Abstract
With the rapid development of Internet of Things (IoT) and smart devices, an increasing number of home security devices are produced and deployed in our daily life. To improve the awareness of the security flaws of these household smart devices, we perform a demo attack in this paper, which utilizes the vulnerability of a security camera to do the exploit. We set up the malicious Wi-Fi environment and our assuming victim in the experiment uses Samsung GALAXY Note 10.1. We demonstrate how to steal the victim’s credential log in information after tricking him into connecting to the malicious Wi-Fi. Our experiment shows that those smart devices lack high-standard security. In our experiment, we show it is trivial and cheap to steal the users credential using a malicious Wi-Fi.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
https://github.com/oblique/create_ap. Accessed 05 Dec 2018
https://www.charlesproxy.com/. Accessed 24 Nov 2018
What is DNS?—How DNS works. https://www.cloudflare.com/learning/dns/what-is-dns/. Accessed 20 Nov 2018
How certificate chains work (2018). https://knowledge.digicert.com/solution/SO16297.html. Accessed 28 Nov 2018
Researchers reveal 20 vulnerabilities in Samsung Smartthings Hub (2018). https://www.csoonline.com/article/3292942/researchers-reveal-20-vulnerabilities-in-samsung-smartthings-hub.html. Accessed 28 Jan 2019
Acar, G., Huang, D.Y., Li, F., Narayanan, A., Feamster, N.: Web-based attacks to discover and control local IoT devices. In: IoT S&P@SIGCOMM (2018)
Al-Hajeri, A.: DNS spoofing attack support of the cyber defense initiative (2014)
Cekerevac, Z., Dvorak, Z., Prigoda, L., Cekerevac, P.: Internet of things and the man-in-the-middle attacks-security and economic risks. MEST J. 5(2), 15–25 (2017)
Conti, M., Dragoni, N., Lesyk, V.: A survey of man in the middle attacks. IEEE Commun. Surv. Tutor. 18(3), 2027–2051 (2016)
Deogirikar, J., Vidhate, A.: Security attacks in IoT: a survey. In: 2017 International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC), pp. 32–37, February 2017
Dierks, T., Allen, C.: The TLS protocol version 1.0. Technical report (1998)
Kolias, C., Kambourakis, G., Stavrou, A., Voas, J.: DDoS in the IoT: Mirai and other botnets. Computer 50, 80–84 (2017)
Lee, I., Lee, K.: The Internet of Things (IoT): applications, investments, and challenges for enterprises. Bus. Horiz. 58, 431–440 (2015)
Stone, C.M., Chothia, T., Garcia, F.: Spinner: semi-automatic detection of pinning without hostname verification, pp. 176–188 (2017)
Prodromou, A.: TLS/SSL Explained – TLS/SSL Certificates, Part 4 (2017). https://www.acunetix.com/blog/articles/tls-ssl-certificates-part-4/. Accessed 23 Nov 2018
Rescorla, E.: HTTP over TLS. Technical report (2000)
Preet Singh, S., Maini, A.: Spoofing attacks of domain name system internet (2011)
Private WiFi: The hidden dangers of public WiFi (2014)
Zanella, A., Bui, N., Castellani, A., Vangelista, L., Zorzi, M.: Internet of things for smart cities. IEEE Internet Things J. 1(1), 22–32 (2014)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Liu, Z., Chen, C., Liu, S., Liu, D., Wang, Y. (2019). Exploit in Smart Devices: A Case Study. In: Meng, W., Furnell, S. (eds) Security and Privacy in Social Networks and Big Data. SocialSec 2019. Communications in Computer and Information Science, vol 1095. Springer, Singapore. https://doi.org/10.1007/978-981-15-0758-8_12
Download citation
DOI: https://doi.org/10.1007/978-981-15-0758-8_12
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-0757-1
Online ISBN: 978-981-15-0758-8
eBook Packages: Computer ScienceComputer Science (R0)