Security Vulnerabilities in Consumer IoT Applications

被引:15
|
作者
Shakdher, Arjun [1 ]
Agrawal, Suyash [1 ]
Yang, Baijian [1 ]
机构
[1] Purdue Univ, Dept CIT, W Lafayette, IN 47907 USA
来源
2019 IEEE 5TH INTL CONFERENCE ON BIG DATA SECURITY ON CLOUD (BIGDATASECURITY) / IEEE INTL CONFERENCE ON HIGH PERFORMANCE AND SMART COMPUTING (HPSC) / IEEE INTL CONFERENCE ON INTELLIGENT DATA AND SECURITY (IDS) | 2019年
关键词
Terms IoT; Application Security; Vulnerability; Man-in-the-middle attack; Penetration Test; INTERNET; THINGS; PRIVACY;
D O I
10.1109/BigDataSecurity-HPSC-IDS.2019.00012
中图分类号
TP18 [人工智能理论];
学科分类号
081104 ; 0812 ; 0835 ; 1405 ;
摘要
Extensive penetration testing to IoT applications was conducted in this work to discover the vulnerabilities. In addition to the study the most vulnerable security flaws defined by the Open Web Application Security Project (OWASP), this work also tested a set of man-in-the-middle attacks exploiting found vulnerabilities. It is discovered that a wide range of IoT apps in smart homes, security system, health-care and connected cars are susceptible to a set of attacks, and some of those apps have over 1 million downloads. Countermeasures were proposed as recommendations to secure the apps for IoT devices.
引用
收藏
页码:1 / 6
页数:6
相关论文
共 50 条
  • [31] Systematically Evaluating Security and Privacy for Consumer IoT Devices
    Loi, Franco
    Sivanathan, Arunan
    Gharakheili, Hassan Habibi
    Radford, Adam
    Sivaraman, Vijay
    PROCEEDINGS OF THE 2017 WORKSHOP ON INTERNET OF THINGS SECURITY AND PRIVACY (IOT S&P'17), 2017, : 1 - 6
  • [32] Demystifying IoT Security: An Exhaustive Survey on IoT Vulnerabilities and a First Empirical Look on Internet-Scale IoT Exploitations
    Neshenko, Nataliia
    Bou-Harb, Elias
    Crichigno, Jorge
    Kaddoum, Georges
    Ghani, Nasir
    IEEE COMMUNICATIONS SURVEYS AND TUTORIALS, 2019, 21 (03): : 2702 - 2733
  • [33] An Empirical Investigation of Security Vulnerabilities within Web Applications
    Abunadi, Ibrahim
    Alenezi, Mamdouh
    JOURNAL OF UNIVERSAL COMPUTER SCIENCE, 2016, 22 (04) : 537 - 551
  • [34] Serverless Security Analysis for IoT Applications
    Ortega Candel, Jose Manuel
    Mora Gimeno, Francisco Jose
    Mora Mora, Higinio
    PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON UBIQUITOUS COMPUTING & AMBIENT INTELLIGENCE (UCAMI 2022), 2023, 594 : 393 - 400
  • [35] Security Analysis for SmartThings IoT Applications
    Schmeidl, Florian
    Nazzal, Bara'
    Alalfi, Manar H.
    2019 IEEE/ACM 6TH INTERNATIONAL CONFERENCE ON MOBILE SOFTWARE ENGINEERING AND SYSTEMS (MOBILESOFT 2019), 2019, : 25 - 29
  • [36] Security of Web Applications: Threats, Vulnerabilities, and Protection Methods
    Mohammed, Asma
    Alkhathami, Jamilah
    Alsuwat, Hatim
    Alsuwat, Emad
    INTERNATIONAL JOURNAL OF COMPUTER SCIENCE AND NETWORK SECURITY, 2021, 21 (08): : 167 - 176
  • [37] IoT Cloud Security Review: A Case Study Approach Using Emerging Consumer-oriented Applications
    Chen, Fei
    Luo, Duming
    Xiang, Tao
    Chen, Ping
    Fan, Junfeng
    Hong-Linh Truong
    ACM COMPUTING SURVEYS, 2021, 54 (04)
  • [38] Security ICs are targeting consumer applications
    Vollmer, A., 2000, Penton Publishing Co. (48)
  • [39] Security ICs are targeting consumer applications
    Vollmer, A
    ELECTRONIC DESIGN, 2000, 48 (23) : 105 - +
  • [40] Proposing a Modeling Framework for Minimizing Security Vulnerabilities in IoT Systems in the Healthcare Domain
    Wortman, Paul A.
    Tehranipoor, Fatemeh
    Karimian, Nima
    Chandy, John A.
    2017 IEEE EMBS INTERNATIONAL CONFERENCE ON BIOMEDICAL & HEALTH INFORMATICS (BHI), 2017, : 185 - 188
12345