Journal
IEEE INTERNET OF THINGS JOURNAL
Volume 4, Issue 6, Pages 1899-1909Publisher
IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
DOI: 10.1109/JIOT.2017.2707465
Keywords
Attacks; countermeasures; Internet of Things (IoT); vulnerabilities
Categories
Funding
- National Natural Science Foundation of China [61502100, 61632008, 61402104, 61572130, 61602111, 61532013, 61320106007]
- National Science Foundation [1461060, 1642124, 1547428]
- Natural Sciences and Engineering Research Council of Canada [261409-2013]
- Jiangsu Provincial Natural Science Foundation of China [BK20150637, BK20140648]
- Jiangsu Provincial Key Laboratory of Network and Information Security [BM2003201]
- Key Laboratory of Computer Network and Information Integration of Ministry of Education of China [93K-9]
- Collaborative Innovation Center of Novel Software Technology and Industrialization
- Direct For Computer & Info Scie & Enginr
- Division Of Computer and Network Systems [1461060] Funding Source: National Science Foundation
- Direct For Computer & Info Scie & Enginr
- Office of Advanced Cyberinfrastructure (OAC) [1642124] Funding Source: National Science Foundation
Ask authors/readers for more resources
With the rapid development of the Internet of Things, more and more small devices are connected into the Internet for monitoring and control purposes. One such type of devices, smart plugs, have been extensively deployed worldwide in millions of homes for home automation. These smart plugs, however, would pose serious security problems if their vulnerabilities were not carefully investigated. Indeed, we discovered that some popular smart home plugs have severe security vulnerabilities which could be fixed but unfortunately are left open. In this paper, we case study a smart plug system of a known brand by exploiting its communication protocols and successfully launching four attacks: 1) device scanning attack; 2) brute force attack; 3) spoofing attack; and 4) firmware attack. Our real-world experimental results show that we can obtain the authentication credentials from the users by performing these attacks. We also present guidelines for securing smart plugs.
Authors
I am an author on this paper
Click your name to claim this paper and add it to your profile.
Reviews
Recommended
No Data Available