Abstract
Security is a crucial aspect of our lives. The concept of smart home infrastructure drives the idea of providing flexibility to the end-user, to control their home devices from the remote location. It contains the upgrade of home-devices from traditional mode to the internet. Manufactures of smart home devices focusing on the usability part and do not develop the smart home devices from scratch they use the solutions already provided by big IT companies. Due to the lack of the standard for IoT devices communication, these devices are incompatible with each other. Different types of attacks done on many smart home devices using malicious firmware, insecure communication channel, physical uploading the malicious software and many more. In this paper, we represent the analysis of the survey on different smart home solutions and devices done by many researchers in the past few years and solutions provided by them. Analyzing different authors work and recent incidents, we found that we are still far behind the smart home security. It is not only the responsibility of manufactures but also the duty of the end-user to take the security of these devices seriously by using proper preventive measures.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Liu, H., Li, C., Jin, X., Li, J., Zhang, Y., Gu, D.: Smart solution, poor protection: an empirical study of security and privacy issues in developing and deploying smart home devices. In: Proceeding of Internet of Things on Security and Privacy, IoTS&P@CCS in Dallas, TX, USA, 3 November 2017
Kanuparthi, A., Karri, R., Addepalli, S.: Hardware and embedded security in the context of internet of things. In: Proceedings of the 2013 ACM Workshop on Security, Privacy & Dependability for Cyber Vehicles (CyCAR 2013), pp. 61–64. ACM, New York (2013)
Jang, W., Chhabra, A., Prasad, A.: Enabling multi-user controls in smart home devices. In: Proceeding of Internet of Things on Security and Privacy, IoTS&P@CCS in Dallas, TX, USA, 3 November 2017
ABIresearch. Smart, April 2017. https://www.abiresearch.com/market-research/service/smart-home/
Oblick, D.: Just what is a ‘smart-home’ anyway?, May 2016. https://www.cnbc.com/2016/05/09/just-what-is-a-smart-home-anyway.html
Ozmen, M.O., Yavuz, A.A.: Low-cost standard public key cryptography services for wireless IoT systems. In: Proceeding of Internet of Things on Security and Privacy, IoTS&P@CCS in Dallas, TX, USA, 3 November 2017
Ronen, E., Shamir, A.: Extended functionality attacks on IoT devices: the case of smart lights. In: Proceedings of IEEE European Symposium on Security and Privacy (2016)
https://www.zigbee.org/zigbee-for-developers/applicationstandards/zigbee-light-link/
Ho, G., Leung, D., Mishra, P., Hosseini, A., Song, D., Wagner, D.: Smart locks: lessons for securing commodity internet of things devices. In: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security (ASIA CCS 2016), pp. 461–472. ACM, New York (2016)
Ronen, E., Shamir, A., Weingarten, A.O., O’Flynn, C.: IoT goes nuclear: creating a Zigbee chain reaction. IEEE Secur. Priv. 16(1), 54–62 (2018)
Fernandes, E., Jung, J., Prakash, A.: Security analysis of emerging smart home applications. In: Proceeding of 37th IEEE Symposium on Security and Privacy (2016)
Avizheh, S., Doan, T.T., Liu, X., Safavi-Naini, R.: A secure event logging system for smart homes. In: Proceeding of Internet of Things on Security and Privacy, IoTS&P@CCS in Dallas, TX, USA, 3 November 2017
Nawir, M., Amir, A., Yaakob, N., Lynn, O.B.: Internet of Things (IoT): taxonomy of security attacks. In: The Proceedings of 3rd International Conference on Electronic Design (ICED), 11–12 August 2016
Bauer, L., Garriss, S., Reiter, M.K.: Detecting and resolving policy misconfigurations in access-control systems. ACM Trans. Inf. Syst. Secure. 14(1), 28 (2011). Article id 2
Hernandez, G., Arias, O., Buentello, D., Jin, Y.: Smart Nest Thermostat: A Smart Spy in Your Home. http://www.cisco.com/web/about/ac79/docs/innov/IoT_IBSG_0411FINAL.pdf
King, R.: Nest is Turning Up the Security on Its Thermostats, 7 March 2017. http://fortune.com/2017/03/07/nest-thermostat-security/
Twentyman, J.: Hacking medical devices is the next big security concern | Financial Times (2018). https://www.ft.com/content/75912040-98ad-11e7-8c5c-c8d8fa6961bb
Qadir, M.: What is DNS hijacking and How It Works? PureVPN Blog (2018). https://www.purevpn.com/blog/dns-hijacking/
Gilburg, J.: Rsaconference.com (2018). https://www.rsaconference.com/writable/presentations/file_upload/spo2-r10_zero-touch-device-onboarding-to-iot-control-platforms.pdf
Shoemaker, A.: Incapsula.com (2018). https://www.incapsula.com/blog/how-to-identify-a-mirai-style-ddos-attack.html. Accessed 10 July 2018
Ics-cert.us-cert.gov: Philips IntelliSpace Cardiovascular System Vulnerability | ICS-CERT, 25 January 2018. https://ics-cert.us-cert.gov/advisories/ICSMA-18-025-01
Pennic, J.: Philips Unveils IntelliSpace Cardiovascular 2.1: 5 Things to Know, 29 August 2018. Hitconsultant.net. http://hitconsultant.net/2016/08/29/philips-unveils-intellispace-cardiovascular-2-1-10-things-know/
Cwe.mitre.org: CWE - CWE-613: Insufficient Session Expiration (3.0) (2018). http://cwe.mitre.org/data/definitions/613.html
Al Alkeem, E., Yeun, C.Y., Zemerly, M.J.: Security and privacy framework for ubiquitous healthcare IoT devices. In: 2015 10th International Conference for Internet Technology and Secured Transactions (ICITST), London, pp. 70–75 (2015)
Mcafee.com: McAfee Labs Threats Report, June 2018. https://www.mcafee.com/enterprise/en-us/assets/reports/rp-quarterly-threats-jun-2018.pdf
Palmer, D.: After WannaCry ransomware attack, the NHS is toughening its cyber defences | ZDNet (2018). ZDNet: https://www.zdnet.com/article/after-wannacry-ransomware-attack-the-nhs-is-toughening-its-cyber-defences/
Singh, K.: What is Aadhaar card and where is it mandatory?, 27 March 2017. The Indian Express. http://indianexpress.com/article/what-is/what-is-aadhaar-card-and-where-is-it-mandatory-4587547/
Agarwal, S.: UIDAI firewalls 5,000 officials post ‘breach’, 9 January 2018. The Economic Times. https://economictimes.indiatimes.com/news/politics-and-nation/uidai-firewalls-5000-officials-postbreach/articleshow/62423133.cms
Kerk, J.: First ATM ‘Jackpotting’ Attacks Hit US, 29 January 2018. https://www.bankinfosecurity.com/first-cases-atm-jackpotting-hit-us-a-10610
Regalado, D.: Criminals Hit the ATM Jackpot, 11 October 2013. https://www.symantec.com/connect/blogs/criminals-hit-atm-jackpot
Nausheen, F., Begum, S.H.: Healthcare IoT: benefits, vulnerabilities and solutions. In: 2018 2nd International Conference on Inventive Systems and Control (ICISC), Coimbatore, pp. 517–522 (2018)
Hosseinzadeh, S., Rauti, S., Hyrynsalmi, S., Leppänen, V.: Security in the Internet of Things through obfuscation and diversification. In: 2015 International Conference on Computing, Communication and Security (ICCCS), Pamplemousses, pp. 1–5 (2015)
Acknowledgement
We are thankful to Dr. Paul Van Oorschot for his guidance and constant supervision as well as for providing necessary information and support.
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Gupta, H., Singh, M. (2019). Cyber Threat Analysis of Consumer Devices. In: Singh, M., Gupta, P., Tyagi, V., Flusser, J., Ören, T., Kashyap, R. (eds) Advances in Computing and Data Sciences. ICACDS 2019. Communications in Computer and Information Science, vol 1046. Springer, Singapore. https://doi.org/10.1007/978-981-13-9942-8_4
Download citation
DOI: https://doi.org/10.1007/978-981-13-9942-8_4
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-13-9941-1
Online ISBN: 978-981-13-9942-8
eBook Packages: Computer ScienceComputer Science (R0)