Abstract
The necessity of using secure Internet-of-Things (IoT) devices in various use cases has increased over years. According with various analysis in the first half of the year 2021, there were 1.5 billion attacks on smart devices for stealing data, mining cryptocurrency or building botnets. Therefore, the security of the IoT devices is mandatory for any solution in the field – e.g., from Smart Cities to Healthcare. The main challenge for having reasonable security for IoT devices is the fragmentation of the market landscape and protocols, as well as poor penetration of the device attestation and embedded/integrated secure elements for the IoT nodes. First section of this paper is an overview of the IoT certification schemes and in the second section the authors present a proof-of-concept solution for direct and reverse shell in an IoT gateway. The last section offers conclusions regarding the cybersecurity for the IoT gateways and nodes.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Kleymenov, A., Thabet, A.: Mastering Malware Analysis: The Complete Malware Analyst's Guide to Combating Malicious Software, APT, Cybercrime, and IoT Attacks. Packt Publishing, Birmingham (2019), ISBN-13: 978-1789610789, ISBN-10: 1789610788
GitHub Resources for the paper and ARM Assembly published by authors. https://github.com/critoma/armasmiot/tree/master/labs/workspacearmassembly/arm32. Accessed 11 Nov 2021
Azeria Labs Exploits for ARM – Shellcode and Reverse Shellcode. https://azeria-labs.com/writing-arm-shellcode/, https://azeria-labs.com/tcp-bind-shell-in-assembly-arm-32-bit/, https://azeria-labs.com/tcp-reverse-shell-in-assembly-arm-32-bit/. Accessed 11 Nov 2021
Eurosmart IoT Study Report - Internet of Trust S.A.S. (IOTR) – TÜV Informationstechnik GmbH (TÜViT), A Cartography of Security Certification Schemes/Standards for IOT. https://www.eurosmart.com/wp-content/uploads/2020/02/2020-01-27-Eurosmart_IoT_Study_Report-v1.2.pdf. Accessed 11 Nov 2021
Resources for BSZ. https://www.bsi.bund.de/EN/Topics/Certification/product_certification/Accelerated_Security_Certification/Accelerated-Security-Certification_node.html. Accessed 11 Nov 2021
Resources for CSPN. https://www.ssi.gouv.fr/administration/produits-certifies/cspn/. Accessed 11 Nov 2021
Resources for e-IoT-SCS. https://www.eurosmart.com/eurosmart-iot-certification-scheme/. Accessed 11 Nov 2021
Resources for ETSI TS 103 645. https://www.etsi.org/deliver/etsi_ts/103600_103699/103645/01.01.01_60/ts_103645v010101p.pdf, https://www.etsi.org/deliver/etsi_en/303600_303699/303645/02.01.01_60/en_303645v020101p.pdf. Accessed 11 Nov 2021
Resources for GP TEE. https://globalplatform.org/certifications/security-certification/, https://globalplatform.org/wp-content/uploads/2021/01/GP_TEECertificationProcess_v2.0_PublicRelease.pdf. Accessed 11 Nov 2021
Resources for GP SE. https://globalplatform.org/certifications/security-certification/, https://globalplatform.org/wp-content/uploads/2021/02/GP_SE_CertificationProcess_v2.0_PublicRelease.pdf. Accessed 11 Nov 2021
Resources for GSMA IoT SA. https://www.gsma.com/iot/iot-security-assessment/, https://www.gsma.com/iot/wp-content/uploads/2020/05/CLP.11-v2.2-GSMA-IoT-Security-Guidelines-Overview-Document.pdf, https://www.gsma.com/iot/wp-content/uploads/2020/05/GSMA-IoT-Security-Assessment.zip. Accessed 11 Nov 2021
Resources for IoTSCF. https://www.iotsecurityfoundation.org/wp-content/uploads/2021/11/IoTSF-IoT-Security-Assurance-Framework-Release-3.0-Nov-2021-1.pdf. Accessed 11 Nov 2021
Resources for IEC 62443. www.iecee.org for IECEE CB schemes. https://iq.ulprospector.com/info/ for UL schemes. https://isasecure.org/en-US/ for ISA Secure schemes. Accessed 11 Nov 2021
Resources for PSA Level 1. https://www.psacertified.org/, https://www.psacertified.org/app/uploads/2019/02/PSA_Certified_Level_1_Step-by-Step_Guide_v1.5.pdf. Accessed 11 Nov 2021
Resources for PSA Level 2. https://www.psacertified.org/, https://www.psacertified.org/app/uploads/2020/07/JSADEN011-PSA_Certified_Level_2_Step-by-Step-1.1-20200403.pdf. Accessed 11 Nov 2021
Resources for SESIP. https://globalplatform.org/wp-content/uploads/2020/03/GP_SESIP_v1.0_PublicRelease.pdf. Accessed 11 Nov 2021
Resources for SOG-IS. https://www.sogis.eu/, https://www.commoncriteriaportal.org/cc/. Accessed 11 Nov 2021
Resources for UL IoT Security Rating. https://ims.ul.com/iot-security-rating, https://www.shopulstandards.com/ProductDetail.aspx?UniqueKey=35953, https://verify.ul.com. Accessed 11 Nov 2021
Resources for UL 2900. https://www.ul.com/offerings/cybersecurity-assurance-and-compliance, https://www.shopulstandards.com/Catalog.aspx, https://iq.ulprospector.com/info/. Accessed 11 Nov 2021
Hanes, D., Salgueiro, G., Grossetete, P., Barton, R., Henry, J.: IoT Fundamentals: Networking Technologies, Protocols, and Use Cases for the Internet of Things, Cisco Press, Indianapolis (2017). ISBN-10: 1-58714-456-5, ISBN-13: 978-1-58714-456-1
Opensource CalmAV Antivirus for Embedded Linux OS. https://www.clamav.net/downloads, https://github.com/Cisco-Talos/clamav
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Toma, C., Boja, C., Popa, M., Doinea, M., Ciurea, C. (2022). Viruses, Exploits, Malware and Security Issues on IoT Devices. In: Ryan, P.Y., Toma, C. (eds) Innovative Security Solutions for Information Technology and Communications. SecITC 2021. Lecture Notes in Computer Science, vol 13195. Springer, Cham. https://doi.org/10.1007/978-3-031-17510-7_22
Download citation
DOI: https://doi.org/10.1007/978-3-031-17510-7_22
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-17509-1
Online ISBN: 978-3-031-17510-7
eBook Packages: Computer ScienceComputer Science (R0)