Wei Zhou,Yan Jia,Yao Yao,Lipeng Zhu,Le Guan,Yuhang Mao,Peng Liu,Yuqing Zhang

DOI: https://doi.org/10.48550/arXiv.1811.03241

2019-06-26

Abstract:A smart home connects tens of home devices to the Internet, where an IoT cloud runs various home automation applications. While bringing unprecedented convenience and accessibility, it also introduces various security hazards to users. Prior research studied smart home security from several aspects. However, we found that the complexity of the interactions among the participating entities (i.e., devices, IoT clouds, and mobile apps) has not yet been systematically investigated. In this work, we conducted an in-depth analysis of five widely-used smart home platforms. Combining firmware analysis, network traffic interception, and blackbox testing, we reverse-engineered the details of the interactions among the participating entities. Based on the details, we inferred three legitimate state transition diagrams for the three entities, respectively. Using these state machines as a reference model, we identified a set of unexpected state transitions. To confirm and trigger the unexpected state transitions, we implemented a set of phantom devices to mimic a real device. By instructing the phantom devices to intervene in the normal entity-entity interactions, we have discovered several new vulnerabilities and a spectrum of attacks against real-world smart home platforms.

Cryptography and Security,Networking and Internet Architecture

Haotian Chi,Qiang Zeng,Xiaojiang Du,Jiaping Yu

DOI: https://doi.org/10.48550/arXiv.1808.02125

2021-01-24

Abstract:A number of Internet of Things (IoTs) platforms have emerged to enable various IoT apps developed by third-party developers to automate smart homes. Prior research mostly concerns the overprivilege problem in the permission model. Our work, however, reveals that even IoT apps that follow the principle of least privilege, when they interplay, can cause unique types of threats, named Cross-App Interference (CAI) threats. We describe and categorize the new threats, showing that unexpected automation, security and privacy issues may be caused by such threats, which cannot be handled by existing IoT security mechanisms. To address this problem, we present HOMEGUARD, a system for appified IoT platforms to detect and cope with CAI threats. A symbolic executor module is built to precisely extract the automation semantics from IoT apps. The semantics of different IoT apps are then considered collectively to evaluate their interplay and discover CAI threats systematically. A user interface is presented to users during IoT app installation, interpreting the discovered threats to help them make decisions. We evaluate HOMEGUARD via a proof-of-concept implementation on Samsung SmartThings and discover many threat instances among apps in the SmartThings public repository. The evaluation shows that it is precise, effective and efficient.

Cryptography and Security

Wei Zhou,Yan Jia,Yao Yao,Lipeng Zhu,Le Guan,Yuhang Mao,Peng Liu,Yuqing Zhang

2018-01-01

Abstract:Smart home connects tens of home devices into the Internet, running a smart algorithm in the cloud that sends remote commands to the devices. While bringing unprecedented convenience, accessibility, and efficiency, it also introduces safety hazards to users. Prior research studied smart home security from various aspects. However, we found that the complexity of the interactions among the participating entities (device, IoT cloud, and mobile app) has not yet been systematically investigated. In this work, we conducted an in-depth analysis to four widely used smart home solutions. Combining firmware reverse-engineering, network traffic interception, and black-box testing, we distill the general state transitions representing the complex interactions among the three entities. Based on the state machine, we reveal several vulnerabilities that lead to unexpected state transitions. While these minor security flaws appear to be irrelevant, we show that combining them in a surprising way poses serious security or privacy hazards to smart home users. To this end, five concrete attacks are constructed and illustrated. We also discuss the implications of the disclosed attacks in the context of business competition. Finally, we propose some general design suggestions for building a more secure smart home solution.

Davino Mauro Junior,Luis Melo,Harvey Lu,Marcelo d'Amorim,Atul Prakash

DOI: https://doi.org/10.48550/arXiv.1901.10062

2019-01-29

Abstract:Internet of Things (IoT) devices are becoming increasingly important. These devices are often resource-limited, hindering rigorous enforcement of security policies. Assessing the vulnerability of IoT devices is an important problem, but analyzing their firmware is difficult for a variety of reasons, including requiring the purchase of devices. This paper finds that analyzing companion apps to these devices for clues to security vulnerabilities can be an effective strategy. Compared to device hardware and firmware, these apps are easy to download and analyze. A key finding of this study is that the communication between an IoT device and its app is often not properly encrypted and authenticated and these issues enable the construction of exploits to remotely control the devices. To confirm the vulnerabilities found, we created exploits against five popular IoT devices from Amazon by using a combination of static and dynamic analyses. We also did a larger study, finding that analyzing 96 popular IoT devices only required analyzing 32 companion apps. Among the conservative findings, 50% of the apps corresponding to 38% of the devices did not use proper encryption techniques to secure device to companion app communication. Finally, we discuss defense strategies that developers can adapt to address the lessons from our work.

Cryptography and Security,Software Engineering

Yan Meng,Wei Zhang,Haojin Zhu,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1109/mwc.2017.1800100

IF: 12.777

2018-01-01

IEEE Wireless Communications

Abstract:The consumer Internet of Things (IoT) platforms are gaining high popularity. However, due to the open nature of wireless communications, smart home platforms are facing many new challenges, especially in the aspect of security and privacy. In this article, we first introduce the architecture of current popular smart home platforms and elaborate the functions of each component. Then we discuss the security and privacy challenges arising from these platforms and review the state of the art of the proposed countermeasures. We give a comprehensive survey on several new attacks on the voice interface of smart home platforms, which aim to gain unauthorized access and execute over-privileged behaviors to compromise the user's privacy. To thwart these attacks, we propose a novel voice liveness detection system, which analyzes the wireless signals generated by IoT devices and the received voice samples to perform user authentication. We implement a real-world testbed on Samsung's SmartThings platform to evaluate the performance of the proposed system, and demonstrate its effectiveness.

Zehui Zhang,Futai Zou,Jianan Hong,Libo Chen,Ping Yi

DOI: https://doi.org/10.1109/jiot.2024.3400858

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:At present, there is less research on the detection of broken access control vulnerabilities in the Internet of Things (IoT) systems, mostly using state machines to analyse abnormal state transitions and no systematic tools have been developed. The main challenges include the inaccessibility of communication messages, a lack of effective detection for broken access control vulnerabilities, and excessive manual involvement. Moreover, due to the existence of encryption, signatures, and other fields, it is challenging to directly port the Web-based detection tools to IoT. In response to these challenges, we propose a framework for detecting broken access control vulnerabilities based on the interaction between the applications and cloud platforms. The framework employs man-in-the-middle techniques to obtain communication messages between the two entities, enabling fast and effective fuzz testing through the keyword extraction, database-guided fuzzing, and response-based detection algorithms. In addition, a combination of dynamic and static reverse analysis techniques are used to overcome anti-tampering measures, such as encryption and signatures. Following the detection framework, we implemented the semi-automated broken access control detector (BACDetector) system and tested it on six applications from four manufacturers. BACDetector discovered nine broken access control vulnerabilities, including risks of device hijacking and privacy leakage. This validated its effectiveness in detecting vulnerabilities in IoT.

Bin Yuan,Yuhan Wu,Maogen Yang,Luyi Xing,Xuchang Wang,Deqing Zou,Hai Jin

DOI: https://doi.org/10.1109/tdsc.2022.3162312

2023-01-01

Abstract:Emerging IoT clouds are playing a more important role in modern lives, enabling users/developers to program applications to make better use of smart devices. However, preliminary research has shown IoT cloud vulnerabilities could expose IoT users to security risks. To better understand the problem, we studied the SmartThings cloud, one of the most popular IoT cloud platforms that support user-defined device automation (SmartApps). Specifically, we found new vulnerabilities in SmartThings that allow attackers to fake events to trigger the SmartApps to operate devices (e.g., open a lock). Exploiting such vulnerabilities, we successfully faked 7 different types of events, which impact 138 (out of 187) SmartThings’ official open-sourced SmartApps. To defeat such attacks, we propose an authenticity-verification-based scheme to deny fake events. Moreover, we designed a tool, SmartPatch , to help users secure their SmartThings systems. In specific, SmartPatch automatically patches the vulnerable SmartApps and Device Handlers (input) and outputs the flawless programs, which are ready for users to deploy in their SmartThings systems. We have made SmartPatch publicly available. With the help of SmartPatch , we patched all the vulnerable SmartThings’ official open-sourced programs (146 SmartApps and 321 Device Handlers). Experiments have shown the compatibility, effectiveness, and efficiency of our proposed approach.

Xuanyu Duan,Mengmeng Ge,Triet Huynh Minh Le,Faheem Ullah,Shang Gao,Xuequan Lu,M. Ali Babar

DOI: https://doi.org/10.1109/prdc53464.2021.00016

2021-12-01

Abstract:Internet of Things (IoT) based applications face an increasing number of potential security risks, which need to be systematically assessed and addressed. Expert-based manual assessment of IoT security is a predominant approach, which is usually inefficient. To address this problem, we propose an automated security assessment framework for IoT networks. Our framework first leverages machine learning and natural language processing to analyze vulnerability descriptions for predicting vulnerability metrics. The predicted metrics are then input into a two-layered graphical security model, which consists of an attack graph at the upper layer to present the network connectivity and an attack tree for each node in the network at the bottom layer to depict the vulnerability information. This security model automatically assesses the security of the IoT network by capturing potential attack paths. We evaluate the viability of our approach using a proof-of-concept smart building system model which contains a variety of real-world IoT devices and poten-tial vulnerabilities. Our evaluation of the proposed framework demonstrates its effectiveness in terms of automatically predicting the vulnerability metrics of new vulnerabilities with more than 90% accuracy, on average, and identifying the most vulnerable attack paths within an IoT network. The produced assessment results can serve as a guideline for cybersecurity professionals to take further actions and mitigate risks in a timely manner.

Bin Yuan,Jun Wan,Yu-Han Wu,De-Qing Zou,Hai Jin

DOI: https://doi.org/10.1007/s11390-023-2488-3

IF: 1.871

2023-01-01

Journal of Computer Science and Technology

Abstract:Among the plethora of IoT(Internet of Things)applications,the smart home is one of the fastest-growing.However,the rapid development of the smart home has also made smart home systems a target for attackers.Recently,re-searchers have made many efforts to investigate and enhance the security of smart home systems.Toward a more secure smart home ecosystem,we present a detailed literature review on the security of smart home systems.Specifically,we cat-egorize smart home systems'security issues into the platform,device,and communication issues.After exploring the re-search and specific issues in each of these security areas,we summarize the root causes of the security flaws in today's smart home systems,which include the heterogeneity of internal components of the systems,vendors'customization,the lack of clear responsibility boundaries and the absence of standard security standards.Finally,to better understand the se-curity of smart home systems and potentially provide better protection for smart home systems,we propose research direc-tions,including automated vulnerability mining,vigorous security checking,and data-driven security analysis.

Hui Liu,Changyu Li,Xuancheng Jin,Juanru Li,Yuanyuan Zhang,Dawu Gu

DOI: https://doi.org/10.1145/3139937.3139948

2017-01-01

Abstract:The concept of Smart Home drives the upgrade of home devices from traditional mode to an Internet-connected version. Instead of developing the smart devices from scratch, manufacturers often utilize existing smart home solutions released by large IT companies (e.g., Amazon, Google) to help build the smart home network. A smart home solution provides components such as software development kit (SDK) and relevant management system to boost the development and deployment of smart home devices. Nonetheless, the participating of third-party SDKs and management systems complicates the workflow of such devices. If not meticulously assessed, the complex workflow often leads to the violation of privacy and security to both the consumer and the manufacturer. In this paper, we illustrate how the security and privacy of smart home devices are affected by JoyLink, a widely used smart home solution. We demonstrate a concrete analysis combined with network traffic interception, source code audit, and binary code reverse engineering to evince that the design of smart home solution is error-prone. We argue that if the security and privacy issues are not considered, devices using the solution are inevitably vulnerable and thus the privacy and security of smart home are seriously threatened.

Yuhang Mao,Xuejun Li,Yan Jia,Shangru Zhao,Yuqing Zhang

DOI: https://doi.org/10.1109/smartworld-uic-atc-scalcom-iop-sci.2019.00261

2019-01-01

Abstract:With the rapid development of the Internet of Things (IoT) technology, security and privacy issues in the smart home have become the focus of extensive research. However, due to the differences in smart home solutions, especially the complex communication protocols and the wide variety of IoT devices, it is difficult for security researchers to systematically and comprehensively study the security of smart home. In this paper, we propose a novel security analysis method based on the life cycle of smart home, including the complete process of the user using IoT devices in smart home scenario, and take user, samrt device and IoT cloud as the research object. Moreover, in order to figure out the life cycle of smart home from different manufacturers, we propose a tool, called IoTCap (IoT Capture), to study the security and privacy issues of the smart home. The fundamental approach used in this tool is to capture IP-layer data packets sent and received by smart appliance on the user's mobile phone, and to analyze the contents of the data packets. Using this tool to recover the workflow and interaction process of the smart home, we further analyze security risks at all stages of the life cycle, including identity authentication, access control, protocol security, and privacy protection. The experimental results have shown that the method is feasible. We believe that this tool will be the basis of a general automation framework for analyzing the security and privacy of smart home.

Miao Yu,Jianwei Zhuge,Ming Cao,Zhiwei Shi,Lin Jiang

DOI: https://doi.org/10.3390/fi12020027

2020-01-01

Future Internet

Abstract:With the prosperity of the Internet of Things (IoT) industry environment, the variety and quantity of IoT devices have grown rapidly. IoT devices have been widely used in smart homes, smart wear, smart manufacturing, smart cars, smart medical care, and many other life-related fields. With it, security vulnerabilities of IoT devices are emerging endlessly. The proliferation of security vulnerabilities will bring severe risks to users’ privacy and property. This paper first describes the research background, including IoT architecture, device components, and attack surfaces. We review state-of-the-art research on IoT device vulnerability discovery, detection, mitigation, and other related works. Then, we point out the current challenges and opportunities by evaluation. Finally, we forecast and discuss the research directions on vulnerability analysis techniques of IoT devices.

Zhibo Wang,Defang Liu,Yunan Sun,Xiaoyi Pang,Peng Sun,Feng Lin,John C. S. Lui,Kui Ren

DOI: https://doi.org/10.1109/comst.2022.3201557

IF: 35.6

2022-01-01

IEEE Communications Surveys & Tutorials

Abstract:With recent advances in communication technologies and Internet of Things (IoT) infrastructures, home automation (HA) systems have emerged as a new promising paradigm that provides convenient smart-home services to users. However, there exist various security risks during the deployment and application of HA systems, which pose severe security threats to users. On the one hand, traditional IoT security threats (e.g., device intrusion, protocol vulnerabilities, and so on) are inherent to HA systems. On the other hand, as the core of HA systems, the Trigger-Action Programming (TAP) model organizes cloud platforms, local hubs, and smart devices through user-customized rules, but the complex interactions involved bring new challenges to the security of HA systems. These two kinds of security issues have attracted widespread attention from both academia and industry, and explorations on both attack and defense have been made. However, there is not yet a survey that provides a summary of the overall HA systems’ security research. In this paper, we conduct a comprehensive survey of the state-of-the-art literature on HA system security from aspects of attack and defense. We first give a brief introduction to the HA system architecture and present a general workflow of HA systems. Then, we review and classify the relevant attacks based on the HA architecture, with an explicit analysis of vulnerabilities exploited by these attacks. We further elaborate on the security requirements of HA systems and provide detailed descriptions and comparisons of existing defenses methods. Finally, we conclude with a thorough discussion of open issues for future research.

Dongming Sun,Liang Hu,Gang Wu,Yongheng Xing,Juncheng Hu,Feng Wang

DOI: https://doi.org/10.1109/jiot.2024.3362950

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:The increased utilization of Trigger-Action Programming (TAP) rules in smart homes has raised concerns regarding potential security threats in the interactions between smart digital devices/online services (DD/OS) and the physical environment. To ensure the secure use of intelligent and convenient infrastructure for users, we introduce an approach aimed at detecting potential security threats. In this paper, we propose IoT security threat models and categorize the threats into Risky DD/OS with Physical Security, Contradictory Operation of DD/OS and Environmental Impact Conflict. To effectively detect security threats, we construct an Internet of Things-Heterogeneous Information Networks (IoT-HIN) and enhance it with a knowledge base tool, transforming it into a knowledge-based IoT-HIN. We establish meta-paths to conduct analysis of events triggered by rules, and a threat detection algorithm is proposed to identify potential security threats and determine the rules leading to these threats. The proposed approach is validated using a real-world dataset, and the experimental results demonstrate its efficiency and practicality. Furthermore, a comparative analysis with similar works is conducted to highlight the superiority of our proposed approach.

computer science, information systems,telecommunications,engineering, electrical & electronic

Kulani Mahadewa,Kailong Wang,Guangdong Bai,Ling Shi,Yan Liu,Jin Song Dong,Zhenkai Liang

DOI: https://doi.org/10.1109/tse.2019.2960690

IF: 7.4

2021-12-01

IEEE Transactions on Software Engineering

Abstract:A key feature of the booming smart home is the integration of a wide assortment of technologies, including various standards, proprietary communication protocols and heterogeneous platforms. Due to customization, unsatisfied assumptions and incompatibility in the integration, critical security vulnerabilities are likely to be introduced by the integration. Hence, this work addresses the security problems in smart home systems from an integration perspective, as a complement to numerous studies that focus on the analysis of individual techniques. We propose HomeScan, an approach that examines the security of the implementations of smart home systems. It extracts the abstract specification of application-layer protocols and internal behaviors of entities, so that it is able to conduct an end-to-end security analysis against various attack models. Applying HomeScan on three extensively-used smart home systems, we have found twelve non-trivial security issues, which may lead to unauthorized remote control and credential leakage.

engineering, electrical & electronic,computer science, software engineering

Seokung Yoon,Haeryong Park,Hyeong Seon Yoo

DOI: https://doi.org/10.1007/978-3-662-45402-2_97

2015-01-01

Abstract:Smarthome as one of IoT(Internet of Things) services is growing more and more interested. Due to the development of mobile network, proliferation of smartphones and increasing of interest for personal safety, many enterprises enter the smartphone market. However, incidents could happen because they provide their services without considering security. This paper analyzes security vulnerabilities of smarthome and proposes countermeasures.

Lei Bu,Qiuping Zhang,Suwan Li,Jinglin Dai,Guangdong Bai,Kai Chen,Xuandong Li

DOI: https://doi.org/10.1145/3597926.3598084

2023-01-01

Abstract:Internet of Things (IoT) has become prevalent in various fields, especially in the context of home automation (HA). To better control HA-IoT devices, especially to integrate several devices for rich smart functionalities, trigger-action programming, such as the If This Then That (IFTTT), has become a popular paradigm. Leveraging it, novice users can easily specify their intent in applets regarding how to control a device/service through another once a specific condition is met. Nevertheless, the users may design IFTTT-style integrations inappropriately, due to lack of security experience or unawareness of the security impact of cyber-attacks against individual devices. This has caused financial loss, privacy leakage, unauthorized access and other security issues. To address these problems, this work proposes a systematic framework named MEDIC to model smart home integrations and check their security. It automatically generates models incorporating the service/device behaviors and action rules of the applets, while taking into consideration the external attacks and in-device vulnerabilities. Our approach takes around one second to complete the modeling and checking of one integration. We carried out experiments based on 200 integrations created from a user study and a dataset crawled from ifttt.com. To our great surprise, nearly 83% of these integrations have security issues.

Zhao Chen,Fanping Zeng,Tingting Lu,Wenjuan Shu

DOI: https://doi.org/10.1109/icpads47876.2019.00151

2019-01-01

Abstract:IoT devices used in smart home have become a fundamental part of modern society. Such devices enable our living space to be more convenient. This enables human interaction with physical environment, also happens between two applications or others third-party rules in addition, and causes some unexpected automation, even causes safety concerns. What's worse is that attackers can leverage stealthy physical interactions to launch attacks against IoT systems or steal user privacy. In this paper, we propose a tool called IoTIE that discovers any possible physical interactions and extract all potential interactions across applications and rules in the IoT environment. And we present a comprehensive system evaluation on the Samsung SmartThings and IFTTT platform. We study 187 official SmartThings applications and 98 IFTTT rules, and find they can form 231 hidden inter-app interactions through physical environments. In particular, our experiment reveals that 74 interactions are highly risky and could be potentially exploited to impact the security and safety of the IoT environment.

Zhen Ling,Junzhou Luo,Yiling Xu,Chao Gao,Kui Wu,Xinwen Fu

DOI: https://doi.org/10.1109/jiot.2017.2707465

IF: 10.6

2017-01-01

IEEE Internet of Things Journal

Abstract:With the rapid development of the Internet of Things, more and more small devices are connected into the Internet for monitoring and control purposes. One such type of devices, smart plugs, have been extensively deployed worldwide in millions of homes for home automation. These smart plugs, however, would pose serious security problems if their vulnerabilities were not carefully investigated. Indeed, we discovered that some popular smart home plugs have severe security vulnerabilities which could be fixed but unfortunately are left open. In this paper, we case study a smart plug system of a known brand by exploiting its communication protocols and successfully launching four attacks: 1) device scanning attack; 2) brute force attack; 3) spoofing attack; and 4) firmware attack. Our real-world experimental results show that we can obtain the authentication credentials from the users by performing these attacks. We also present guidelines for securing smart plugs.

Jung Tae (Steve) Kim

DOI: https://doi.org/10.5772/intechopen.97851

2022-01-07

Abstract:A lot of communication are developed and advanced with different and heterogeneous communication techniques by integration of wireless and wire connection. Conventional technology is mainly focus on information technology based on computer techniques in the field of industry, manufacture and automation fields. It consists of individual skill and technique. As new technologies are developed and enhanced with conventional techniques, a lot of new application is emerged and merged with previous mechanism and skills. The representative application is internet of things services and applications. Internet of things is breakthrough technologies and one of the innovation industries which are called 4 generation industry revolution. Many different types of object and devices are embedded in sensor node. They are inter-connected with optimized open system interconnection protocol over internet, wireless and wire medium. Most of communication is fully inter-connected with conventional techniques at point to point and end to application in general. Most of information in internet of things is weak against attack. This may induce vulnerable features to unauthorized and outside attacker over internet protocol, Bluetooth, Wi-Fi, and so forth. As high and low efficient equipment are merged into heterogeneous infrastructure, IoT communication surroundings has become more complex, Due to limited resources in IoT such as small memory, low power and computing power, IoT devices are vulnerable and disclosed with security problems. In this chapter, we analyzed security challenges and threats based on smart home network under IoT service.