[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to main content

Viruses, Exploits, Malware and Security Issues on IoT Devices

  • Conference paper
  • First Online:
Innovative Security Solutions for Information Technology and Communications (SecITC 2021)

Abstract

The necessity of using secure Internet-of-Things (IoT) devices in various use cases has increased over years. According with various analysis in the first half of the year 2021, there were 1.5 billion attacks on smart devices for stealing data, mining cryptocurrency or building botnets. Therefore, the security of the IoT devices is mandatory for any solution in the field – e.g., from Smart Cities to Healthcare. The main challenge for having reasonable security for IoT devices is the fragmentation of the market landscape and protocols, as well as poor penetration of the device attestation and embedded/integrated secure elements for the IoT nodes. First section of this paper is an overview of the IoT certification schemes and in the second section the authors present a proof-of-concept solution for direct and reverse shell in an IoT gateway. The last section offers conclusions regarding the cybersecurity for the IoT gateways and nodes.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
£29.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
GBP 19.95
Price includes VAT (United Kingdom)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
GBP 35.99
Price includes VAT (United Kingdom)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
GBP 44.99
Price includes VAT (United Kingdom)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Kleymenov, A., Thabet, A.: Mastering Malware Analysis: The Complete Malware Analyst's Guide to Combating Malicious Software, APT, Cybercrime, and IoT Attacks. Packt Publishing, Birmingham (2019), ISBN-13: 978-1789610789, ISBN-10: 1789610788

    Google Scholar 

  2. GitHub Resources for the paper and ARM Assembly published by authors. https://github.com/critoma/armasmiot/tree/master/labs/workspacearmassembly/arm32. Accessed 11 Nov 2021

  3. Azeria Labs Exploits for ARM – Shellcode and Reverse Shellcode. https://azeria-labs.com/writing-arm-shellcode/, https://azeria-labs.com/tcp-bind-shell-in-assembly-arm-32-bit/, https://azeria-labs.com/tcp-reverse-shell-in-assembly-arm-32-bit/. Accessed 11 Nov 2021

  4. Eurosmart IoT Study Report - Internet of Trust S.A.S. (IOTR) – TÜV Informationstechnik GmbH (TÜViT), A Cartography of Security Certification Schemes/Standards for IOT. https://www.eurosmart.com/wp-content/uploads/2020/02/2020-01-27-Eurosmart_IoT_Study_Report-v1.2.pdf. Accessed 11 Nov 2021

  5. Resources for BSZ. https://www.bsi.bund.de/EN/Topics/Certification/product_certification/Accelerated_Security_Certification/Accelerated-Security-Certification_node.html. Accessed 11 Nov 2021

  6. Resources for CSPN. https://www.ssi.gouv.fr/administration/produits-certifies/cspn/. Accessed 11 Nov 2021

  7. Resources for e-IoT-SCS. https://www.eurosmart.com/eurosmart-iot-certification-scheme/. Accessed 11 Nov 2021

  8. Resources for ETSI TS 103 645. https://www.etsi.org/deliver/etsi_ts/103600_103699/103645/01.01.01_60/ts_103645v010101p.pdf, https://www.etsi.org/deliver/etsi_en/303600_303699/303645/02.01.01_60/en_303645v020101p.pdf. Accessed 11 Nov 2021

  9. Resources for GP TEE. https://globalplatform.org/certifications/security-certification/, https://globalplatform.org/wp-content/uploads/2021/01/GP_TEECertificationProcess_v2.0_PublicRelease.pdf. Accessed 11 Nov 2021

  10. Resources for GP SE. https://globalplatform.org/certifications/security-certification/, https://globalplatform.org/wp-content/uploads/2021/02/GP_SE_CertificationProcess_v2.0_PublicRelease.pdf. Accessed 11 Nov 2021

  11. Resources for GSMA IoT SA. https://www.gsma.com/iot/iot-security-assessment/, https://www.gsma.com/iot/wp-content/uploads/2020/05/CLP.11-v2.2-GSMA-IoT-Security-Guidelines-Overview-Document.pdf, https://www.gsma.com/iot/wp-content/uploads/2020/05/GSMA-IoT-Security-Assessment.zip. Accessed 11 Nov 2021

  12. Resources for IoTSCF. https://www.iotsecurityfoundation.org/wp-content/uploads/2021/11/IoTSF-IoT-Security-Assurance-Framework-Release-3.0-Nov-2021-1.pdf. Accessed 11 Nov 2021

  13. Resources for IEC 62443. www.iecee.org for IECEE CB schemes. https://iq.ulprospector.com/info/ for UL schemes. https://isasecure.org/en-US/ for ISA Secure schemes. Accessed 11 Nov 2021

  14. Resources for PSA Level 1. https://www.psacertified.org/, https://www.psacertified.org/app/uploads/2019/02/PSA_Certified_Level_1_Step-by-Step_Guide_v1.5.pdf. Accessed 11 Nov 2021

  15. Resources for PSA Level 2. https://www.psacertified.org/, https://www.psacertified.org/app/uploads/2020/07/JSADEN011-PSA_Certified_Level_2_Step-by-Step-1.1-20200403.pdf. Accessed 11 Nov 2021

  16. Resources for SESIP. https://globalplatform.org/wp-content/uploads/2020/03/GP_SESIP_v1.0_PublicRelease.pdf. Accessed 11 Nov 2021

  17. Resources for SOG-IS. https://www.sogis.eu/, https://www.commoncriteriaportal.org/cc/. Accessed 11 Nov 2021

  18. Resources for UL IoT Security Rating. https://ims.ul.com/iot-security-rating, https://www.shopulstandards.com/ProductDetail.aspx?UniqueKey=35953, https://verify.ul.com. Accessed 11 Nov 2021

  19. Resources for UL 2900. https://www.ul.com/offerings/cybersecurity-assurance-and-compliance, https://www.shopulstandards.com/Catalog.aspx, https://iq.ulprospector.com/info/. Accessed 11 Nov 2021

  20. Hanes, D., Salgueiro, G., Grossetete, P., Barton, R., Henry, J.: IoT Fundamentals: Networking Technologies, Protocols, and Use Cases for the Internet of Things, Cisco Press, Indianapolis (2017). ISBN-10: 1-58714-456-5, ISBN-13: 978-1-58714-456-1

    Google Scholar 

  21. Opensource CalmAV Antivirus for Embedded Linux OS. https://www.clamav.net/downloads, https://github.com/Cisco-Talos/clamav

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Cristian Toma .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2022 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Toma, C., Boja, C., Popa, M., Doinea, M., Ciurea, C. (2022). Viruses, Exploits, Malware and Security Issues on IoT Devices. In: Ryan, P.Y., Toma, C. (eds) Innovative Security Solutions for Information Technology and Communications. SecITC 2021. Lecture Notes in Computer Science, vol 13195. Springer, Cham. https://doi.org/10.1007/978-3-031-17510-7_22

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-17510-7_22

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-17509-1

  • Online ISBN: 978-3-031-17510-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics