better protection for smart home systems,we propose research direc-tions,including automated vulnerability mining,vigorous security checking,and data-driven security analysis.

Zhen Ling,Kaizheng Liu,Yiling Xu,Chao Gao,Yier Jin,Cliff Zou,Xinwen Fu,Wei Zhao

DOI: https://doi.org/10.48550/arXiv.1805.05853

2018-05-15

Abstract:In this paper, we present an end-to-end view of IoT security and privacy and a case study. Our contribution is three-fold. First, we present our end-to-end view of an IoT system and this view can guide risk assessment and design of an IoT system. We identify 10 basic IoT functionalities that are related to security and privacy. Based on this view, we systematically present security and privacy requirements in terms of IoT system, software, networking and big data analytics in the cloud. Second, using the end-to-end view of IoT security and privacy, we present a vulnerability analysis of the Edimax IP camera system. We are the first to exploit this system and have identified various attacks that can fully control all the cameras from the manufacturer. Our real-world experiments demonstrate the effectiveness of the discovered attacks and raise the alarms again for the IoT manufacturers. Third, such vulnerabilities found in the exploit of Edimax cameras and our previous exploit of Edimax smartplugs can lead to another wave of Mirai attacks, which can be either botnets or worm attacks. To systematically understand the damage of the Mirai malware, we model propagation of the Mirai and use the simulations to validate the modeling. The work in this paper raises the alarm again for the IoT device manufacturers to better secure their products in order to prevent malware attacks like Mirai.

Cryptography and Security

Jung Tae (Steve) Kim

DOI: https://doi.org/10.5772/intechopen.97851

2022-01-07

Abstract:A lot of communication are developed and advanced with different and heterogeneous communication techniques by integration of wireless and wire connection. Conventional technology is mainly focus on information technology based on computer techniques in the field of industry, manufacture and automation fields. It consists of individual skill and technique. As new technologies are developed and enhanced with conventional techniques, a lot of new application is emerged and merged with previous mechanism and skills. The representative application is internet of things services and applications. Internet of things is breakthrough technologies and one of the innovation industries which are called 4 generation industry revolution. Many different types of object and devices are embedded in sensor node. They are inter-connected with optimized open system interconnection protocol over internet, wireless and wire medium. Most of communication is fully inter-connected with conventional techniques at point to point and end to application in general. Most of information in internet of things is weak against attack. This may induce vulnerable features to unauthorized and outside attacker over internet protocol, Bluetooth, Wi-Fi, and so forth. As high and low efficient equipment are merged into heterogeneous infrastructure, IoT communication surroundings has become more complex, Due to limited resources in IoT such as small memory, low power and computing power, IoT devices are vulnerable and disclosed with security problems. In this chapter, we analyzed security challenges and threats based on smart home network under IoT service.

Zhibo Wang,Defang Liu,Yunan Sun,Xiaoyi Pang,Peng Sun,Feng Lin,John C. S. Lui,Kui Ren

DOI: https://doi.org/10.1109/comst.2022.3201557

IF: 35.6

2022-01-01

IEEE Communications Surveys & Tutorials

Abstract:With recent advances in communication technologies and Internet of Things (IoT) infrastructures, home automation (HA) systems have emerged as a new promising paradigm that provides convenient smart-home services to users. However, there exist various security risks during the deployment and application of HA systems, which pose severe security threats to users. On the one hand, traditional IoT security threats (e.g., device intrusion, protocol vulnerabilities, and so on) are inherent to HA systems. On the other hand, as the core of HA systems, the Trigger-Action Programming (TAP) model organizes cloud platforms, local hubs, and smart devices through user-customized rules, but the complex interactions involved bring new challenges to the security of HA systems. These two kinds of security issues have attracted widespread attention from both academia and industry, and explorations on both attack and defense have been made. However, there is not yet a survey that provides a summary of the overall HA systems’ security research. In this paper, we conduct a comprehensive survey of the state-of-the-art literature on HA system security from aspects of attack and defense. We first give a brief introduction to the HA system architecture and present a general workflow of HA systems. Then, we review and classify the relevant attacks based on the HA architecture, with an explicit analysis of vulnerabilities exploited by these attacks. We further elaborate on the security requirements of HA systems and provide detailed descriptions and comparisons of existing defenses methods. Finally, we conclude with a thorough discussion of open issues for future research.

Hui Liu,Changyu Li,Xuancheng Jin,Juanru Li,Yuanyuan Zhang,Dawu Gu

DOI: https://doi.org/10.1145/3139937.3139948

2017-01-01

Abstract:The concept of Smart Home drives the upgrade of home devices from traditional mode to an Internet-connected version. Instead of developing the smart devices from scratch, manufacturers often utilize existing smart home solutions released by large IT companies (e.g., Amazon, Google) to help build the smart home network. A smart home solution provides components such as software development kit (SDK) and relevant management system to boost the development and deployment of smart home devices. Nonetheless, the participating of third-party SDKs and management systems complicates the workflow of such devices. If not meticulously assessed, the complex workflow often leads to the violation of privacy and security to both the consumer and the manufacturer. In this paper, we illustrate how the security and privacy of smart home devices are affected by JoyLink, a widely used smart home solution. We demonstrate a concrete analysis combined with network traffic interception, source code audit, and binary code reverse engineering to evince that the design of smart home solution is error-prone. We argue that if the security and privacy issues are not considered, devices using the solution are inevitably vulnerable and thus the privacy and security of smart home are seriously threatened.

Binbin Zhao,Shouling Ji,Wei-Han Lee,Changting Lin,Haiqin Weng,Jingzheng Wu,Pan Zhou,Liming Fang,Raheem Beyah

DOI: https://doi.org/10.1109/tdsc.2020.3037908

2020-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:The Internet of Things (IoT) has become ubiquitous and greatly affected peoples' daily lives. With the increasing development of IoT devices, the corresponding security issues are becoming more and more challenging. Such a severe security situation raises the following questions that need urgent attention: What are the primary security threats that IoT devices face currently? How do vendors and users deal with these threats? In this article, we aim to answer these critical questions through a large-scale systematic study. Specifically, we perform a ten-month-long empirical study on the vulnerability of 1,362,906 IoT devices varying from six types. The results show sufficient evidence that N-days vulnerability is seriously endangering the IoT devices: 385,060 (28.25 percent) devices suffer from at least one N-days vulnerability. Moreover, 2669 of these vulnerable devices may have been compromised by botnets. We further reveal the massive differences among five popular IoT search engines: Shodan [1], Censys [2], [3], Zoomeye [4], Fofa [5], and NTI [6]. To study whether vendors and users adopt defenses against the threats, we measure the security of MQTT [7] servers, and identify that 12740 (88 percent) MQTT servers have no password protection. Our analysis can serve as an important guideline for investigating the security of IoT devices, as well as advancing the development of a more secure environment for IoT systems.

Xingbin Jiang,Michele Lora,Sudipta Chattopadhyay

DOI: https://doi.org/10.1145/3379542

IF: 5.3

2020-05-31

ACM Transactions on Internet Technology

Abstract:The revolutionary development of the Internet of Things has triggered a huge demand for Internet of Things devices. They are extensively applied to various fields of social activities, and concerning manufacturing, they are a key enabling concept for the Industry 4.0 ecosystem. Industrial Internet of Things (IIoT) devices share common vulnerabilities with standard IoT devices, which are increasingly exposed to the attackers. As such, connected industrial devices may become sources of cyber, as well as physical, threats for people and assets in industrial environments. In this work, we examine the attack surfaces of a networked embedded system, composed of devices representative of those typically used in the IIoT field. We carry on an analysis of the current state of the security of IIoT technologies. The analysis guides the identification of a set of attack vectors for the examined networked embedded system. We set up the corresponding concrete attack scenarios to gain control of the system actuators and perform some hazardous operations. In particular, we propose a couple of variations of Mirai attack specifically tailored for attacking industrial environments. Finally, we discuss some possible

computer science, information systems, software engineering

Miao Yu,Jianwei Zhuge,Ming Cao,Zhiwei Shi,Lin Jiang

DOI: https://doi.org/10.3390/fi12020027

2020-01-01

Future Internet

Abstract:With the prosperity of the Internet of Things (IoT) industry environment, the variety and quantity of IoT devices have grown rapidly. IoT devices have been widely used in smart homes, smart wear, smart manufacturing, smart cars, smart medical care, and many other life-related fields. With it, security vulnerabilities of IoT devices are emerging endlessly. The proliferation of security vulnerabilities will bring severe risks to users’ privacy and property. This paper first describes the research background, including IoT architecture, device components, and attack surfaces. We review state-of-the-art research on IoT device vulnerability discovery, detection, mitigation, and other related works. Then, we point out the current challenges and opportunities by evaluation. Finally, we forecast and discuss the research directions on vulnerability analysis techniques of IoT devices.

Kulani Mahadewa,Kailong Wang,Guangdong Bai,Ling Shi,Yan Liu,Jin Song Dong,Zhenkai Liang

DOI: https://doi.org/10.1109/tse.2019.2960690

IF: 7.4

2021-12-01

IEEE Transactions on Software Engineering

Abstract:A key feature of the booming smart home is the integration of a wide assortment of technologies, including various standards, proprietary communication protocols and heterogeneous platforms. Due to customization, unsatisfied assumptions and incompatibility in the integration, critical security vulnerabilities are likely to be introduced by the integration. Hence, this work addresses the security problems in smart home systems from an integration perspective, as a complement to numerous studies that focus on the analysis of individual techniques. We propose HomeScan, an approach that examines the security of the implementations of smart home systems. It extracts the abstract specification of application-layer protocols and internal behaviors of entities, so that it is able to conduct an end-to-end security analysis against various attack models. Applying HomeScan on three extensively-used smart home systems, we have found twelve non-trivial security issues, which may lead to unauthorized remote control and credential leakage.

engineering, electrical & electronic,computer science, software engineering

Bin Yuan,Yuhan Wu,Maogen Yang,Luyi Xing,Xuchang Wang,Deqing Zou,Hai Jin

DOI: https://doi.org/10.1109/tdsc.2022.3162312

2023-01-01

Abstract:Emerging IoT clouds are playing a more important role in modern lives, enabling users/developers to program applications to make better use of smart devices. However, preliminary research has shown IoT cloud vulnerabilities could expose IoT users to security risks. To better understand the problem, we studied the SmartThings cloud, one of the most popular IoT cloud platforms that support user-defined device automation (SmartApps). Specifically, we found new vulnerabilities in SmartThings that allow attackers to fake events to trigger the SmartApps to operate devices (e.g., open a lock). Exploiting such vulnerabilities, we successfully faked 7 different types of events, which impact 138 (out of 187) SmartThings’ official open-sourced SmartApps. To defeat such attacks, we propose an authenticity-verification-based scheme to deny fake events. Moreover, we designed a tool, SmartPatch , to help users secure their SmartThings systems. In specific, SmartPatch automatically patches the vulnerable SmartApps and Device Handlers (input) and outputs the flawless programs, which are ready for users to deploy in their SmartThings systems. We have made SmartPatch publicly available. With the help of SmartPatch , we patched all the vulnerable SmartThings’ official open-sourced programs (146 SmartApps and 321 Device Handlers). Experiments have shown the compatibility, effectiveness, and efficiency of our proposed approach.

Bin YUAN,Kaimin ZHENG,Jun WAN,Deqing ZOU,Hai JIN

DOI: https://doi.org/10.1360/ssi-2022-0466

2023-01-01

Scientia Sinica Informationis

Abstract:Recently,the vigorous development of Internet of Things technology has rapidly developed smart home applications.Smart home platforms increasingly provide open interfaces for users to implement customized smart home applications(e.g.,device automation control).The possible defects of these open interfaces have also become an important issue affecting the security of smart home systems.In this paper,we study the open interfaces of the SmartThings platform.We identified a series of new vulnerable interfaces and conducted proof-of-concept attacks to demonstrate the security impact of such interfaces.To mitigate this problem,we propose SmartNotify,a tool for identifying malicious smart home applications abusing vulnerable interfaces.Experiment results show the efficiency and effectiveness of SmartNotify.

Xing Liu,Cheng Qian,William Grant Hatcher,Hansong Xu,Weixian Liao,Wei Yu

DOI: https://doi.org/10.1109/access.2019.2920763

IF: 3.9

2019-01-01

IEEE Access

Abstract:The widespread adoption of the Internet of Things (IoT) technologies has drastically increased the breadth and depth of attack surfaces in networked systems, providing new mechanisms for the intrusion. In the context of smart-world critical infrastructures and cyber-physical systems, the rapid adoption of the IoT systems and infrastructures without thorough consideration for the risks and vulnerabilities has the potential for catastrophic damage to the privacy, safety, and security of individuals and corporations. While the IoT systems have the potential to increase productivity, accountability, traceability, and efficiency, their potential weaknesses are also more abundant. In this paper, we provide critical consideration of the security of the IoT systems as applied to smart-world critical infrastructures. Particularly, we carry out a detailed assessment of vulnerabilities in IoT-based critical infrastructures from the perspectives of applications, networking, operating systems, software, firmware, and hardware. In addition, we highlight the three key critical infrastructure IoT-based cyber-physical systems, namely the smart transportation, smart manufacturing, and smart grid. Moreover, we provide a broad collection of attack examples upon each of the key applications. Furthermore, we introduce a case study, in which we assess the impacts of potential attacks on critical IoT-based systems, using the smart transportation system as an example. Finally, we provide a set of best practices and address the necessary steps to enact countermeasures for any generic IoT-based critical infrastructure system.

Yuhang Mao,Xuejun Li,Yan Jia,Shangru Zhao,Yuqing Zhang

DOI: https://doi.org/10.1109/smartworld-uic-atc-scalcom-iop-sci.2019.00261

2019-01-01

Abstract:With the rapid development of the Internet of Things (IoT) technology, security and privacy issues in the smart home have become the focus of extensive research. However, due to the differences in smart home solutions, especially the complex communication protocols and the wide variety of IoT devices, it is difficult for security researchers to systematically and comprehensively study the security of smart home. In this paper, we propose a novel security analysis method based on the life cycle of smart home, including the complete process of the user using IoT devices in smart home scenario, and take user, samrt device and IoT cloud as the research object. Moreover, in order to figure out the life cycle of smart home from different manufacturers, we propose a tool, called IoTCap (IoT Capture), to study the security and privacy issues of the smart home. The fundamental approach used in this tool is to capture IP-layer data packets sent and received by smart appliance on the user's mobile phone, and to analyze the contents of the data packets. Using this tool to recover the workflow and interaction process of the smart home, we further analyze security risks at all stages of the life cycle, including identity authentication, access control, protocol security, and privacy protection. The experimental results have shown that the method is feasible. We believe that this tool will be the basis of a general automation framework for analyzing the security and privacy of smart home.