Advertisement

Cyber Threat Analysis of Consumer Devices

  • Hemant GuptaEmail author
  • Mayank SinghEmail author
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 1046)

Abstract

Security is a crucial aspect of our lives. The concept of smart home infrastructure drives the idea of providing flexibility to the end-user, to control their home devices from the remote location. It contains the upgrade of home-devices from traditional mode to the internet. Manufactures of smart home devices focusing on the usability part and do not develop the smart home devices from scratch they use the solutions already provided by big IT companies. Due to the lack of the standard for IoT devices communication, these devices are incompatible with each other. Different types of attacks done on many smart home devices using malicious firmware, insecure communication channel, physical uploading the malicious software and many more. In this paper, we represent the analysis of the survey on different smart home solutions and devices done by many researchers in the past few years and solutions provided by them. Analyzing different authors work and recent incidents, we found that we are still far behind the smart home security. It is not only the responsibility of manufactures but also the duty of the end-user to take the security of these devices seriously by using proper preventive measures.

Keywords

Smart home Internet of Things Security Smart bulb Vulnerabilities 

Notes

Acknowledgement

We are thankful to Dr. Paul Van Oorschot for his guidance and constant supervision as well as for providing necessary information and support.

References

  1. 1.
    Liu, H., Li, C., Jin, X., Li, J., Zhang, Y., Gu, D.: Smart solution, poor protection: an empirical study of security and privacy issues in developing and deploying smart home devices. In: Proceeding of Internet of Things on Security and Privacy, IoTS&P@CCS in Dallas, TX, USA, 3 November 2017Google Scholar
  2. 2.
    Kanuparthi, A., Karri, R., Addepalli, S.: Hardware and embedded security in the context of internet of things. In: Proceedings of the 2013 ACM Workshop on Security, Privacy & Dependability for Cyber Vehicles (CyCAR 2013), pp. 61–64. ACM, New York (2013)Google Scholar
  3. 3.
    Jang, W., Chhabra, A., Prasad, A.: Enabling multi-user controls in smart home devices. In: Proceeding of Internet of Things on Security and Privacy, IoTS&P@CCS in Dallas, TX, USA, 3 November 2017Google Scholar
  4. 4.
  5. 5.
    Oblick, D.: Just what is a ‘smart-home’ anyway?, May 2016. https://www.cnbc.com/2016/05/09/just-what-is-a-smart-home-anyway.html
  6. 6.
    Ozmen, M.O., Yavuz, A.A.: Low-cost standard public key cryptography services for wireless IoT systems. In: Proceeding of Internet of Things on Security and Privacy, IoTS&P@CCS in Dallas, TX, USA, 3 November 2017Google Scholar
  7. 7.
    Ronen, E., Shamir, A.: Extended functionality attacks on IoT devices: the case of smart lights. In: Proceedings of IEEE European Symposium on Security and Privacy (2016)Google Scholar
  8. 8.
  9. 9.
    Ho, G., Leung, D., Mishra, P., Hosseini, A., Song, D., Wagner, D.: Smart locks: lessons for securing commodity internet of things devices. In: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security (ASIA CCS 2016), pp. 461–472. ACM, New York (2016)Google Scholar
  10. 10.
    Ronen, E., Shamir, A., Weingarten, A.O., O’Flynn, C.: IoT goes nuclear: creating a Zigbee chain reaction. IEEE Secur. Priv. 16(1), 54–62 (2018)CrossRefGoogle Scholar
  11. 11.
    Fernandes, E., Jung, J., Prakash, A.: Security analysis of emerging smart home applications. In: Proceeding of 37th IEEE Symposium on Security and Privacy (2016)Google Scholar
  12. 12.
    Avizheh, S., Doan, T.T., Liu, X., Safavi-Naini, R.: A secure event logging system for smart homes. In: Proceeding of Internet of Things on Security and Privacy, IoTS&P@CCS in Dallas, TX, USA, 3 November 2017Google Scholar
  13. 13.
    Nawir, M., Amir, A., Yaakob, N., Lynn, O.B.: Internet of Things (IoT): taxonomy of security attacks. In: The Proceedings of 3rd International Conference on Electronic Design (ICED), 11–12 August 2016Google Scholar
  14. 14.
    Bauer, L., Garriss, S., Reiter, M.K.: Detecting and resolving policy misconfigurations in access-control systems. ACM Trans. Inf. Syst. Secure. 14(1), 28 (2011). Article id 2Google Scholar
  15. 15.
    Hernandez, G., Arias, O., Buentello, D., Jin, Y.: Smart Nest Thermostat: A Smart Spy in Your Home. http://www.cisco.com/web/about/ac79/docs/innov/IoT_IBSG_0411FINAL.pdf
  16. 16.
    King, R.: Nest is Turning Up the Security on Its Thermostats, 7 March 2017. http://fortune.com/2017/03/07/nest-thermostat-security/
  17. 17.
    Twentyman, J.: Hacking medical devices is the next big security concern | Financial Times (2018). https://www.ft.com/content/75912040-98ad-11e7-8c5c-c8d8fa6961bb
  18. 18.
    Qadir, M.: What is DNS hijacking and How It Works? PureVPN Blog (2018). https://www.purevpn.com/blog/dns-hijacking/
  19. 19.
  20. 20.
    Shoemaker, A.: Incapsula.com (2018). https://www.incapsula.com/blog/how-to-identify-a-mirai-style-ddos-attack.html. Accessed 10 July 2018
  21. 21.
    Ics-cert.us-cert.gov: Philips IntelliSpace Cardiovascular System Vulnerability | ICS-CERT, 25 January 2018. https://ics-cert.us-cert.gov/advisories/ICSMA-18-025-01
  22. 22.
    Pennic, J.: Philips Unveils IntelliSpace Cardiovascular 2.1: 5 Things to Know, 29 August 2018. Hitconsultant.net. http://hitconsultant.net/2016/08/29/philips-unveils-intellispace-cardiovascular-2-1-10-things-know/
  23. 23.
    Cwe.mitre.org: CWE - CWE-613: Insufficient Session Expiration (3.0) (2018). http://cwe.mitre.org/data/definitions/613.html
  24. 24.
    Al Alkeem, E., Yeun, C.Y., Zemerly, M.J.: Security and privacy framework for ubiquitous healthcare IoT devices. In: 2015 10th International Conference for Internet Technology and Secured Transactions (ICITST), London, pp. 70–75 (2015)Google Scholar
  25. 25.
  26. 26.
    Palmer, D.: After WannaCry ransomware attack, the NHS is toughening its cyber defences | ZDNet (2018). ZDNet: https://www.zdnet.com/article/after-wannacry-ransomware-attack-the-nhs-is-toughening-its-cyber-defences/
  27. 27.
    Singh, K.: What is Aadhaar card and where is it mandatory?, 27 March 2017. The Indian Express. http://indianexpress.com/article/what-is/what-is-aadhaar-card-and-where-is-it-mandatory-4587547/
  28. 28.
    Agarwal, S.: UIDAI firewalls 5,000 officials post ‘breach’, 9 January 2018. The Economic Times. https://economictimes.indiatimes.com/news/politics-and-nation/uidai-firewalls-5000-officials-postbreach/articleshow/62423133.cms
  29. 29.
    Kerk, J.: First ATM ‘Jackpotting’ Attacks Hit US, 29 January 2018. https://www.bankinfosecurity.com/first-cases-atm-jackpotting-hit-us-a-10610
  30. 30.
    Regalado, D.: Criminals Hit the ATM Jackpot, 11 October 2013. https://www.symantec.com/connect/blogs/criminals-hit-atm-jackpot
  31. 31.
    Nausheen, F., Begum, S.H.: Healthcare IoT: benefits, vulnerabilities and solutions. In: 2018 2nd International Conference on Inventive Systems and Control (ICISC), Coimbatore, pp. 517–522 (2018)Google Scholar
  32. 32.
    Hosseinzadeh, S., Rauti, S., Hyrynsalmi, S., Leppänen, V.: Security in the Internet of Things through obfuscation and diversification. In: 2015 International Conference on Computing, Communication and Security (ICCCS), Pamplemousses, pp. 1–5 (2015)Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  1. 1.School of Computer ScienceCarleton UniversityOttawaCanada
  2. 2.Department of Computer Science and EngineeringUniversity of KwaZulu-NatalDurbanSouth Africa

Personalised recommendations