nach oben

Erschienen in:

2018 | OriginalPaper | Buchkapitel

Opening Pandora’s Box: Effective Techniques for Reverse Engineering IoT Devices

verfasst von : Omer Shwartz, Yael Mathov, Michael Bohadana, Yuval Elovici, Yossi Oren

Erschienen in: Smart Card Research and Advanced Applications

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

With the growth of the Internet of Things, many insecure embedded devices are entering into our homes and businesses. Some of these web-connected devices lack even basic security protections such as secure password authentication. As a result, thousands of IoT devices have already been infected with malware and enlisted into malicious botnets and many more are left vulnerable to exploitation.

In this paper we analyze the practical security level of 16 popular IoT devices from high-end and low-end manufacturers. We present several low-cost black-box techniques for reverse engineering these devices, including software and fault injection based techniques for bypassing password protection. We use these techniques to recover device firmware and passwords. We also discover several common design flaws which lead to previously unknown vulnerabilities. We demonstrate the effectiveness of our approach by modifying a laboratory version of the Mirai botnet to automatically include these devices. We also discuss how to improve the security of IoT devices without significantly increasing their cost.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Nächstes Kapitel Optimal First-Order Boolean Masking for Embedded IoT Devices

Nur mit Berechtigung zugänglich

crypt(3) Man Page: Linux Programmer’s Manual. http://man7.org/linux/man-pages/man3/crypt.3.html

Firmware-mod-kit Github Repository. https://github.com/mirror/firmware-mod-kit

Hashcat Password Recovery Tool. https://hashcat.net/

John the Ripper Password Cracker. http://www.openwall.com/john/

Mirai Github Repository. https://github.com/jgamblin/Mirai-Source-Code

Alqassem, I., Svetinovic, D.: A taxonomy of security and privacy requirements for the internet of things (IoT). In: 2014 IEEE International Conference on Industrial Engineering and Engineering Management, IEEM 2014, Selangor Darul Ehsan, Malaysia, 9–12 December 2014, pp. 1244–1248. IEEE (2014). https://doi.org/10.1109/IEEM.2014.7058837

Anderson, R., Kuhn, M.: Low cost attacks on tamper resistant devices. In: Christianson, B., Crispo, B., Lomas, M., Roe, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 125–136. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0028165 CrossRef

Anonymous: The author’s github repository. Details omitted for anonymous submission (2017)

Atmel Corporation: ATtiny13A Datasheet, May 2012. http://www.atmel.com/images/doc8126.pdf

10.

Bodenheim, R., Butts, J., Dunlap, S., Mullins, B.E.: Evaluation of the ability of the Shodan search engine to identify internet-facing industrial control devices. IJCIP 7(2), 114–123 (2014). https://doi.org/10.1016/j.ijcip.2014.03.001

11.

Chen, D.D., Woo, M., Brumley, D., Egele, M.: Towards automated dynamic analysis for Linux-based embedded firmware. In: NDSS (2016)

12.

Costin, A., Zaddach, J., Francillon, A., Balzarotti, D.: A large-scale analysis of the security of embedded firmwares. In: Fu, K., Jung, J. (eds.) Proceedings of the 23rd USENIX Security Symposium, San Diego, CA, USA, 20–22 August 2014, pp. 95–110. USENIX Association (2014). https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/costin

13.

Courbon, F., Skorobogatov, S., Woods, C.: Reverse engineering flash EEPROM memories using scanning electron microscopy. In: Lemke-Rust, K., Tunstall, M. (eds.) CARDIS 2016. LNCS, vol. 10146, pp. 57–72. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-54669-8_4 CrossRef

14.

Cui, A., Costello, M., Stolfo, S.J.: When firmware modifications attack: a case study of embedded exploitation. In: 20th Annual Network and Distributed System Security Symposium, NDSS 2013, San Diego, California, USA, 24–27 February 2013. The Internet Society (2013). http://internetsociety.org/doc/when-firmware-modifications-attack-case-study-embedded-exploitation

15.

DaRolt, J., Das, A., Natale, G.D., Flottes, M., Rouzeyre, B., Verbauwhede, I.: Test versus security: past and present. IEEE Trans. Emerging Topics Comput. 2(1), 50–62 (2014). https://doi.org/10.1109/TETC.2014.2304492 CrossRef

16.

Davis, R., Merriam, N., Tracey, N.: How embedded applications using an RTOS can stay within on-chip memory limits. In: 12th EuroMicro Conference on Real-Time Systems, pp. 71–77 (2000)

17.

Gartner: Gartner says 4.9 Billion Connected “Things” will be in Use in 2015. Gartner.com (2014). http://www.gartner.com/newsroom/id/2905717

18.

Gordon Lyon: Nmap Security Scanner. https://nmap.org/

19.

Goubet, L., Heydemann, K., Encrenaz, E., De Keulenaer, R.: Efficient design and evaluation of countermeasures against fault attacks using formal verification. In: Homma, N., Medwed, M. (eds.) CARDIS 2015. LNCS, vol. 9514, pp. 177–192. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-31271-2_11 CrossRef

20.

Gubbi, J., Buyya, R., Marusic, S., Palaniswami, M.: Internet of things (IoT): a vision, architectural elements, and future directions. Future Gener. Comput. Syst. 29(7), 1645–1660 (2013). https://doi.org/10.1016/j.future.2013.01.010 CrossRef

21.

Halderman, J.A., Schoen, S.D., Heninger, N., Clarkson, W., Paul, W., Calandrino, J.A., Feldman, A.J., Appelbaum, J., Felten, E.W.: Lest we remember: cold-boot attacks on encryption keys. Commun. ACM 52(5), 91–98 (2009). http://doi.acm.org/10.1145/1506409.1506429 CrossRef

22.

Hollabaugh, C.: Embedded Linux: Hardware, Software, and Interfacing. Addison-Wesley, Boston (2002)

23.

Krebs, B.: Krebsonsecurity Hit with Record DDoS. https://krebsonsecurity.com/2016/09/krebsonsecurity-hit-with-record-ddos/

24.

Lanet, J.-L., Bouffard, G., Lamrani, R., Chakra, R., Mestiri, A., Monsif, M., Fandi, A.: Memory forensics of a java card dump. In: Joye, M., Moradi, A. (eds.) CARDIS 2014. LNCS, vol. 8968, pp. 3–17. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-16763-3_1

25.

Ling, Z., Luo, J., Xu, Y., Gao, C., Wu, K., Fu, X.: Security vulnerabilities of internet of things: a case study of the smart plug system. IEEE Internet Things J. 4, 1899–1909 (2017)CrossRef

26.

Liu, M., Zhang, Y., Li, J., Shu, J., Gu, D.: Security analysis of vendor customized code in firmware of embedded device. In: Deng, R., Weng, J., Ren, K., Yegneswaran, V. (eds.) SecureComm 2016. LNICST, vol. 198, pp. 722–739. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-59608-2_40 CrossRef

27.

Lund, D., MacGillivray, C., Turner, V., Morales, M.: Worldwide and regional internet of things (IoT) 2014–2020 forecast: a virtuous circle of proven value and demand. International Data Corporation (IDC), Technical report (2014)

28.

Mahmoud, R., Yousuf, T., Aloul, F.A., Zualkernan, I.A.: Internet of Things (IoT) security: current status, challenges and prospective measures. In: 10th International Conference for Internet Technology and Secured Transactions, ICITST 2015, London, United Kingdom, 14–16 December 2015, pp. 336–341. IEEE (2015). https://doi.org/10.1109/ICITST.2015.7412116

29.

Nest Labs: Nest Learning Smart Thermostat. https://nest.com/thermostat/meet-nest-thermostat/

30.

Obermaier, J., Hutle, M.: Analyzing the security and privacy of cloud-based video surveillance systems. In: Proceedings of the 2nd ACM International Workshop on IoT Privacy, Trust, and Security, pp. 22–28. ACM (2016)

31.

Patton, M.W., Gross, E., Chinn, R., Forbis, S., Walker, L., Chen, H.: Uninvited connections: a study of vulnerable devices on the Internet of Things (IoT). In: IEEE Joint Intelligence and Security Informatics Conference, JISIC 2014, The Hague, The Netherlands, 24–26 September 2014, pp. 232–235. IEEE (2014). https://doi.org/10.1109/JISIC.2014.43

32.

San Pedro, M., Soos, M., Guilley, S.: FIRE: fault injection for reverse engineering. In: Ardagna, C.A., Zhou, J. (eds.) WISTP 2011. LNCS, vol. 6633, pp. 280–293. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-21040-2_20 CrossRef

33.

Philips: Philips In.Sight Wireless HD Baby Monitor. http://www.philips.co.uk/c-p/B120N_10/in.sight-wireless-hd-baby-monitor/overview

34.

Rosenfeld, K., Karri, R.: Attacks and defenses for JTAG. IEEE Design Test Comput. 27(1), 36–47 (2010). https://doi.org/10.1109/MDT.2010.9 CrossRef

35.

Shodan: Shodan is the world’s first search engine for internet-connected devices. https://www.shodan.io/

36.

Sicari, S., Rizzardi, A., Grieco, L.A., Coen-Porisini, A.: Security, privacy and trust in internet of things: the road ahead. Comput. Netw. 76, 146–164 (2015). https://doi.org/10.1016/j.comnet.2014.11.008 CrossRef

37.

Tellez, M., El-Tawab, S., Heydari, H.M.: Improving the security of wireless sensor networks in an IoT environmental monitoring system. In: Systems and Information Engineering Design Symposium (SIEDS), pp. 72–77. IEEE (2016)

38.

Vlasenko, D.: BusyBox: The Swiss Army Knife of Embedded Linux. https://busybox.net/

39.

Yu, T., Sekar, V., Seshan, S., Agarwal, Y., Xu, C.: Handling a trillion (unfixable) flaws on a billion devices: Rethinking network security for the Internet-of-Things. In: de Oliveira, J., Smith, J., Argyraki, K.J., Levis, P. (eds.) Proceedings of the 14th ACM Workshop on Hot Topics in Networks, Philadelphia, PA, USA, 16–17 November 2015, pp. 5:1–5:7. ACM (2015). http://doi.acm.org/10.1145/2834050.2834095

40.

Zhang, Z., Cho, M.C.Y., Wang, C., Hsu, C., Chen, C.K., Shieh, S.: IoT security: ongoing challenges and research opportunities. In: 7th IEEE International Conference on Service-Oriented Computing and Applications, SOCA 2014, Matsue, Japan, 17–19 November 2014, pp. 230–234. IEEE Computer Society (2014). https://doi.org/10.1109/SOCA.2014.58

Titel: Opening Pandora’s Box: Effective Techniques for Reverse Engineering IoT Devices
verfasst von: Omer Shwartz
Yael Mathov
Michael Bohadana
Yuval Elovici
Yossi Oren
Verlag: Springer International Publishing
Buch: Smart Card Research and Advanced Applications
Print ISBN: 978-3-319-75207-5

Electronic ISBN: 978-3-319-75208-2

Copyright-Jahr: 2018
DOI: https://doi.org/10.1007/978-3-319-75208-2_1

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner