Abstract
The Internet of Things (IoT) technology is being widely integrated in many areas like smart-homes, smart-cities, healthcare, and critical infrastructures. As shown by some recent incidents, like the Mirai and BrickerBot botnets, security is a key issue for current and future IoT systems. In this paper, we examine the security of different categories of IoT devices to understand their resilience under different security conditions for attackers. In particular, we analyse IoT robustness against attacks performed under two threat models, namely (i) physical access of the attacker, (ii) close proximity of the attacker (i.e., RFID and WiFi ranges). We discuss the results of the tests we performed on different categories of IoT devices, namely IP cameras, OFo bike locks, RFID-based smart-locks, and smart-home WiFi routers. The results show that most of IoT devices do not address basic vulnerabilities, which can be exploitable under different threat models.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
- 2.
We assume the SIM card is not locked, as over %60 people do not use the SIM lock functionality to restrict removing the SIM to another phone [14].
- 3.
- 4.
References
The Internet of Things has started, April 2016. http://www.mycustomer.com/community/blogs/corelynx/the-internet-of-things-has-started-have-you-joined-the-iot-bandwagon
There will be 24 billion IoT devices installed on earth by 2020, June 2016. http://uk.businessinsider.com/there-will-be-34-billion-iot-devices-installed-on-earth-by-2020-2016-5?r=US&IR=T
BrickerBot, the permanent denial-of-service Botnet, is back with a vengeance, April 2017. https://arstechnica.com/security/2017/04/brickerbot-the-permanent-denial-of-service-botnet-is-back-with-a-vengeance/
Chinese bike-sharing start-up Ofo says it’s now worth more than $2 billion, April 2017. http://www.cnbc.com/2017/04/17/ofo-chinese-bike-sharing-start-up-says-its-now-worth-more-than-2-billion.html
ESP8266_deauther, July 2017. https://github.com/spacehuhn/esp8266_deauther#supported-devices
Look out Cambridge: here comes Ofo - China’s ‘Uber for bikes’, April 2017. http://www.wired.co.uk/article/chinese-bike-sharing-company-ofo-is-coming-to-cambridge-in-the-uk
RFID Emulator, July 2017. http://www.instructables.com/id/RFID-Emulator-How-to-Clone-RFID-Card-Tag-/
Bertino, E., Islam, N.: Botnets and internet of things security. Computer 50(2), 76–79 (2017)
Coskun, V., Ozdenizci, B., Ok, K.: A survey on near field communication (NFC) technology. Wirel. Pers. Commun. 71(3), 2259–2294 (2013)
Fernandes, E., Jung, J., Prakash, A.: Security analysis of emerging smart home applications. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 636–654, May 2016
Garcia, F.D., de Koning Gans, G., Verdult, R.: Tutorial: Proxmark, the swiss army knife for RFID security research. Technical report, Radboud University Nijmegen (2012)
Ho, G., Leung, D., Mishra, P., Hosseini, A., Song, D., Wagner, D.: Smart locks: lessons for securing commodity internet of things devices. In: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, ASIA CCS 2016, pp. 461–472. ACM, New York, NY, USA, March 2016. http://doi.acm.org/10.1145/2897845.2897886
Huang, C.H., Chang, S.L.: Study on the feasibility of NFC P2P communication for nursing care daily work. J. Comput. 24(2), 33–45 (2013)
Imgraben, J., Engelbrecht, A., Choo, K.K.R.: Always connected, but are smart mobile users getting more security savvy? A survey of smart mobile device users. Behav. Inf. Technol. 33(12), 1347–1360 (2014)
Jerkins, J.A.: Motivating a market or regulatory solution to IoT insecurity with the Mirai botnet code. In: 2017 IEEE 7th Annual Computing and Communication Workshop and Conference (CCWC), pp. 1–5. IEEE, January 2017
Kolias, C., Kambourakis, G., Stavrou, A., Voas, J.: DDoS in the IoT: Mirai and other botnets. Computer 50(7), 80–84 (2017)
Min, B., Varadharajan, V.: Design and evaluation of feature distributed malware attacks against the internet of things (IoT). In: 20th International Conference on Engineering of Complex Computer Systems (ICECCS), pp. 80–89. IEEE, December 2015
Ronen, E., Shamir, A.: Extended functionality attacks on IoT devices: the case of smart lights. In: IEEE European Symposium on Security and Privacy, pp. 3–12. IEEE, March 2016
Sgandurra, D., Lupu, E.: Evolution of attacks, threat models, and solutions for virtualized systems. ACM Comput. Surv. 48(3), 46:1–46:38 (2016). http://doi.acm.org/10.1145/2856126
Sivaraman, V., Chan, D., Earl, D., Boreli, R.: Smart-phones attacking smart-homes. In: Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks, pp. 195–200. ACM, July 2016
Valavanis, K.P., Vachtsevanos, G.J. (eds.): Handbook of Unmanned Aerial Vehicles. Springer, Dordrecht (2015). https://doi.org/10.1007/978-90-481-9707-1
Verdult, R., de Koning Gans, G., Garcia, F.D.: A toolbox for RFID protocol analysis. In: Proceedings of the Fourth International EURASIP Workshop on RFID Technology (EURASIP RFID), pp. 27–34. IEEE, September 2012
BrickerBot: “The Doctor’s” PDoS Attack Has Killed Over 2 Million Insecure Devices, April 2017. https://fossbytes.com/brickerbot-malware-pdos-attack-iot-device/
Acknowledgments
This work is financially supported by Jiangsu Government Scholarship for Overseas Studies, the National Natural Science Foundation of P. R. China (Nos. 61373017, 61572260, 61572261, 61672296, 61602261), the Natural Science Foundation of Jiangsu Province (Nos. BK20140886, BK20140888), Scientific and Technological Support Project of Jiangsu Province (Nos. BE2015702, BE2016185, BE2016777), China Postdoctoral Science Foundation (Nos. 2014M551636, 2014M561696), Jiangsu Planned Projects for Postdoctoral Research Funds (Nos.1302090B, 1401005B), Postgraduate Research and Practice Innovation Program of Jiangsu Province (KYCX17_0798).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Xu, H., Sgandurra, D., Mayes, K., Li, P., Wang, R. (2017). Analysing the Resilience of the Internet of Things Against Physical and Proximity Attacks. In: Wang, G., Atiquzzaman, M., Yan, Z., Choo, KK. (eds) Security, Privacy, and Anonymity in Computation, Communication, and Storage. SpaCCS 2017. Lecture Notes in Computer Science(), vol 10658. Springer, Cham. https://doi.org/10.1007/978-3-319-72395-2_27
Download citation
DOI: https://doi.org/10.1007/978-3-319-72395-2_27
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-72394-5
Online ISBN: 978-3-319-72395-2
eBook Packages: Computer ScienceComputer Science (R0)