期刊
IEEE INTERNET OF THINGS JOURNAL
卷 4, 期 6, 页码 1899-1909出版社
IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
DOI: 10.1109/JIOT.2017.2707465
关键词
Attacks; countermeasures; Internet of Things (IoT); vulnerabilities
资金
- National Natural Science Foundation of China [61502100, 61632008, 61402104, 61572130, 61602111, 61532013, 61320106007]
- National Science Foundation [1461060, 1642124, 1547428]
- Natural Sciences and Engineering Research Council of Canada [261409-2013]
- Jiangsu Provincial Natural Science Foundation of China [BK20150637, BK20140648]
- Jiangsu Provincial Key Laboratory of Network and Information Security [BM2003201]
- Key Laboratory of Computer Network and Information Integration of Ministry of Education of China [93K-9]
- Collaborative Innovation Center of Novel Software Technology and Industrialization
- Direct For Computer & Info Scie & Enginr
- Division Of Computer and Network Systems [1461060] Funding Source: National Science Foundation
- Direct For Computer & Info Scie & Enginr
- Office of Advanced Cyberinfrastructure (OAC) [1642124] Funding Source: National Science Foundation
With the rapid development of the Internet of Things, more and more small devices are connected into the Internet for monitoring and control purposes. One such type of devices, smart plugs, have been extensively deployed worldwide in millions of homes for home automation. These smart plugs, however, would pose serious security problems if their vulnerabilities were not carefully investigated. Indeed, we discovered that some popular smart home plugs have severe security vulnerabilities which could be fixed but unfortunately are left open. In this paper, we case study a smart plug system of a known brand by exploiting its communication protocols and successfully launching four attacks: 1) device scanning attack; 2) brute force attack; 3) spoofing attack; and 4) firmware attack. Our real-world experimental results show that we can obtain the authentication credentials from the users by performing these attacks. We also present guidelines for securing smart plugs.
作者
我是这篇论文的作者
点击您的名字以认领此论文并将其添加到您的个人资料中。
推荐
暂无数据