Advertisement

Security Challenges of IoT-Based Smart Home Appliances

  • Tuomas TenkanenEmail author
  • Heli Kallio
  • Janne Poikolainen
Chapter
Part of the Intelligent Systems, Control and Automation: Science and Engineering book series (ISCA, volume 93)

Abstract

The Internet of Things, IoT, and the related security challenges are reaching homes in the form of smart appliances. If the appliances are compromised, they can be used in botnet attacks against Internet services and potentially cause harm to people and property through the local network, for example, by heating up too much or allowing unauthorized access. The aim of this study was to see how secure these devices are against remote and network attacks. Several devices were tested with attacks coming from the same Wi-Fi network to gain various levels of control of the devices. Their security against a Man-in-the-Middle attack was also studied to see differences in the susceptibility to connect to another access point. Some devices had a command injection vulnerability and several devices connected to an evil twin. These pose significant risks, but securing the home network and keeping the devices updated protect the devices and secure the system and the smart home.

References

  1. Abomhara M, Køien GM (2014) Security and privacy in the Internet of Things: current status and open issues. In 2014 international conference on privacy and security in mobile systems (PRISMS), pp 1–8Google Scholar
  2. Ashton K (2009) That ‘Internet of Things’. RFID J http://www.rfidjournal.com/articles/view?4986. Accessed 18 Aug 2016
  3. Atzori L, Iera A, Morabito G (2010) The internet of things: a survey. Comput Netw 54(15):2787–2805CrossRefGoogle Scholar
  4. Black Hat (2016) Let’s See What’s Out There—Mapping the Wireless IOTGoogle Scholar
  5. Black Hat (2016) A Lightbulb Worm?Google Scholar
  6. Caltum E, Segal O (2016) SSHowDowN: exploitation of IoT devices for launching mass-scale attack campaigns. https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/sshowdown-exploitation-of-iot-devices-for-launching-mass-scale-attack-campaigns.pdf. Accessed 14 Oct 2016
  7. Command substitution. http://www.tldp.org/LDP/abs/html/commandsub.html. Accessed 26 Oct 2016
  8. Conti M, Dragoni N, Lesyk V (2016) A survey of man in the middle attacks. IEEE Commun Surv Tutor 18(3), 2027–2051CrossRefGoogle Scholar
  9. Costin A (2015) Large Scale Security Analysis of Embedded Devices’ Firmware. ℡ECOM ParisTechGoogle Scholar
  10. Denning T, Kohno T, Levy HM (2013) Computer security and the modern home. Commun ACM 56(1):94–103CrossRefGoogle Scholar
  11. Dyn Statement on 10/21/2016 DDoS Attack | Dyn Blog. http://dyn.com/blog/dyn-statement-on-10212016-ddos-attack/. Accessed 26 Oct 2016
  12. Eldaw E, Zeki AM, Senan S (2013) Analysis of wardriving activity and WiFi access points. In: Shaikh FK, Chowdhry BS, Ammari HM, Uqaili MA, Shah A (eds) Wireless sensor networks for developing countries. Springer, Heidelberg, pp 51–59CrossRefGoogle Scholar
  13. Ersue M, Romascanu D, Schoenwaelder J, Sehgal A (2015) Management of networks with constrained devices: use cases. RFC Editor, RFC7548, May 2015Google Scholar
  14. Gartner Says 6.4 Billion Connected. Gartner, Inc. Newsroom. http://www.gartner.com/newsroom/id/3165317. Accessed 18 Aug 2016
  15. Gubbi J, Buyya R, Marusic S, Palaniswami M (2013) Internet of Things (IoT): a vision, architectural elements, and future directions. Future Gener Comput Syst 29(7):1645–1660CrossRefGoogle Scholar
  16. Hart B (2015) My SecTor Story: Root Shell on the Belkin WeMo Switch,” The State of Security, 25-Nov-2015. http://www.tripwire.com/state-of-security/featured/my-sector-story-root-shell-on-the-belkin-wemo-switch/. Accessed 24 Aug 2016
  17. International Telecommunication Union, “X.1205: Overview of cybersecurity”. ITU, April 2008Google Scholar
  18. ITU internet reports 2005: The Internet of Things. http://www.itu.int/pub/S-POL-IR.IT-2005/e. Accessed 21 Sep 2016
  19. Kim J, Lee J, Kim J, Yun J (2014) M2 M service platforms: survey, issues, and enabling technologies. IEEE Commun Surv Tutor 16(1):61–76CrossRefGoogle Scholar
  20. KrebsOnSecurity Hit With Record DDoS—KrebsonSecurity 2016Google Scholar
  21. Kumar A, Paul P (2016) Security analysis and implementation of a simple method for prevention and detection against Evil Twin attack in IEEE 802.11 wireless LAN. In 2016 international conference on computational techniques in information and communication technologies (ICCTICT), pp 176–181Google Scholar
  22. Kyaw AK, Tian Z, Cusack B (2016) Wi-Pi: a study of WLAN security in Auckland City. Int J Comput Sci Netw Secur IJCSNS 16(8):68–80Google Scholar
  23. Lanze F, Panchenko A, Ponce-Alcaide I, Engel T (2015) Hacker’s toolbox: detecting software-based 802.11 evil twin access points. In 2015 12th annual IEEE consumer communications and networking conference (CCNC), pp 225–232Google Scholar
  24. Madakam S, Ramaswamy R, Tripathi S (2015) Internet of Things (IoT): a literature review. J Comput Commun 03(05):164–173CrossRefGoogle Scholar
  25. Mattern F, Floerkemeier C (2010) From the internet of computers to the internet of things. In From active data management to event-based systems and more. Springer, pp 242–259Google Scholar
  26. Mineraud J, Mazhelis O, Su X, Tarkoma S (2016) A gap analysis of Internet-of-Things platforms. Comput CommunCrossRefGoogle Scholar
  27. Mustafa H, Xu W (2014) CETAD: detecting evil twin access point attacks in wireless hotspots. In 2014 IEEE conference on communications and network security (CNS), pp 238–246Google Scholar
  28. Newman LH (2016) Akamai finds longtime security flaw in 2 million devices, WIRED. https://www.wired.com/2016/10/akamai-finds-longtime-security-flaw-2-million-devices/. Accessed 14 Oct 2016
  29. Prowell S, Kraus R, Borkin M (2010) Seven deadliest network attacks. ElsevierCrossRefGoogle Scholar
  30. Radack S, Kuhn R (2012) Protecting wireless local area networks. IT Prof 14(6):59–61CrossRefGoogle Scholar
  31. Sarma S, Brock DL, Ashton K (2000) The networked physical world. Auto-ID Cent White Pap MIT-AUTOID-WH-001Google Scholar
  32. Sheng Y, Tan K, Chen G, Kotz D, Campbell A (2008) Detecting 802.11 MAC layer spoofing using received signal strength. In The 27th conference on computer communications IEEE INFOCOM 2008Google Scholar
  33. Song Y, Yang C, Gu G (2010) Who is peeping at your passwords at Starbucks?—To catch an evil twin access point. In 2010 IEEE/IFIP international conference on dependable systems networks (DSN), pp 323–332Google Scholar
  34. Woolf N (2016) DDoS attack that disrupted internet was largest of its kind in history, experts say, The GuardianGoogle Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  • Tuomas Tenkanen
    • 1
    Email author
  • Heli Kallio
    • 1
  • Janne Poikolainen
    • 1
  1. 1.Faculty of Information TechnologyUniversity of JyväskyläJyväskyläFinland

Personalised recommendations