Abstract
This chapter presents a security analysis of a smart home network containing vulnerable dynamic agents in the form of smart toys. As a case study, a smart toy is used as an example of an Internet of Things (IoT) device which could be potentially used as a vector into the smart home network. This chapter discusses a threat model for smart home security with a focus on the smart toy as an entry point into the network and what a threat actor could potentially achieve through this relatively new type of threat to the home.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
ABI Research (2014) The internet of things will drive wireless connected devices to 40.9 billion in 2020. Retrieved Nov 2016, from https://www.abiresearch.com/press/the-internet-of-things-will-drive-wireless-connect/
Canonical (2017) Taking charge of the IoT’s security vulnerabilities. Ubuntu, Douglas, https://pages.ubuntu.com/IoT-Security-whitepaper.html
Cook DJ (2012) How smart is your home? Science 335(6076):1579–1581
Crandall AS, Krishnan NC, Thomas BL, Cook DJ (2013) CASAS: a smart home in a box. Computer 46(7):62–69
Cybersecurity Ventures (Q4 2016) Cybersecurity market report: market sizing & projections. Cybersecurity ventures. Retrieved from http://cybersecurityventures.com/cybersecurity-market-report/
Diogenes Y, Betts D (2017) Internet of things security architecture. Retrieved May 2017, from Microsoft Azure: https://docs.microsoft.com/en-us/azure/iot-suite/iot-security-architecture
Evans PC, Annunziata M (2012) Industrial internet: pushing the boundaries of minds and machines. General electric
Federal Bureau of Investigation (2015) Public service announcement: internet of things poses opportunities for cybercrime. United States Federal Bureau of Investigation, Washington, DC. Retrieved from https://www.ic3.gov/media/2015/150910.aspx
Franceschi-Bicchierai L (2016) Internet of things malware has apparently reached almost all countries on earth. Motherboard. Retrieved Apr 2017, from https://motherboard.vice.com/en_us/article/internet-of-things-mirai-malware-reached-almost-all-countries-on-earth
Gartner (2015) Gartner Says 6.4 Billion Connected “Things” Will be in Use in 2016, Up 30 Percent from 2015. Retrieved Nov 2016, from http://www.gartner.com/newsroom/id/3165317
Goodin D (2015) 9 baby monitors wide open to hacks that expose users’ most private moments. Retrieved 5 Dec 2016, from http://arstechnica.com/security/2015/09/9-baby-monitors-wide-open-to-hacks-that-expose-users-most-private-moments/
Heiles J (2015) AIOTI WG03 IoT standardisation. Platforms for connected factories of the future workshop. Brussels. Retrieved from http://ec.europa.eu/information_society/newsroom/image/document/2015-44/11_heiles_11948.pdf
Hernan S, Lambert S, Ostwald T, Shostack A (2006) Uncover security design flaws using the STRIDE approach. MSDN Magazine.
Higginbotham S (2015) 5 reasons why the ‘smart home’ is still stupid. (Fortune) Retrieved 5 Dec 2016, from http://fortune.com/2015/08/19/smart-home-stupid/
Hunt T (2015) When children are breached – inside the massive VTech hack. Retrieved Dec 2015, from Troyhunt.com: https://www.troyhunt.com/when-children-are-breached-inside/
International Telecommunication Union (2012) Series Y: global information infrastructure, internet protocol aspects and next-generation networks – overview of the internet of things. Telecommunication Standardization Sector of ITU (ITU-T).
Internet-Connected Hello Barbie Doll Can Be Hacked (2015) Retrieved 5 Dec 2016, from http://www.pcworld.com/article/3012220/security/internet-connected-hello-barbie-doll-can-be-hacked.html
IoT Security Foundation (2016) About Us. (IoT Security Foundation) Retrieved 5 Dec 2016, from https://iotsecurityfoundation.org/about-us/
Kaspersky Lab (2016) Predictions for 2017: ‘indicators of compromise’ are dead. Kaspersky Security Bulletin.
L&T Technology Solutions (2014) Security considerations for internet of things. L&T Technology Solutions.
Lewis JA (2015) Managing risk for the internet of things. Center for Strategic and International Studies (CSIS), Washington, DC
Links C (2012) The new smart home is the really smart home. Retrieved Apr 2017, from Wireless Design Magazine: https://www.wirelessdesignmag.com/blog/2012/09/new-smart-home-really-smart-home
McAfee Labs (2016) 2017 threats predictions. Intel Security.
Meier J, Mackman A, Dunner M, Vasireddy S, Escamilla R, Murukan A (2003) Chapter 3: threat modeling. In: Improving web application security: threats and countermeasures. Microsoft Corporation. Retrieved from https://msdn.microsoft.com/en-us/library/ff648644.aspx
Michele B, Karpow A (2014) Watch and be watched: compromising all smart TV generations. IEEE 11th Annual Consumer Communications & Networking Conference (CCNC) – Security Privacy and Content Protection. Las Vegas
Microsoft (2005) The STRIDE threat model. Retrieved Apr 2017, from Microsoft Developer Network: https://msdn.microsoft.com/en-us/library/ee823878(v=cs.20).aspx
Mills K-A (2017) Hackers can unlock your home’s front door with innocent looking DOLL and you won’t even know they’ve done it. Retrieved Apr 2017, from Mirror: http://www.mirror.co.uk/news/uk-news/hackers-can-unlock-your-homes-9816119
Munro K (2015) New Wi-Fi kettle, same old security issues? Meh. Retrieved 5 Dec 2016, from https://www.pentestpartners.com/blog/new-wi-fi-kettle-same-old-security-issues-meh/
Munro K (2016) Yet another vulnerability in the smarter Wi-Fi Kettle. Retrieved 5 Dec 2016, from https://www.pentestpartners.com/blog/yet-another-vulnerability-in-the-smarter-wi-fi-kettle/
National Institute of Standards and Technology (NIST) (2013) Guidelines for managing the security of mobile devices in the enterprise. United States Department of Commerce. NIST Special Publication 800–124. Retrieved from http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-124r1.pdf
Nedeltchev P (2015) The internet of everything is the new economy. Retrieved Nov 2016, from http://www.cisco.com/c/en/us/solutions/collateral/enterprise/cisco-on-cisco/Cisco_IT_Trends_IoE_Is_the_New_Economy.html
Newlands M (2016) 6 disruptive trends in technology for 2017. Retrieved 6 Dec 2016, from http://www.forbes.com/sites/mnewlands/2016/08/31/6-disruptive-trends-in-technology-for-2017
Open Web Application Security Project (OWASP) (2013) OWASP Mobile Security Project – Mobile Threat Model. Retrieved Feb 2015, from https://www.owasp.org/index.php/Projects/OWASP_Mobile_Security_Project_-_Mobile_Threat_Model
OWASP (2013) Application threat modeling. OWASP. Retrieved from https://www.owasp.org/index.php/Application_Threat_Modeling
OWASP (2015) IoT attack surface areas (draft). Retrieved May 2017, from OWASP IoT Attack Surface Areas Project: https://www.owasp.org/index.php/IoT_Attack_Surface_Areas
Rafferty L (2015) A location privacy model and framework for mobile toy computing. University of Ontario Institute of Technology, Canada
Roman R, Zhou J, Lopez J (2013) On the features and challenges of security and privacy in distributed internet of things. Comput Netw 2013(57):2266–2279
Schneier B (2014) The internet of things is wildly insecure – and often unpatchable. (Schneier on Security) Retrieved 5 Dec 2016, from https://www.schneier.com/essays/archives/2014/01/the_internet_of_thin.html
Shields T, Pelino M, McClean C, Duong J, Maxim M, Blackborow J, Dostie P (2016) Secure IoT as it advances through maturity phases: predict and prevent attacks targeting the internet of things. Forrester. Retrieved from https://www.forrester.com/report/Secure+IoT+As+It+Advances+Through+Maturity+Phases/-/E-RES128642
Sorrell S (2015) Connected homes: getting smarter. Juniper Research, Hampshire
Tagade K (2016) Top 7 cyber-security predictions for 2017 and beyond. (iamwire) Retrieved 6 Dec 2016, from http://www.iamwire.com/2016/12/top-7-cyber-security-predictions-for-2017-and-beyond/145494
Tierney A (2016) Pwning CCTV cameras. Retrieved 5 Dec 2016, from https://www.pentestpartners.com/blog/pwning-cctv-cameras/
U.S. Department of Homeland Security (2016) Strategic principles for securing the Internet of Things (IoT). U.S. Department of Homeland Security. Retrieved Nov 2016, from https://www.dhs.gov/sites/default/files/publications/Strategic_Principles_for_Securing_the_Internet_of_Things-2016-1115-FINAL_v2-dg11.pdf
United States Federal Bureau of Investigation (2015) Public service announcement: internet of things poses opportunities for cyber crime. Retrieved Nov 2016, from https://www.ic3.gov/media/2015/150910.aspx
VTech (2016) FAQ about Cyber Attack on VTech Learning Lodge. Retrieved Apr 2017, from VTech Press Releases: https://www.vtech.com/en/press_release/2016/faq-about-cyber-attack-on-vtech-learning-lodge/
Williams J, Wichers D (2017) OWASP Top 10: the ten most critical web application security risks. The Open Web Application Security Project (OWASP)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this chapter
Cite this chapter
Rafferty, L., Iqbal, F., Hung, P.C.K. (2017). A Security Threat Analysis of Smart Home Network with Vulnerable Dynamic Agents. In: Tang, J., Hung, P. (eds) Computing in Smart Toys. International Series on Computer Entertainment and Media Technology. Springer, Cham. https://doi.org/10.1007/978-3-319-62072-5_8
Download citation
DOI: https://doi.org/10.1007/978-3-319-62072-5_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-62071-8
Online ISBN: 978-3-319-62072-5
eBook Packages: Computer ScienceComputer Science (R0)