Journal Article10.1109/JIOT.2018.2875240
Reverse Engineering IoT Devices: Effective Techniques and Methods
42
TL;DR: This paper analyzes the security level of 16 popular IoT devices and evaluates several low-cost black-box techniques for reverse engineering these devices, including software and fault injection-based techniques used to bypass password protection.
read more
Abstract: Recent Internet of Things (IoT) botnet attacks have called the attention to the fact that there are many vulnerable IoT devices connected to the Internet today. Some of these Web-connected devices lack even basic security practices such as strong password authentication. As a consequence, many IoT devices are already infected with malware and many more are vulnerable to exploitation. In this paper we analyze the security level of 16 popular IoT devices. We evaluate several low-cost black-box techniques for reverse engineering these devices, including software and fault injection-based techniques used to bypass password protection. We use these techniques to recover device firmware and passwords. We also discover several common design flaws which lead to previously unknown vulnerabilities. We demonstrate the effectiveness of our approach by modifying a laboratory version of the Mirai botnet to automatically add these devices to a botnet. We also discuss how to improve the security of IoT devices without significantly increasing their cost or affecting their usability.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
Security Testbed for Internet-of-Things Devices
Shachar Siboni,Vinay Sachidananda,Yair Meidan,Michael Bohadana,Yael Mathov,Suhas Bhairav,Asaf Shabtai,Yuval Elovici +7 more
TL;DR: The proposed security testbed is aimed at testing all types of IoT devices, with different software/hardware configurations, by performing standard and advanced security testing, and is effective at detecting vulnerabilities and compromised IoT devices.
A Practical Evaluation on RSA and ECC-Based Cipher Suites for IoT High-Security Energy-Efficient Fog and Mist Computing Devices.
TL;DR: A novel mist computing testbed is presented and the importance of selecting a proper ECC curve is demonstrated, showing that, for the tested devices, some curves present worse energy consumption and data throughput than other curves that provide a higher security level.
114
Machine Learning for the Detection and Identification of Internet of Things (IoT) Devices: A Survey
TL;DR: A comprehensive survey on machine learning technologies for the identification of IoT devices along with the detection of compromised or falsified ones from the viewpoint of passive surveillance agents or network operators is provided in this paper.
114
Cyber-physical security for IoT networks: a comprehensive review on traditional, blockchain and artificial intelligence based key-security
Ankit Attkan,Virender Ranga +1 more
- 24 Feb 2022
TL;DR: In this article , a comprehensive quality study for researchers on authentication and session keys, integrating IoT with blockchain and AI-based authentication in cybersecurity is presented, where the authors systematically survey recent trending technologies from an IoT security point of view and discuss traditional key security mechanisms.
On Manually Reverse Engineering Communication Protocols of Linux-Based IoT Systems
TL;DR: This article systematically presents the first manual reverse engineering framework for discovering communication protocols of embedded Linux-based IoT systems and applies it to both read-only and writable embedded Linux filesystems.
40
References
Internet of Things (IoT): A vision, architectural elements, and future directions
TL;DR: In this article, the authors present a cloud centric vision for worldwide implementation of Internet of Things (IoT) and present a Cloud implementation using Aneka, which is based on interaction of private and public Clouds, and conclude their IoT vision by expanding on the need for convergence of WSN, the Internet and distributed computing directed at technological research community.
11.6K
•Posted Content
Internet of Things (IoT): A Vision, Architectural Elements, and Future Directions
TL;DR: This paper presents a Cloud centric vision for worldwide implementation of Internet of Things, and expands on the need for convergence of WSN, the Internet and distributed computing directed at technological research community.
A Survey on Internet of Things: Architecture, Enabling Technologies, Security and Privacy, and Applications
TL;DR: The relationship between cyber-physical systems and IoT, both of which play important roles in realizing an intelligent cyber- physical world, are explored and existing architectures, enabling technologies, and security and privacy issues in IoT are presented to enhance the understanding of the state of the art IoT development.
2.7K
Security, privacy and trust in Internet of Things
TL;DR: In this article, the authors present the main research challenges and the existing solutions in the field of IoT security, identifying open issues and suggesting some hints for future research, and suggest some hints to future research.
1.7K
Lest we remember: cold-boot attacks on encryption keys
J. Alex Halderman,Seth D. Schoen,Nadia Heninger,William Clarkson,William Paul,Joseph A. Calandrino,Ariel J. Feldman,Jacob Appelbaum,Edward W. Felten +8 more
TL;DR: It is shown that dynamic RAM, the main memory in most modern computers, retains its contents for several seconds after power is lost, even at room temperature and even if removed from a motherboard, and this phenomenon limits the ability of an operating system to protect cryptographic key material from an attacker with physical access to a machine.