4.8 Article

Security Vulnerabilities of Internet of Things: A Case Study of the Smart Plug System

IEEE INTERNET OF THINGS JOURNAL (2017)

Get Full Text
Add to Collection

Journal

IEEE INTERNET OF THINGS JOURNAL
Volume 4, Issue 6, Pages 1899-1909

Publisher

IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
DOI: 10.1109/JIOT.2017.2707465

Keywords

Attacks; countermeasures; Internet of Things (IoT); vulnerabilities

Categories

Computer Science, Information Systems Engineering, Electrical & Electronic Telecommunications

Funding

  1. National Natural Science Foundation of China [61502100, 61632008, 61402104, 61572130, 61602111, 61532013, 61320106007]
  2. National Science Foundation [1461060, 1642124, 1547428]
  3. Natural Sciences and Engineering Research Council of Canada [261409-2013]
  4. Jiangsu Provincial Natural Science Foundation of China [BK20150637, BK20140648]
  5. Jiangsu Provincial Key Laboratory of Network and Information Security [BM2003201]
  6. Key Laboratory of Computer Network and Information Integration of Ministry of Education of China [93K-9]
  7. Collaborative Innovation Center of Novel Software Technology and Industrialization
  8. Direct For Computer & Info Scie & Enginr
  9. Division Of Computer and Network Systems [1461060] Funding Source: National Science Foundation
  10. Direct For Computer & Info Scie & Enginr
  11. Office of Advanced Cyberinfrastructure (OAC) [1642124] Funding Source: National Science Foundation

Ask authors/readers for more resources

Protocol

Community support

Reagent

Community support

With the rapid development of the Internet of Things, more and more small devices are connected into the Internet for monitoring and control purposes. One such type of devices, smart plugs, have been extensively deployed worldwide in millions of homes for home automation. These smart plugs, however, would pose serious security problems if their vulnerabilities were not carefully investigated. Indeed, we discovered that some popular smart home plugs have severe security vulnerabilities which could be fixed but unfortunately are left open. In this paper, we case study a smart plug system of a known brand by exploiting its communication protocols and successfully launching four attacks: 1) device scanning attack; 2) brute force attack; 3) spoofing attack; and 4) firmware attack. Our real-world experimental results show that we can obtain the authentication credentials from the users by performing these attacks. We also present guidelines for securing smart plugs.

Authors

I am an author on this paper
Click your name to claim this paper and add it to your profile.

Reviews

Primary Rating

4.8
Not enough ratings

Secondary Ratings

Novelty
-
Significance
-
Scientific rigor
-
Rate this paper

Recommended

No Data Available
No Data Available
Webinars Posters Questions Hubs Funding Journals Papers Connect Collections Reviewers About Us FAQs Mobile App Privacy Policy Terms of Use
© Peeref 2019-2024. All rights reserved.