Is Your Kettle Smarter Than a Hacker? A Scalable Tool for Assessing Replay Attack Vulnerabilities on Consumer IoT Devices
CoRR(2024)
摘要
Consumer Internet of Things (IoT) devices often leverage the local network to
communicate with the corresponding companion app or other devices. This has
benefits in terms of efficiency since it offloads the cloud. ENISA and NIST
security guidelines underscore the importance of enabling default local
communication for safety and reliability. Indeed, an IoT device should continue
to function in case the cloud connection is not available. While the security
of cloud-device connections is typically strengthened through the usage of
standard protocols, local connectivity security is frequently overlooked.
Neglecting the security of local communication opens doors to various threats,
including replay attacks. In this paper, we investigate this class of attacks
by designing a systematic methodology for automatically testing IoT devices
vulnerability to replay attacks. Specifically, we propose a tool, named
REPLIOT, able to test whether a replay attack is successful or not, without
prior knowledge of the target devices. We perform thousands of automated
experiments using popular commercial devices spanning various vendors and
categories. Notably, our study reveals that among these devices, 51
not support local connectivity, thus they are not compliant with the
reliability and safety requirements of the ENISA/NIST guidelines. We find that
75
having a detection accuracy of 0.98-1. Finally, we investigate the possible
causes of this vulnerability, discussing possible mitigation strategies.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要