IoT Hacking – A Primer

The Internet of Things (IoT) enables many new and exciting applications, but it also creates a number of new risks related to information security. Several recent attacks on IoT devices and systems illustrate that they are notoriously insecure. It has also been shown that a major part of the attacks resulted in full adversarial control over IoT devices, and the reason for this is that IoT devices themselves are weakly protected and they often cannot resist even the most basic attacks. Penetration testing or ethical hacking of IoT devices can help discovering and fixing their vulnerabilities that, if exploited, can result in highly undesirable conditions, including damage of expensive physical equipment or even loss of human life. In this paper, we give a basic introduction into hacking IoT devices. We give an overview on the methods and tools for hardware hacking, firmware extraction and unpacking, and performing basic firmware analysis. We also provide a survey on recent research on more advanced firmware analysis methods, including static and dynamic analysis of binaries, taint analysis, fuzzing, and symbolic execution techniques. By giving an overview on both practical methods and readily available tools as well as current scientific research efforts, our work can be useful for both practitioners and academic researchers.

Download Full-text

Research on Data Mining of Permission-Induced Risk for Android IoT Devices

Applied Sciences ◽

10.3390/app9020277 ◽

2019 ◽

Vol 9 (2) ◽

pp. 277 ◽

Cited By ~ 7

Author(s):

Rajesh Kumar ◽

Xiaosong Zhang ◽

Riaz Khan ◽

Abubakar Sharif

Keyword(s):

Data Exchange ◽

Malware Detection ◽

The Internet ◽

Static And Dynamic Analysis ◽

Android Apps ◽

Novel Approach ◽

Android Applications ◽

Iot Devices ◽

Android Permission ◽

The Internet Of Things

With the growing era of the Internet of Things (IoT), more and more devices are connecting with the Internet using android applications to provide various services. The IoT devices are used for sensing, controlling and monitoring of different processes. Most of IoT devices use Android applications for communication and data exchange. Therefore, a secure Android permission privileged mechanism is required to increase the security of apps. According to a recent study, a malicious Android application is developed almost every 10 s. To resist this serious malware campaign, we need effective malware detection approaches to identify malware applications effectively and efficiently. Most of the studies focused on detecting malware based on static and dynamic analysis of the applications. However, to analyse the risky permission at runtime is a challenging task. In this study, first, we proposed a novel approach to distinguish between malware and benign applications based on permission ranking, similarity-based permission feature selection, and association rule for permission mining. Secondly, the proposed methodology also includes the enhancement of the random forest algorithm to improve the accuracy for malware detection. The experimental outcomes demonstrate high proficiency of the accuracy for malware detection, which is pivotal for android apps aiming for secure data exchange between IoT devices.

Download Full-text

A Survey on the Use of IoT and IoT Devices in a Human Life

International Journal of Scientific Research in Science and Technology ◽

10.32628/ijsrst207530 ◽

2020 ◽

pp. 297-302

Author(s):

Rupal Chaudhary

Keyword(s):

Internet Of Things ◽

Biological System ◽

Social Insurance ◽

Human Life ◽

The Internet ◽

Business Applications ◽

Iot Devices ◽

The Internet Of Things

Abstract. The Internet of Things (IoT) is making a lot of buzz while it approaches changing our lives. IoT is all over the place, despite the fact that we don't generally observe it or realize that a gadget is a piece of the IoT. The IoT is transforming physical articles into a biological system of data shared between gadgets that are wearable, versatile, even implantable, making our lives innovation and information rich. IoT business applications are various. Keen machines are evolving when, where and how work is done in for all intents and purposes each industry; yet, I'm not catching it's meaning for reality? IoT is a remarkable system associating machines, people, information and forms and is presently sifting down to reality, molding how we approach our every day lives. Some true instances of IoT are wearable wellness and trackers (like Fitbits) and IoT social insurance applications, voice partners (Siri and Alexa), shrewd vehicles (Tesla), and keen machines (iRobot). With IoTs quick arrangement coming into contact with numerous IoT gadgets consistently will be unavoidable soon. In this paper we gathered the region on which the IoT gadgets will significantly affect numerous parts of our carries on with like in live, in drive, and in cultivating harvests and creatures.

Download Full-text

IOT Security Threats and Block Chain based Solutions

International Journal of Recent Technology and Engineering - 2 ◽

10.35940/ijrte.b1034.0782s519 ◽

2019 ◽

Vol 8 (2S5) ◽

pp. 167-173

Keyword(s):

Internet Of Things ◽

Life Style ◽

Human Life ◽

Security And Privacy ◽

The Internet ◽

Block Chain ◽

Iot Devices ◽

The Internet Of Things ◽

Security Concern ◽

Security Of Iot

The Internet of Things (IoT) is one of the important technologies that has taken the attention of researchers. It is the interconnection of things connected with each other and to also with humans, to achieve some goals. In future IoT is expected to be effortlessly integrated into our environment and human will be solely dependent on this technology for comfort and easy life style. Any security concern of the system will directly affect human life. So security and privacy of this technology is primarily important issue to resolve. In this paper, we discuss the threats and vulnerabilities to the security of IoT devices in different domains, different layers, its deployment architecture and provides possible Block chain solution to overcome these issues. The paper also analyzes how the Block chain technology can be used to provide security and privacy in IoT. : The Internet of Things (IoT) is one of the important technologies that has taken the attention of researchers. It is the interconnection of things connected with each other and to also with humans, to achieve some goals. In future IoT is expected to be effortlessly integrated into our environment and human will be solely dependent on this technology for comfort and easy life style. Any security concern of the system will directly affect human life. So security and privacy of this technology is primarily important issue to resolve. In this paper, we discuss the threats and vulnerabilities to the security of IoT devices in different domains, different layers, its deployment architecture and provides possible Block chain solution to overcome these issues. The paper also analyzes how the Block chain technology can be used to provide security and privacy in IoT.

Download Full-text

Centralized, Distributed, and Everything in between

ACM Computing Surveys ◽

10.1145/3465170 ◽

2022 ◽

Vol 54 (7) ◽

pp. 1-34

Author(s):

Sophie Dramé-Maigné ◽

Maryline Laurent ◽

Laurent Castillo ◽

Hervé Ganem

Keyword(s):

Access Control ◽

Future Research ◽

The Internet ◽

Research Directions ◽

Security Issues ◽

Security Properties ◽

Future Research Directions ◽

Iot Devices ◽

The Internet Of Things ◽

Security Of Iot

The Internet of Things is taking hold in our everyday life. Regrettably, the security of IoT devices is often being overlooked. Among the vast array of security issues plaguing the emerging IoT, we decide to focus on access control, as privacy, trust, and other security properties cannot be achieved without controlled access. This article classifies IoT access control solutions from the literature according to their architecture (e.g., centralized, hierarchical, federated, distributed) and examines the suitability of each one for access control purposes. Our analysis concludes that important properties such as auditability and revocation are missing from many proposals while hierarchical and federated architectures are neglected by the community. Finally, we provide an architecture-based taxonomy and future research directions: a focus on hybrid architectures, usability, flexibility, privacy, and revocation schemes in serverless authorization.

Download Full-text

Application of Taint Analysis to Study the Safety of Software of the Internet of Things Devices Based on the ARM Architecture

Automatic Control and Computer Sciences ◽

10.3103/s0146411620080246 ◽

2020 ◽

Vol 54 (8) ◽

pp. 834-840

Author(s):

T. D. Ovasapyan ◽

P. V. Knyazev ◽

D. A. Moskvin

Keyword(s):

Internet Of Things ◽

The Internet ◽

Taint Analysis ◽

The Internet Of Things

Download Full-text

City with Smart Waste Management: Introducing Waste Bin Technologies

Nexo Revista Científica ◽

10.5377/nexo.v34i02.11628 ◽

2021 ◽

Vol 34 (02) ◽

pp. 1032-1038

Author(s):

Arya Majidi

Keyword(s):

Internet Of Things ◽

Adverse Effects ◽

Waste Management ◽

Smart Cities ◽

Human Life ◽

The Other ◽

The Internet ◽

Waste Collection ◽

Waste Production ◽

The Internet Of Things

Population growth and urbanization have led to an increase in the rate of waste production, the lack of timely and proper management of which will have adverse effects on human life and the environment. Since most of the waste management costs are spent on waste collection and transportation, it is necessary to find solutions to control the huge costs of this sector. On the other hand, today, intelligent technologies are used globally as solutions to meet challenges in various fields such as agriculture to improve agro-industrial production, transportation, and waste management, which creates a concept called smart cities. One of the categories that has changed the concept of cities and made them have easier and smarter answers to various events and needs is the "Internet of Things", in which many cases and infrastructures with new hardware technologies and Software are integrated. Waste collection is no exception to this rule and efforts have been made to make it smarter. In this research, some of the latest innovations presented globally in order to make trash smarter have been examined.

Download Full-text

Detection of the Hardcoded Login Information from Socket and String Compare Symbols

Annals of Emerging Technologies in Computing ◽

10.33166/aetic.2021.01.003 ◽

2021 ◽

Vol 5 (1) ◽

pp. 28-39

Author(s):

Minami Yoda ◽

Shuji Sakuraba ◽

Yuichi Sei ◽

Yasuyuki Tahara ◽

Akihiko Ohsuga

Keyword(s):

Internet Of Things ◽

Static Analysis ◽

Real World ◽

Symbolic Execution ◽

The Internet ◽

User Input ◽

Network Function ◽

Private Data ◽

String Search ◽

Iot Devices

Internet of Things (IoT) for smart homes enhances convenience; however, it also introduces the risk of the leakage of private data. TOP10 IoT of OWASP 2018 shows that the first vulnerability is ”Weak, easy to predict, or embedded passwords.” This problem poses a risk because a user can not fix, change, or detect a password if it is embedded in firmware because only the developer of the firmware can control an update. In this study, we propose a lightweight method to detect the hardcoded username and password in IoT devices using a static analysis called Socket Search and String Search to protect from first vulnerability from 2018 OWASP TOP 10 for the IoT device. The hardcoded login information can be obtained by comparing the user input with strcmp or strncmp. Previous studies analyzed the symbols of strcmp or strncmp to detect the hardcoded login information. However, those studies required a lot of time because of the usage of complicated algorithms such as symbolic execution. To develop a lightweight algorithm, we focus on a network function, such as the socket symbol in firmware, because the IoT device is compromised when it is invaded by someone via the Internet. We propose two methods to detect the hardcoded login information: string search and socket search. In string search, the algorithm finds a function that uses the strcmp or strncmp symbol. In socket search, the algorithm finds a function that is referenced by the socket symbol. In this experiment, we measured the ability of our proposed method by searching six firmware in the real world that has a backdoor. We ran three methods: string search, socket search, and whole search to compare the two methods. As a result, all methods found login information from five of six firmware and one unexpected password. Our method reduces the analysis time. The whole search generally takes 38 mins to complete, but our methods finish the search in 4-6 min.

Download Full-text

A survey on approaches to the protection of personal data gathered by IoT devices

10.7287/peerj.preprints.26473 ◽

2018 ◽

Author(s):

Henry Tranter

Keyword(s):

Internet Of Things ◽

Personal Data ◽

The Internet ◽

Ideal Solution ◽

Security Systems ◽

Personal Lives ◽

Is Security ◽

The World ◽

Iot Devices ◽

The Internet Of Things

Security is always at the forefront of developing technologies. One can seldom go a week without hearing of a new data breach or hacking attempt from various groups around the world, often taking advantage of a simple flaw in a system’s architecture. The Internet of Things (IoT) is one of these developing technologies which may be at risk of such attacks. IoT devices are becoming more and more prevalent in everyday life. From keeping track of an individual’s health, to suggesting meals from items available in an individual’s fridge, these technologies are taking a much larger role in the personal lives of their users. With this in mind, how is security being considered in the development of these technologies? Are these devices that monitor individual’s personal lives just additional vectors for potential data theft? Throughout this survey, various approaches to the development of security systems concerning IoT devices in the home will be discussed, compared, and contrasted in the hope of providing an ideal solution to the problems this technology may produce.

Download Full-text

It’s only the beginning: Metadata Retention laws and the Internet of Things

Australian Journal of Telecommunications and the Digital Economy ◽

10.18080/jtde.v3n3.21 ◽

2015 ◽

Vol 3 (3) ◽

pp. 47-57

Author(s):

Clinton Fernandes ◽

Vijay Sivaraman

Keyword(s):

Internet Of Things ◽

The Internet ◽

Apparent Discrepancy ◽

Data Retention ◽

User Control ◽

The Law ◽

Iot Devices ◽

The Internet Of Things ◽

The Way

This article examines the implications of selected aspects of the Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015, which was passed by the Australian Parliament in March 2015. It shows how the new law has strengthened protections for privacy. However, focusing on the investigatory implications, it shows how the law provides a tactical advantage to investigators who pursue whistleblowers and investigative journalists. The article exposes an apparent discrepancy in the way ‘journalist’ is defined across different pieces of legislation. It argues that although legislators’ interest has been overwhelmingly focused on communications data, the explosion of data generated by the so-called Internet-of-Things (IoT) is as important or more. It shows how the sensors in selected IoT devices lead to a loss of user control and will enable non-stop, involuntary and ubiquitous monitoring of individuals. It suggests that the law will need to be amended further once legislators and investigators’ knowledge of the potential of IoT increases.

Download Full-text

Design a blockchain-based middleware layer in the Internet of Things Architecture

JOIV International Journal on Informatics Visualization ◽

10.30630/joiv.4.1.334 ◽

2020 ◽

Vol 4 (1) ◽

Author(s):

Tanweer Alam

Keyword(s):

Internet Of Things ◽

Fog Computing ◽

Smart Devices ◽

The Internet ◽

Novel Approach ◽

Generation Computing ◽

Critical Issues ◽

Iot Devices ◽

The Internet Of Things

In next-generation computing, the role of cloud, internet and smart devices will be capacious. Nowadays we all are familiar with the word smart. This word is used a number of times in our daily life. The Internet of Things (IoT) will produce remarkable different kinds of information from different resources. It can store big data in the cloud. The fog computing acts as an interface between cloud and IoT. The extension of fog in this framework works on physical things under IoT. The IoT devices are called fog nodes, they can have accessed anywhere within the range of the network. The blockchain is a novel approach to record the transactions in a sequence securely. Developing a new blockchains based middleware framework in the architecture of the Internet of Things is one of the critical issues of wireless networking where resolving such an issue would result in constant growth in the use and popularity of IoT. The proposed research creates a framework for providing the middleware framework in the internet of smart devices network for the internet of things using blockchains technology. Our main contribution links a new study that integrates blockchains to the Internet of things and provides communication security to the internet of smart devices.

Download Full-text