Security Vulnerabilities of Internet of Things: A Case Study of the Smart Plug System

With the rapid development of the Internet of Things, more and more small devices are connected into the Internet for monitoring and control purposes. One such type of devices, smart plugs, have been extensively deployed worldwide in millions of homes for home automation. These smart plugs, however,...

Full description

Saved in:
Bibliographic Details
Published in:IEEE internet of things journal 2017-12, Vol.4 (6), p.1899-1909
Main Authors: Ling, Zhen, Luo, Junzhou, Xu, Yiling, Gao, Chao, Wu, Kui, Fu, Xinwen
Format: Article
Language:English
Subjects:
Attacks
Authentication
Case studies
Communications systems
Computer hacking
Computer security
countermeasures
Cybersecurity
Devices
Firmware
Internet of Things
Internet of Things (IoT)
Launching
Plugs
Protocol (computers)
Servers
Spoofing
vulnerabilities
Vulnerability
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:With the rapid development of the Internet of Things, more and more small devices are connected into the Internet for monitoring and control purposes. One such type of devices, smart plugs, have been extensively deployed worldwide in millions of homes for home automation. These smart plugs, however, would pose serious security problems if their vulnerabilities were not carefully investigated. Indeed, we discovered that some popular smart home plugs have severe security vulnerabilities which could be fixed but unfortunately are left open. In this paper, we case study a smart plug system of a known brand by exploiting its communication protocols and successfully launching four attacks: 1) device scanning attack; 2) brute force attack; 3) spoofing attack; and 4) firmware attack. Our real-world experimental results show that we can obtain the authentication credentials from the users by performing these attacks. We also present guidelines for securing smart plugs.
ISSN:2327-4662
2327-4662
DOI:10.1109/JIOT.2017.2707465