Security Vulnerabilities in Consumer IoT Applications

被引：15

作者：

Shakdher, Arjun ^{[1
]}

Agrawal, Suyash ^{[1
]}

Yang, Baijian ^{[1
]}

机构：

[1] Purdue Univ, Dept CIT, W Lafayette, IN 47907 USA

来源：

2019 IEEE 5TH INTL CONFERENCE ON BIG DATA SECURITY ON CLOUD (BIGDATASECURITY) / IEEE INTL CONFERENCE ON HIGH PERFORMANCE AND SMART COMPUTING (HPSC) / IEEE INTL CONFERENCE ON INTELLIGENT DATA AND SECURITY (IDS) | 2019年

关键词：

Terms IoT; Application Security; Vulnerability; Man-in-the-middle attack; Penetration Test; INTERNET; THINGS; PRIVACY;

D O I：

10.1109/BigDataSecurity-HPSC-IDS.2019.00012

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

Extensive penetration testing to IoT applications was conducted in this work to discover the vulnerabilities. In addition to the study the most vulnerable security flaws defined by the Open Web Application Security Project (OWASP), this work also tested a set of man-in-the-middle attacks exploiting found vulnerabilities. It is discovered that a wide range of IoT apps in smart homes, security system, health-care and connected cars are susceptible to a set of attacks, and some of those apps have over 1 million downloads. Countermeasures were proposed as recommendations to secure the apps for IoT devices.

引用

页码：1 / 6

页数：6

共 50 条

[41] Analysis, Implications, and Challenges of an Evolving Consumer IoT Security Landscape
Bellman, Christopher
van Oorschot, Paul C.
2019 17TH INTERNATIONAL CONFERENCE ON PRIVACY, SECURITY AND TRUST (PST), 2019, : 230 - 236
[42] A Novel Hybrid Method to Analyze Security Vulnerabilities in Android Applications
Tang, Junwei
Li, Ruixuan
Wang, Kaipeng
Gu, Xiwu
Xu, Zhiyong
TSINGHUA SCIENCE AND TECHNOLOGY, 2020, 25 (05) : 589 - 603
[43] Finding security vulnerabilities in Java']Java applications with static analysis
Livshits, VB
Lam, MS
USENIX ASSOCIATION PROCEEDINGS OF THE 14TH USENIX SECURITY SYMPOSIUM, 2005, : 271 - 286
[44] A Novel Hybrid Method to Analyze Security Vulnerabilities in Android Applications
Junwei Tang
Ruixuan Li
Kaipeng Wang
Xiwu Gu
Zhiyong Xu
TsinghuaScienceandTechnology, 2020, 25 (05) : 589 - 603
[45] Security Update Labels: Establishing Economic Incentives for Security Patching of IoT Consumer Products
Morgner, Philipp
Mai, Christoph
Koschate-Fischer, Nicole
Freiling, Felix
Benenson, Zinaida
2020 IEEE SYMPOSIUM ON SECURITY AND PRIVACY (SP 2020), 2020, : 429 - 446
[46] Opinion: Security Lifetime Labels - Overcoming Information Asymmetry in Security of IoT Consumer Products
Morgner, Philipp
Freiling, Felix
Benenson, Zinaida
WISEC'18: PROCEEDINGS OF THE 11TH ACM CONFERENCE ON SECURITY & PRIVACY IN WIRELESS AND MOBILE NETWORKS, 2018, : 208 - 211
[47] Security Assessment of Agriculture IoT (AIoT) Applications
Kristen, Erwin
Kloibhofer, Reinhard
Diaz, Vicente Hernandez
Castillejo, Pedro
APPLIED SCIENCES-BASEL, 2021, 11 (13):
[48] Security Threats in the Application layer in IOT Applications
Swamy, Sowmya Nagasimha
Jadhav, Dipti
Kulkarni, Nikita
2017 INTERNATIONAL CONFERENCE ON I-SMAC (IOT IN SOCIAL, MOBILE, ANALYTICS AND CLOUD) (I-SMAC), 2017, : 477 - 480
[49] On the Security of Permissioned Blockchain Solutions for IoT Applications
Brotsis, Sotirios
Kolokotronis, Nicholas
Limniotis, Konstantinos
Shiaeles, Stavros
PROCEEDINGS OF THE 2020 6TH IEEE CONFERENCE ON NETWORK SOFTWARIZATION (NETSOFT 2020): BRIDGING THE GAP BETWEEN AI AND NETWORK SOFTWARIZATION, 2020, : 465 - 472
[50] VerificationTalk: A Verification and Security Mechanism for IoT Applications
Shieh, Min-Zheng
Lin, Yi-Bing
Hsu, Yin-Jui
SENSORS, 2021, 21 (22)

← 1 2 3 4 5 →