Advertisement

Exploit in Smart Devices: A Case Study

  • Zian Liu
  • Chao Chen
  • Shigang Liu
  • Dongxi Liu
  • Yu WangEmail author
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 1095)

Abstract

With the rapid development of Internet of Things (IoT) and smart devices, an increasing number of home security devices are produced and deployed in our daily life. To improve the awareness of the security flaws of these household smart devices, we perform a demo attack in this paper, which utilizes the vulnerability of a security camera to do the exploit. We set up the malicious Wi-Fi environment and our assuming victim in the experiment uses Samsung GALAXY Note 10.1. We demonstrate how to steal the victim’s credential log in information after tricking him into connecting to the malicious Wi-Fi. Our experiment shows that those smart devices lack high-standard security. In our experiment, we show it is trivial and cheap to steal the users credential using a malicious Wi-Fi.

Keywords

Smart things Cyber attack Information leak 

References

  1. 1.
  2. 2.
    https://www.charlesproxy.com/. Accessed 24 Nov 2018
  3. 3.
    What is DNS?—How DNS works. https://www.cloudflare.com/learning/dns/what-is-dns/. Accessed 20 Nov 2018
  4. 4.
    How certificate chains work (2018). https://knowledge.digicert.com/solution/SO16297.html. Accessed 28 Nov 2018
  5. 5.
    Researchers reveal 20 vulnerabilities in Samsung Smartthings Hub (2018). https://www.csoonline.com/article/3292942/researchers-reveal-20-vulnerabilities-in-samsung-smartthings-hub.html. Accessed 28 Jan 2019
  6. 6.
    Acar, G., Huang, D.Y., Li, F., Narayanan, A., Feamster, N.: Web-based attacks to discover and control local IoT devices. In: IoT S&P@SIGCOMM (2018)Google Scholar
  7. 7.
    Al-Hajeri, A.: DNS spoofing attack support of the cyber defense initiative (2014)Google Scholar
  8. 8.
    Cekerevac, Z., Dvorak, Z., Prigoda, L., Cekerevac, P.: Internet of things and the man-in-the-middle attacks-security and economic risks. MEST J. 5(2), 15–25 (2017)CrossRefGoogle Scholar
  9. 9.
    Conti, M., Dragoni, N., Lesyk, V.: A survey of man in the middle attacks. IEEE Commun. Surv. Tutor. 18(3), 2027–2051 (2016)CrossRefGoogle Scholar
  10. 10.
    Deogirikar, J., Vidhate, A.: Security attacks in IoT: a survey. In: 2017 International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC), pp. 32–37, February 2017Google Scholar
  11. 11.
    Dierks, T., Allen, C.: The TLS protocol version 1.0. Technical report (1998)Google Scholar
  12. 12.
    Kolias, C., Kambourakis, G., Stavrou, A., Voas, J.: DDoS in the IoT: Mirai and other botnets. Computer 50, 80–84 (2017)CrossRefGoogle Scholar
  13. 13.
    Lee, I., Lee, K.: The Internet of Things (IoT): applications, investments, and challenges for enterprises. Bus. Horiz. 58, 431–440 (2015)CrossRefGoogle Scholar
  14. 14.
    Stone, C.M., Chothia, T., Garcia, F.: Spinner: semi-automatic detection of pinning without hostname verification, pp. 176–188 (2017)Google Scholar
  15. 15.
    Prodromou, A.: TLS/SSL Explained – TLS/SSL Certificates, Part 4 (2017). https://www.acunetix.com/blog/articles/tls-ssl-certificates-part-4/. Accessed 23 Nov 2018
  16. 16.
    Rescorla, E.: HTTP over TLS. Technical report (2000)Google Scholar
  17. 17.
    Preet Singh, S., Maini, A.: Spoofing attacks of domain name system internet (2011)Google Scholar
  18. 18.
    Private WiFi: The hidden dangers of public WiFi (2014)Google Scholar
  19. 19.
    Zanella, A., Bui, N., Castellani, A., Vangelista, L., Zorzi, M.: Internet of things for smart cities. IEEE Internet Things J. 1(1), 22–32 (2014)CrossRefGoogle Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  • Zian Liu
    • 1
  • Chao Chen
    • 1
  • Shigang Liu
    • 1
  • Dongxi Liu
    • 2
  • Yu Wang
    • 3
    Email author
  1. 1.School of Software and Electric EngineeringSwinburne University of TechnologyMelbourneAustralia
  2. 2.Data61, CSIROSydneyAustralia
  3. 3.School of Computer ScienceGuangzhou UniversityGuangzhouChina

Personalised recommendations