research-article

Blinded and confused: uncovering systemic flaws in device telemetry for smart-home internet of things

Authors:

Bradley ReavesAuthors Info & Claims

WiSec '19: Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks

Pages 140 - 150

https://doi.org/10.1145/3317549.3319724

Published: 15 May 2019 Publication History

Abstract

The always-on, always-connected nature of smart home devices complicates Internet-of-Things (IoT) security and privacy. Unlike traditional hosts, IoT devices constantly send sensor, state, and heartbeat data to cloud-based servers. These data channels require reliable, routine communication, which is often at odds with an IoT device's storage and power constraints. Although recent efforts such as pervasive encryption have addressed protecting data intransit, there remains little insight into designing mechanisms for protecting integrity and availability for always-connected devices. This paper seeks to better understand smart home device security by studying the vendor design decisions surrounding IoT telemetry messaging protocols, specifically, the behaviors taken when an IoT device loses connectivity. To understand this, we hypothesize and evaluate sensor blinding and state confusion attacks, measuring their effectiveness against an array of smart home IoT device types. Our analysis uncovers pervasive failure in designing telemetry that reports data to the cloud, and buffering that fails to properly cache undelivered data. We uncover that 22 of 24 studied devices suffer from critical design flaws that (1) enable attacks to transparently disrupt the reporting of device status alerts or (2) prevent the uploading of content integral to the device's core functionality. We conclude by considering the implications of these findings and offer directions for future defense. While the state of the art is rife with implementation flaws, there are several countermeasures IoT vendors could take to reduce their exposure to attacks of this nature.

References

[1]

Abbas Acar, Hossein Fereidooni, Tigist Abera, Amit Kumar Sikder, Markus Miettinen, Hidayet Aksu, Mauro Conti, Ahmad-Reza Sadeghi, and A Selcuk Uluagac. 2018. Peek-a-Boo: I see your smart home activities, even encrypted! https://arxiv.org/pdf/1808.02741.pdf

[2]

Vikram Sathyanarayana Anbazhagan, Rama Krishna Sandeep Pokkunuri, Swaminathan Sivasubramanian, Stefano Stefani, and Vladimir Zhukov. 2018. Service for developing dialog-driven applications. US Patent App. 15/360,814.

[3]

Apple Computers, Inc. 2018. iOS 12 Security Guide iOS. https://www.apple.com/business/site/docs/iOS_Security_Guide.pdf

[4]

Noah Apthorpe, Danny Yuxing Huang, Dillon Reisman, Arvind Narayanan, and Nick Feamster. 2018. Keeping the Smart Home Private with Smart (er) IoT Traffic Shaping. https://arxiv.org/pdf/1812.00955.pdf

[5]

Noah Apthorpe, Dillon Reisman, Srikanth Sundaresan, Arvind Narayanan, and Nick Feamster. 2017. Spying on the smart home: Privacy attacks and defenses on encrypted iot traffic. http://arxiv.org/abs/1708.05044

[6]

David Barrera, Ian Molloy, and Heqing Huang. 2017. IDIoT: Securing the Internet of Things like it's 1994. https://arxiv.org/abs/1712.03623

[7]

Stefano Basagni, Marco Conti, Silvia Giordano, and Ivan Stojmenovic. 2013. Mobile ad hoc networking: Cutting edge directions. Vol. 35. John Wiley & Sons, Hoboken, NJ.

[8]

Bruhadeshwar Bezawada, Maalvika Bachani, Jordan Peterson, Hossein Shirazi, Indrakshi Ray, and Indrajit Ray. 2018. Behavioral Fingerprinting of IoT Devices. In Proceedings of the 2018 Workshop on Attacks and Solutions in Hardware Security (ASHES '18). ACM, New York, NY, USA, 41--50.

Digital Library

[9]

Nick Bilton. 2016. Nest Thermostat Glitch Leaves Users in the Cold. https://nyti.ms/1Or0eH0

[10]

Nellie Bowles. 2018. Thermostats, Locks and Lights: Digital Tools of Domestic Abuse. The New York Times (2018).

[11]

Guillaume Celosia and Mathieu Cunche. 2018. Detecting Smartphone State Changes Through a Bluetooth Based Timing Attack. In Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks (WiSec '18). ACM, New York, NY, USA, 154--159.

Digital Library

[12]

Qi Alfred Chen, Yucheng Yin, Yiheng Feng, Z Morley Mao, and Henry X Liu. 2018. Exposing Congestion Attack on Emerging Connected Vehicle based Traffic Signal Control. In Network and Distributed Systems Security (NDSS) Symposium 2018. Internet Society, San Diego, CA, 1--15.

[13]

Google Cloud. 2018. Overview of Internet of Things: Data Storage. https://cloud.google.com/solutions/iot-overview

[14]

Thomas d'Otreppe. 2019. Aircrack-ng. https://www.aircrack-ng.org

[15]

Jeffrey Hagins and Alexander Hawkinson. 2016. Distributed control scheme for remote control and monitoring of devices through a data network. US Patent 9,462,041.

[16]

Jason Hanna and Stella Chan. 2018. The murder suspect denies it. The victim's Fitbit tells another story, police says. https://www.cnn.com/2018/10/04/us/california-fitbit-killing/

[17]

Marshall Honorof. 2017. Amazon Cloud Cam, Key Flaws Could Let in Burglars. https://www.tomsguide.com/us/amazon-key-cloud-cam-hack,news-26132.html

[18]

CleverLoop Inc. 2018. Smart Home Security System: FAQs Before Purchase. https://www.cleverloop.com/faqs.html

[19]

Information Sciences Institute. 1981. IETF RFC 793: Transmission Control Protocol (TCP). https://www.ietf.org/rfc/rfc793.txt

[20]

Yunhan Jack Jia, Qi Alfred Chen, Shiqi Wang, Amir Rahmati, Earlence Fernandes, Zhuoqing Morley Mao, Atul Prakash, and Shanghai JiaoTong Unviersity. 2017. ContexloT: Towards Providing Contextual Integrity to Appified IoT Platforms.

[21]

Andrew J Kerns, Daniel P Shepard, Jahshan A Bhatti, and Todd E Humphreys. 2014. Unmanned aircraft capture and control via GPS spoofing. Journal of Field Robotics 31, 4 (2014), 617--636.

Digital Library

[22]

Subhash Lakshminarayana, Jabir Shabbir Karachiwala, Sang-Yoon Chang, Girish Revadigar, Sristi Lakshmi Sravana Kumar, David K.Y. Yau, and Yih-Chun Hu. 2018. Signal Jamming Attacks Against Communication-Based Train Control: Attack Impact and Countermeasure. In Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks (WiSec '18). ACM, New York, NY, USA, 160--171.

Digital Library

[23]

Marc Liberatore and Brian Neil Levine. 2006. Inferring the Source of Encrypted HTTP Connections. In Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS '06). ACM, New York, NY, USA, 255--263.

Digital Library

[24]

M. Malekzadeh, R. G. Clegg, and H. Haddadi. 2018. Replacement AutoEncoder: A Privacy-Preserving Algorithm for Sensory Data Analysis. In 2018 IEEE/ACM Third International Conference on Internet-of-Things Design and Implementation (IoTDI). IEEE, Orlando, FL, 165--176.

[25]

Ramya Jayaram Masti, Claudio Marforio, Aanjhan Ranganathan, Aurélien Francillon, and Srdjan Capkun. 2012. Enabling Trusted Scheduling in Embedded Systems. In Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC '12). ACM, New York, NY, USA, 61--70.

Digital Library

[26]

Molly McHugh. 2015. How NestDoor and Nest Cams are helping cops solve crimes. https://www.wired.com/2015/12/nextdoor-crime-nest-cams/

[27]

M. Miettinen, S. Marchal, I. Hafeez, N. Asokan, A. R. Sadeghi, and S. Tarkoma. 2017. IoT SENTINEL: Automated Device-Type Identification for Security Enforcement in IoT. In 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS). IEEE, IEEE, Atlanta, GA, 2177--2184.

[28]

Maxime Montoya, Simone Bacles-Min, Anca Molnos, and Jacques J.A. Fournier. 2018. SWARD: A Secure WAke-up RaDio Against Denial-of-Service on IoT Devices. In Proceedings of the 11th ACM Conference on Security & Privacy in Wireless and Mobile Networks (WiSec '18). ACM, New York, NY, USA, 190--195.

Digital Library

[29]

Mariella Moon. 2016. Software bug forced Nest thermostats offline. http://engt.co/1Oskqsf

[30]

Lily Hay Newman. 2018. Turning an Echo Into a Spy Device Only Took Some Clever Coding. https://www.wired.com/story/amazon-echo-alexa-skill-spying

[31]

Johannes Obermaier and Martin Hutle. 2016. Analyzing the Security and Privacy of Cloud-based Video Surveillance Systems. In Proceedings of the 2Nd ACM International Workshop on IoT Privacy, Trust, and Security (IoTPTS '16). ACM, New York, NY, USA, 22--28.

Digital Library

[32]

Sankardas Roy, Mauro Conti, Sanjeev Setia, and Sushil Jajodia. 2014. Secure data aggregation in wireless sensor networks: Filtering out the attacker's impact. IEEE Transactions on Information Forensics and Security 9, 4 (2014), 681--694.

Digital Library

[33]

Savio Sciancalepore, Gabriele Oligeri, and Roberto Di Pietro. 2018. Strength of Crowd (SOC) Defeating a Reactive Jammer in IoT with Decoy Messages. Sensors 18, 10 (2018), 3492.

[34]

Vitaly Shmatikov and Ming-Hsiu Wang. 2006. Timing analysis in low-latency mix networks: Attacks and defenses., 18--33 pages.

Digital Library

[35]

Sandra Siby, Rajib Ranjan Maiti, and Nils Ole Tippenhauer. 2017. IoTScanner: Detecting Privacy Threats in IoT Neighborhoods. In Proceedings of the 3rd ACM International Workshopon IoT Privacy, Trust, and Security (IoTPTS '17). ACM, New York, NY, USA, 23--30.

Digital Library

[36]

Amit Kumar Sikder, Hidayet Aksu, and A Selcuk Uluagac. 2017. 6thsense: A context-aware sensor-based attack detector for smart devices.

[37]

Amit Kumar Sikder, Giuseppe Petracca, Hidayet Aksu, Trent Jaeger, and A Selcuk Uluagac. 2018. A Survey on Sensor-based Threats to Internet-of-Things (IoT) Devices and Applications. https://arxiv.org/pdf/1802.02041.pdf

[38]

Saleh Soltan, Prateek Mittal, and H Vincent Poor. 2018. BlackIoT: IoT Botnet of high wattage devices can disrupt the power grid. In Proc. USENIX Security, Vol. 18. USENIX, Baltimore, MD, 15--32.

Digital Library

[39]

A. S. Uluagac, V. Subramanian, and R. Beyah. 2014. Sensory channel threats to Cyber Physical Systems: A wake-up call. In 2014 IEEE Conference on Communications and Network Security. IEEE, San Francisco, CA, 301--309.

[40]

Mathy Vanhoef and Frank Piessens. 2014. Advanced Wi-Fi Attacks Using Commodity Hardware. In Proceedings of the 30th Annual Computer Security Applications Conference (ACSAC '14). ACM, New York, NY, USA, 256--265.

Digital Library

[41]

Mathy Vanhoef and Frank Piessens. 2015. All Your Biases Belong to Us: Breaking RC4 in WPA-TKIP and TLS., 97--112 pages.

Digital Library

[42]

Mathy Vanhoef and Frank Piessens. 2016. Predicting, Decrypting, and Abusing WPA2/802.11 Group Keys., 673--688 pages.

Digital Library

[43]

Mathy Vanhoefand Frank Piessens. 2017. Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS '17). ACM, New York, NY, USA, 1313--1328.

Digital Library

[44]

Mathy Vanhoef and Frank Piessens. 2018. Release the Kraken: New KRACKs in the 802.11 Standard. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS '18). ACM, New York, NY, USA, 299--314.

Digital Library

[45]

WikiLeaks. 2018. Vault 7: Detailed Notes regarding Samsung F8000 Smart TV networking. https://wikileaks.org/ciav7p1/cms/page_13205592.html

[46]

Matthias Wilhelm, Ivan Martinovic, Jens B. Schmitt, and Vincent Lenders. 2011. Short Paper: Reactive Jamming in Wireless Networks: How Realistic is the Threat?. In Proceedings of the Fourth ACM Conference on Wireless Network Security (WiSec '11). ACM, New York, NY, USA, 47--52.

Digital Library

[47]

Daniel Wood, Noah Apthorpe, and Nick Feamster. 2017. Cleartext Data Transmissions in Consumer IoT Medical Devices. In Proceedings of the 2017 Workshop on Internet of Things Security and Privacy (IoT S&P '17). ACM, New York, NY, USA, 7--12.

Digital Library

[48]

Charles V Wright, Scott E Coull, and Fabian Monrose. 2009. Traffic Morphing: An Efficient Defense Against Statistical Traffic Analysis.

[49]

Kevin Wu and Brent Lagesse. 2019. Do You See What I See? Detecting Hidden Streaming Cameras Through Similarity of Simultaneous Observation. https://faculty.washington.edu/lagesse/publications/SSO.pdf

[50]

Hiroto Yasuura, Chong-Min Kyung, Yongpan Liu, and Youn-Long Lin. 2018. Smart sensors at the IoT frontier.

[51]

Nan Zhang, Soteris Demetriou, Xianghang Mi, Wenrui Diao, Kan Yuan, Peiyuan Zong, Feng Qian, XiaoFeng Wang, Kai Chen, Yuan Tian, Carl A. Gunter, Kehuan Zhang, Patrick Tague, and Yue-Hsun Lin. 2017. Understanding IoT Security Through the Data Crystal Ball: Where We Are Now and Where We Are Going to Be. http://arxiv.org/abs/1703.09809

Cited By

Adel AJan T(2024)Watch the Skies: A Study on Drone Attack Vectors, Forensic Approaches, and Persisting Security ChallengesFuture Internet10.3390/fi1607025016:7(250)Online publication date: 13-Jul-2024
https://doi.org/10.3390/fi16070250
Brown AHarkin DTanczer L(2024)Safeguarding the “Internet of Things” for Victim-Survivors of Domestic and Family Violence: Anticipating Exploitative Use and Encouraging Safety-by-DesignViolence Against Women10.1177/10778012231222486Online publication date: 2-Jan-2024
https://doi.org/10.1177/10778012231222486
Fu CDu XZeng QZhao ZZuo FDi JKim YKim JKoushanfar FRasmussen K(2024)Seeing Is Believing: Extracting Semantic Information from Video for Verifying IoT EventsProceedings of the 17th ACM Conference on Security and Privacy in Wireless and Mobile Networks10.1145/3643833.3656124(101-112)Online publication date: 27-May-2024
https://dl.acm.org/doi/10.1145/3643833.3656124
Show More Cited By

Index Terms

Blinded and confused: uncovering systemic flaws in device telemetry for smart-home internet of things
1. Security and privacy

Recommendations

The Confused Deputy and the Domain Hijacker

The author discusses a common Gmail vulnerability, cross-site request forgery. During the time a user is authenticated to an online application, such as Web mail, the user's browser can be coerced into making authenticated requests to the application on ...
Combined Attack on Blinded Fault Resistant Exponentiation Algorithm and Efficient Countermeasure
CIS '15: Proceedings of the 2015 11th International Conference on Computational Intelligence and Security (CIS)

Recently, passive information leakage and active fault injection are widely utilized to conduct attacks and these attacks have become a serious threat to most cryptosystems such as RSA. In order to ensure the security, many exponentiation algorithms ...
Cached and confused: web cache deception in the wild
SEC'20: Proceedings of the 29th USENIX Conference on Security Symposium

Web cache deception (WCD) is an attack proposed in 2017, where an attacker tricks a caching proxy into erroneously storing private information transmitted over the Internet and subsequently gains unauthorized access to that cached data. Due to the ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

WiSec '19: Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks

May 2019

359 pages

ISBN:9781450367264

DOI:10.1145/3317549

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

In-Cooperation

SIGMOBILE: ACM Special Interest Group on Mobility of Systems, Users, Data and Computing

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 May 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Badges

Best Paper

Qualifiers

Research-article

Conference

WiSec '19

Sponsor:

SIGSAC

WiSec '19: 12th ACM Conference on Security and Privacy in Wireless and Mobile Networks

May 15 - 17, 2019

Florida, Miami

Acceptance Rates

Overall Acceptance Rate 98 of 338 submissions, 29%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

26
Total Citations
View Citations
817
Total Downloads

Downloads (Last 12 months)51
Downloads (Last 6 weeks)5

Reflects downloads up to 09 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Adel AJan T(2024)Watch the Skies: A Study on Drone Attack Vectors, Forensic Approaches, and Persisting Security ChallengesFuture Internet10.3390/fi1607025016:7(250)Online publication date: 13-Jul-2024
https://doi.org/10.3390/fi16070250
Brown AHarkin DTanczer L(2024)Safeguarding the “Internet of Things” for Victim-Survivors of Domestic and Family Violence: Anticipating Exploitative Use and Encouraging Safety-by-DesignViolence Against Women10.1177/10778012231222486Online publication date: 2-Jan-2024
https://doi.org/10.1177/10778012231222486
Fu CDu XZeng QZhao ZZuo FDi JKim YKim JKoushanfar FRasmussen K(2024)Seeing Is Believing: Extracting Semantic Information from Video for Verifying IoT EventsProceedings of the 17th ACM Conference on Security and Privacy in Wireless and Mobile Networks10.1145/3643833.3656124(101-112)Online publication date: 27-May-2024
https://dl.acm.org/doi/10.1145/3643833.3656124
Hu TDubois DChoffnes DMontpetit MLeivadeas AUhlig SJaved M(2023)BehavIoT: Measuring Smart Home IoT Behavior Using Network-Inferred Behavior ModelsProceedings of the 2023 ACM on Internet Measurement Conference10.1145/3618257.3624829(421-436)Online publication date: 24-Oct-2023
https://dl.acm.org/doi/10.1145/3618257.3624829
He YHe QFang SLiu YMeng WJensen CCremers CKirda E(2023)When Free Tier Becomes Free to Enter: A Non-Intrusive Way to Identify Security Cameras with no Cloud SubscriptionProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3623083(651-665)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3623083
Altarrazi SSzydlo TDustdar SSrirama SRanjan R(2023)Addressing the Faults Landscape in the Internet of Things: Toward Datacentric and System ResilienceIEEE Internet Computing10.1109/MIC.2023.330050827:6(43-51)Online publication date: 1-Nov-2023
https://dl.acm.org/doi/10.1109/MIC.2023.3300508
OConnor TJessee DCampos D(2023)Towards Examining The Security Cost of Inexpensive Smart Home IoT Devices2023 IEEE 47th Annual Computers, Software, and Applications Conference (COMPSAC)10.1109/COMPSAC57700.2023.00196(1293-1298)Online publication date: Jun-2023
https://doi.org/10.1109/COMPSAC57700.2023.00196
Olsen SOConnor T(2023)Toward a Labeled Dataset of IoT Malware Features2023 IEEE 47th Annual Computers, Software, and Applications Conference (COMPSAC)10.1109/COMPSAC57700.2023.00123(924-933)Online publication date: Jun-2023
https://doi.org/10.1109/COMPSAC57700.2023.00123
Gupta ACampos DGaneriwala PBhattacharyya SOConnor TDcosta A(2023)Modeling Internet-of-Things (IoT) Behavior for Enforcing Security and Privacy PoliciesIntelligent Computing10.1007/978-3-031-37717-4_95(1451-1473)Online publication date: 1-Sep-2023
https://doi.org/10.1007/978-3-031-37717-4_95
Peng AFang DZhou Wvan der Kouwe ELi YZhang Y(2023)CEFI: Command Execution Flow Integrity for Embedded DevicesDetection of Intrusions and Malware, and Vulnerability Assessment10.1007/978-3-031-35504-2_12(235-255)Online publication date: 12-Jul-2023
https://dl.acm.org/doi/10.1007/978-3-031-35504-2_12
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents