Advertisement

A Security Threat Analysis of Smart Home Network with Vulnerable Dynamic Agents

  • Laura RaffertyEmail author
  • Farkhund Iqbal
  • Patrick C. K. Hung
Chapter
Part of the International Series on Computer Entertainment and Media Technology book series (ISCEMT)

Abstract

This chapter presents a security analysis of a smart home network containing vulnerable dynamic agents in the form of smart toys. As a case study, a smart toy is used as an example of an Internet of Things (IoT) device which could be potentially used as a vector into the smart home network. This chapter discusses a threat model for smart home security with a focus on the smart toy as an entry point into the network and what a threat actor could potentially achieve through this relatively new type of threat to the home.

References

  1. ABI Research (2014) The internet of things will drive wireless connected devices to 40.9 billion in 2020. Retrieved Nov 2016, from https://www.abiresearch.com/press/the-internet-of-things-will-drive-wireless-connect/
  2. Canonical (2017) Taking charge of the IoT’s security vulnerabilities. Ubuntu, Douglas, https://pages.ubuntu.com/IoT-Security-whitepaper.html
  3. Cook DJ (2012) How smart is your home? Science 335(6076):1579–1581CrossRefGoogle Scholar
  4. Crandall AS, Krishnan NC, Thomas BL, Cook DJ (2013) CASAS: a smart home in a box. Computer 46(7):62–69CrossRefGoogle Scholar
  5. Cybersecurity Ventures (Q4 2016) Cybersecurity market report: market sizing & projections. Cybersecurity ventures. Retrieved from http://cybersecurityventures.com/cybersecurity-market-report/
  6. Diogenes Y, Betts D (2017) Internet of things security architecture. Retrieved May 2017, from Microsoft Azure: https://docs.microsoft.com/en-us/azure/iot-suite/iot-security-architecture
  7. Evans PC, Annunziata M (2012) Industrial internet: pushing the boundaries of minds and machines. General electricGoogle Scholar
  8. Federal Bureau of Investigation (2015) Public service announcement: internet of things poses opportunities for cybercrime. United States Federal Bureau of Investigation, Washington, DC. Retrieved from https://www.ic3.gov/media/2015/150910.aspx Google Scholar
  9. Franceschi-Bicchierai L (2016) Internet of things malware has apparently reached almost all countries on earth. Motherboard. Retrieved Apr 2017, from https://motherboard.vice.com/en_us/article/internet-of-things-mirai-malware-reached-almost-all-countries-on-earth
  10. Gartner (2015) Gartner Says 6.4 Billion Connected “Things” Will be in Use in 2016, Up 30 Percent from 2015. Retrieved Nov 2016, from http://www.gartner.com/newsroom/id/3165317
  11. Goodin D (2015) 9 baby monitors wide open to hacks that expose users’ most private moments. Retrieved 5 Dec 2016, from http://arstechnica.com/security/2015/09/9-baby-monitors-wide-open-to-hacks-that-expose-users-most-private-moments/
  12. Heiles J (2015) AIOTI WG03 IoT standardisation. Platforms for connected factories of the future workshop. Brussels. Retrieved from http://ec.europa.eu/information_society/newsroom/image/document/2015-44/11_heiles_11948.pdf
  13. Hernan S, Lambert S, Ostwald T, Shostack A (2006) Uncover security design flaws using the STRIDE approach. MSDN Magazine.Google Scholar
  14. Higginbotham S (2015) 5 reasons why the ‘smart home’ is still stupid. (Fortune) Retrieved 5 Dec 2016, from http://fortune.com/2015/08/19/smart-home-stupid/
  15. Hunt T (2015) When children are breached – inside the massive VTech hack. Retrieved Dec 2015, from Troyhunt.com: https://www.troyhunt.com/when-children-are-breached-inside/
  16. International Telecommunication Union (2012) Series Y: global information infrastructure, internet protocol aspects and next-generation networks – overview of the internet of things. Telecommunication Standardization Sector of ITU (ITU-T).Google Scholar
  17. Internet-Connected Hello Barbie Doll Can Be Hacked (2015) Retrieved 5 Dec 2016, from http://www.pcworld.com/article/3012220/security/internet-connected-hello-barbie-doll-can-be-hacked.html
  18. IoT Security Foundation (2016) About Us. (IoT Security Foundation) Retrieved 5 Dec 2016, from https://iotsecurityfoundation.org/about-us/
  19. Kaspersky Lab (2016) Predictions for 2017: ‘indicators of compromise’ are dead. Kaspersky Security Bulletin.Google Scholar
  20. L&T Technology Solutions (2014) Security considerations for internet of things. L&T Technology Solutions.Google Scholar
  21. Lewis JA (2015) Managing risk for the internet of things. Center for Strategic and International Studies (CSIS), Washington, DCGoogle Scholar
  22. Links C (2012) The new smart home is the really smart home. Retrieved Apr 2017, from Wireless Design Magazine: https://www.wirelessdesignmag.com/blog/2012/09/new-smart-home-really-smart-home
  23. McAfee Labs (2016) 2017 threats predictions. Intel Security.Google Scholar
  24. Meier J, Mackman A, Dunner M, Vasireddy S, Escamilla R, Murukan A (2003) Chapter 3: threat modeling. In: Improving web application security: threats and countermeasures. Microsoft Corporation. Retrieved from https://msdn.microsoft.com/en-us/library/ff648644.aspx
  25. Michele B, Karpow A (2014) Watch and be watched: compromising all smart TV generations. IEEE 11th Annual Consumer Communications & Networking Conference (CCNC) – Security Privacy and Content Protection. Las VegasGoogle Scholar
  26. Microsoft (2005) The STRIDE threat model. Retrieved Apr 2017, from Microsoft Developer Network: https://msdn.microsoft.com/en-us/library/ee823878(v=cs.20).aspx
  27. Mills K-A (2017) Hackers can unlock your home’s front door with innocent looking DOLL and you won’t even know they’ve done it. Retrieved Apr 2017, from Mirror: http://www.mirror.co.uk/news/uk-news/hackers-can-unlock-your-homes-9816119
  28. Munro K (2015) New Wi-Fi kettle, same old security issues? Meh. Retrieved 5 Dec 2016, from https://www.pentestpartners.com/blog/new-wi-fi-kettle-same-old-security-issues-meh/
  29. Munro K (2016) Yet another vulnerability in the smarter Wi-Fi Kettle. Retrieved 5 Dec 2016, from https://www.pentestpartners.com/blog/yet-another-vulnerability-in-the-smarter-wi-fi-kettle/
  30. National Institute of Standards and Technology (NIST) (2013) Guidelines for managing the security of mobile devices in the enterprise. United States Department of Commerce. NIST Special Publication 800–124. Retrieved from http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-124r1.pdf
  31. Nedeltchev P (2015) The internet of everything is the new economy. Retrieved Nov 2016, from http://www.cisco.com/c/en/us/solutions/collateral/enterprise/cisco-on-cisco/Cisco_IT_Trends_IoE_Is_the_New_Economy.html
  32. Newlands M (2016) 6 disruptive trends in technology for 2017. Retrieved 6 Dec 2016, from http://www.forbes.com/sites/mnewlands/2016/08/31/6-disruptive-trends-in-technology-for-2017
  33. Open Web Application Security Project (OWASP) (2013) OWASP Mobile Security Project – Mobile Threat Model. Retrieved Feb 2015, from https://www.owasp.org/index.php/Projects/OWASP_Mobile_Security_Project_-_Mobile_Threat_Model
  34. OWASP (2013) Application threat modeling. OWASP. Retrieved from https://www.owasp.org/index.php/Application_Threat_Modeling
  35. OWASP (2015) IoT attack surface areas (draft). Retrieved May 2017, from OWASP IoT Attack Surface Areas Project: https://www.owasp.org/index.php/IoT_Attack_Surface_Areas
  36. Rafferty L (2015) A location privacy model and framework for mobile toy computing. University of Ontario Institute of Technology, CanadaGoogle Scholar
  37. Roman R, Zhou J, Lopez J (2013) On the features and challenges of security and privacy in distributed internet of things. Comput Netw 2013(57):2266–2279CrossRefGoogle Scholar
  38. Schneier B (2014) The internet of things is wildly insecure – and often unpatchable. (Schneier on Security) Retrieved 5 Dec 2016, from https://www.schneier.com/essays/archives/2014/01/the_internet_of_thin.html
  39. Shields T, Pelino M, McClean C, Duong J, Maxim M, Blackborow J, Dostie P (2016) Secure IoT as it advances through maturity phases: predict and prevent attacks targeting the internet of things. Forrester. Retrieved from https://www.forrester.com/report/Secure+IoT+As+It+Advances+Through+Maturity+Phases/-/E-RES128642
  40. Sorrell S (2015) Connected homes: getting smarter. Juniper Research, HampshireGoogle Scholar
  41. Tagade K (2016) Top 7 cyber-security predictions for 2017 and beyond. (iamwire) Retrieved 6 Dec 2016, from http://www.iamwire.com/2016/12/top-7-cyber-security-predictions-for-2017-and-beyond/145494
  42. Tierney A (2016) Pwning CCTV cameras. Retrieved 5 Dec 2016, from https://www.pentestpartners.com/blog/pwning-cctv-cameras/
  43. U.S. Department of Homeland Security (2016) Strategic principles for securing the Internet of Things (IoT). U.S. Department of Homeland Security. Retrieved Nov 2016, from https://www.dhs.gov/sites/default/files/publications/Strategic_Principles_for_Securing_the_Internet_of_Things-2016-1115-FINAL_v2-dg11.pdf
  44. United States Federal Bureau of Investigation (2015) Public service announcement: internet of things poses opportunities for cyber crime. Retrieved Nov 2016, from https://www.ic3.gov/media/2015/150910.aspx
  45. VTech (2016) FAQ about Cyber Attack on VTech Learning Lodge. Retrieved Apr 2017, from VTech Press Releases: https://www.vtech.com/en/press_release/2016/faq-about-cyber-attack-on-vtech-learning-lodge/
  46. Williams J, Wichers D (2017) OWASP Top 10: the ten most critical web application security risks. The Open Web Application Security Project (OWASP)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Laura Rafferty
    • 1
    Email author
  • Farkhund Iqbal
    • 1
    • 2
  • Patrick C. K. Hung
    • 1
  1. 1.Faculty of Business and ITUniversity of Ontario Institute of TechnologyOshawaCanada
  2. 2.College of Technological Innovation, Zayed UniversityDubaiUAE

Personalised recommendations