Abstract
Efforts have been made to improve the security of the Internet of Things (IoT) devices, but there remain some vulnerabilities and misimplementations. This paper describes a new threat to home security devices in which an attacker can disable all functionality of a device, but to the device’s owner, everything still appears to be operational. We targeted home security devices because their security is critical as people may rely on them to protect their homes. In particular, we exploited a feature called “heartbeat”, which is exchanged between the devices and the cloud in order to check that the devices are still connected. Even though network traffic was encrypted, we successfully identified the heartbeats due to their fixed size and periodic nature. Thereafter, we established a man-in-the-middle attack between the device and the cloud and selectively forwarded heartbeats while filtering out other traffic. As a result, the device appears to be still connected (because the heartbeat traffic is being allowed through), while in reality the device’s functionality is disabled (because non-heartbeat traffic is being filtered out). We applied this exploit on a set of six devices, and five were found to be vulnerable. Consequently, an intruder can use this exploit to disable a home security device and break into a house without the awareness of the owner. We carried out a responsible disclosure exercise with the manufacturers of the affected devices, but the response has been limited. This shows that IoT security is still not taken completely seriously and many threats are still undiscovered. Finally, we provide some recommendations on how to detect and prevent the threats posed by insecure IoT devices, which ironically include IoT home security kits.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Evans, D.: How the internet of everything will change the world...for the better IOE [infographic], April 2013. https://blogs.cisco.com/digital/how-the-internet-of-everything-will-change-the-worldfor-the-better-infographic
Meulen, R.V.D.: Gartner says 8.4 billion connected “things” will be in use in 2017, up 31 percent from 2016’, February 2017. https://www.gartner.com/en/newsroom/press-releases/2017-02-07-gartner-says-8-billion-connected-things-will-be-in-use-in-2017-up-31-percent-from-2016
Antonakakis, M., April, T., Bailey, M., et al.: Understanding the mirai botnet. In: 26th USENIX Security Symposium (USENIX Security 17), pp. 1093–1110. USENIX Association (2017)
Cetin, O., Ganán, C., Altena, L., et al.: Cleaning up the internet of evil things: real-world evidence on ISP and consumer efforts to remove Mirai. In: Network and Distributed Systems Security (NDSS) Symposium (2019)
Kolias, C., Kambourakis, G., Stavrou, A., Voas, J.: DDoS in the IoT: Mirai and other botnets. Computer 50(7), 80–84 (2017). https://doi.org/10.1109/mc.2017.201
Zetter, K.: Flaw in home security cameras exposes live feeds to hackers, June 2012. https://www.wired.com/2012/02/home-cameras-exposed/
Kelion, L.: Swann’s home security camera recordings could be hijacked, July 2018. https://www.bbc.co.uk/news/technology-44809152
Simmons, D.: Security holes found in big brand car alarms, March 2019. https://www.bbc.co.uk/news/technology-47485731
Visan, B., Lee, J., Yang, B., Smith, A.H., Matson, E.T.: Vulnerabilities in hub architecture IoT devices. In: 2017 14th IEEE Annual Consumer Communications Networking Conference (CCNC), pp. 83–88, January 2017
Fernandes, E., Jung, J., Prakash, A.: Security analysis of emerging smart home applications. In: IEEE Symposium on Security and Privacy (SP), pp. 636–654 (2016)
Apthorpe, N., Reisman, D., Feamster, N.: A smart home is no castle: privacy vulnerabilities of encrypted IoT traffic. CoRR, vol. abs/1705.06805 (2017). http://arxiv.org/abs/1705.06805
Shaun, N.: This one weird trick turns your google home hub into a doorstop, November 2018. https://www.theregister.co.uk/2018/10/31/google_home_api
OConnor, T., Enck, W., Reaves, B.: Blinded and confused: uncovering systemic flaws in device telemetry for smart-home internet of things. In: Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks, pp. 140–150. ACM (2019)
Whalen, S., Engle, S., Romeo, D.: An introduction to ARP spoofing, April 2001. http://index-of.es/Misc/pdf/arpspoofing_slides.pdf
Aircrack-NG tool. https://www.aircrack-ng.org/doku.php?id=aireplay-ng
Wireshark: Wireshark Tool. https://www.wireshark.org/
PC Magazine Encyclopedia: Heartbeat Definition. https://www.pcmag.com/encyclopedia/term/44190/heartbeat
All the networks. found by everyone. https://wigle.net/
Nakhila, O., Attiah, A., Jin, Y., Zou, C.: Parallel active dictionary attack on WPA2-PSK wi-fi networks. In: MILCOM 2015–2015 IEEE Military Communications Conference, pp. 665–670. IEEE (2015)
Viehböck, S.: Brute forcing wi-fi protected setup, December 2011. https://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf
Krebs, B.: A deep dive on the recent widespread DNS hijacking attacks, February 2019. https://krebsonsecurity.com/2019/02/a-deep-dive-on-the-recent-widespread-dns-hijacking-attacks/
Greene, T.: Attackers can take over cisco routers; other routers at risk, too, September 2015. https://www.networkworld.com/article/2984124/attackers-can-take-over-cisco-routers-other-routers-at-risk-too.html
Cisco Security Advisory: Cisco security threat and vulnerability intelligence, January 2019. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-file-write
IEEE Computer Society LAN/MAN Standards Committee: IEEE Standard for Information technology-Telecommunications and information exchange between systems-Local and metropolitan area networks-Specific requirements Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications. IEEE Std 802.11 (2007)
Jorjin: Jorjin WG7831-D0 Wi-Fi chipset. https://www.jorjin.com/product.php?id=79
Jorjin: WG78XX Serial Module - Support Note. https://www.jorjin.com/upload/1470892430.pdf
Chapman, A.: Hacking into internet connected light bulbs, July 2014. https://www.contextis.com/blog/hacking-into-internet-connected-light-bulbs
Identifying and Preventing Threats to Your IoT Devices. https://developer.ibm.com/articles/iot-prevent-threats-iot-devices/#heartbeat
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Hariri, A., Giannelos, N., Arief, B. (2020). Selective Forwarding Attack on IoT Home Security Kits. In: Katsikas, S., et al. Computer Security. CyberICPS SECPRE SPOSE ADIoT 2019 2019 2019 2019. Lecture Notes in Computer Science(), vol 11980. Springer, Cham. https://doi.org/10.1007/978-3-030-42048-2_23
Download citation
DOI: https://doi.org/10.1007/978-3-030-42048-2_23
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-42047-5
Online ISBN: 978-3-030-42048-2
eBook Packages: Computer ScienceComputer Science (R0)