Tagged: internet of things Toggle Comment Threads | Keyboard Shortcuts

  • case

    case 4:56 pm on November 8, 2016 Permalink
    Tags: chain reaction, exploit, internet of things, , safety, , zigbee   

    IoT Goes Nuclear: Creating a ZigBee Chain Reaction 

    chainreaction

    A nice little paper came out about creating IoT worms. Definitely a read if you’re interested in IoT Security and big wave attacks. Personally I’m not a big fan of ZigBee (security, building with it, ect.) and it’s nice to see a paper like this. We’ve been warned about this forever. Now we’ll see lots of people playing with the exploits.

    Full page is here: http://iotworm.eyalro.net/ excerpts and link to full paper below:

    Creating an IoT worm

    Within the next few years, billions of IoT devices will densely populate our cities.
    In this paper we describe a new type of threat in which adjacent IoT devices will infect each other with a worm that will spread explosively over large areas in a kind of nuclear chain reaction, provided that the density of compatible IoT devices exceeds a certain critical mass. In particular, we developed and verified such an infection using the popular Philips Hue smart lamps as a platform.

    The worm spreads by jumping directly from one lamp to its neighbors, using only their built-in ZigBee wireless connectivity and their physical proximity. The attack can start by plugging in a single infected bulb anywhere in the city, and then catastrophically spread everywhere within minutes, enabling the attacker to turn all the city lights on or off, permanently brick them, or exploit them in a massive DDOS attack. To demonstrate the risks involved, we use results from percolation theory to estimate the critical mass of installed devices for a typical city such as Paris whose area is about 105 square kilometers: The chain reaction will fizzle if there are fewer than about 15,000 randomly located smart lights in the whole city, but will spread everywhere when the number exceeds this critical mass (which had almost certainly been surpassed already).

    To make such an attack possible, we had to find a way to remotely yank already installed lamps from their current networks, and to perform over-the-air firmware updates. We overcame the first problem by discovering and exploiting a major bug in the implementation of the Touchlink part of the ZigBee Light Link protocol, which is supposed to stop such attempts with a proximity test. To solve the second problem, we developed a new version of a side channel attack to extract the global AES-CCM key that Philips uses to encrypt and authenticate new firmware. We used only readily available equipment costing a few hundred dollars, and managed to find this key without seeing any actual updates. This demonstrates once again how difficult it is to get security right even for a large company that uses standard cryptographic techniques to protect a major product.

    Possible Worm applications

    Bricking attack

    An attacker can use the worm for a city-wide bricking attack. The malicious firmware can disable additional firmware downloads, and thus any effect caused by the worm (blackout, constant flickering, etc.) will be permanent. There is no other method of reprogramming these devices without full disassemble (which is not feasible). Any old stock would also need to be recalled, as any devices with vulnerable firmware can be infected as soon as power is applied.

    Wireless network jamming

    The IEEE 802.15.4 standard which ZigBee runs over uses the 2.4GHz ISM (Industrial, Scientific, Medical) license-free band. This band is widely used by many standards, including IEEE 802.11b/g (n mode supports both 2.4GHz and 5GHz bands). These 802.15.4 SoC devices have a special `test mode’ which transmits a continuous wave signal that is used during the FCC/CE emission certification process. This test signal can be tuned to overlap on any of the 2.4 GHz 802.11 channels (or sweep between them), and can be used as a very effective jammer. Using many infected lamps at once, WiFi communication (or any other 2.4 GHz transmissions) could be disrupted in the whole city.

    Attacking the electric grid

    All the city’s smart lamps can be scheduled to simultaneously turn on and off multiple times. The sudden changes in power consumption can have a detrimental effect on the electric grid.

    Causing epileptic seizures

    By repeatedly flashing the lights at the right frequency, it is possible to induce epileptic seizures in photosensitive people on a large scale.

    Full results described in the following paper:
    IoT Goes Nuclear: Creating a ZigBee Chain Reaction [PDF, 6.7MB]
    Eyal Ronen, Colin O’Flynn, Adi Shamir and Achi-Or Weingarten

     
  • case

    case 5:21 am on November 2, 2016 Permalink
    Tags: , hacking, internet of things, ,   

    Unsecured Internet of Things gadgets get hacked within 40 minutes of being connected to the net 

    unsecured-internet-of-things-gadgets-get-hacked-within-40-minutes-of-being-connected-to-the-net-_-boing-boing

    “The Atlantic’s Andrew McGill set up a virtual server on Amazon’s cloud that presented to the internet as a crappy, insecure Internet of Things toaster; 41 minutes later, a hacked IoT device connected to it and tried to hack it. Within a day, the “toaster” had been hacked more than 300 times.”

    http://boingboing.net/2016/10/31/unsecured-internet-of-things-g.html

    This reminds me of old WordPress installations!

     
  • case

    case 5:13 am on November 2, 2016 Permalink
    Tags: , internet of things, , , , weapons   

    The Weapons in Your Home. 

    Yes, you. Everyone that has an unsecured connected device without a good password is a contributor to current and future DDoS attacks at unheard of volumes.

    That cute little thermostat or security camera you own? It’s a weapon. And it’s not so cute after all.

    rope-snap
    Image orignally used on https://www.neustar.biz/blog/category/internet-of-things

     
  • case

    case 9:00 pm on October 25, 2016 Permalink
    Tags: internet of things, ,   

    Europe to Push New Security Rules Amid IoT Mess 

    “According to a report at Euractiv.com, the Commission is planning the new IoT rules as part of a new plan to overhaul the European Union’s telecommunications laws. “The Commission would encourage companies to come up with a labeling system for internet-connected devices that are approved and secure,” wrote Catherine Stupp. “The EU labelling system that rates appliances based on how much energy they consume could be a template for the cybersecurity ratings.” ”

    Europe to Push New Security Rules Amid IoT Mess

     
c
compose new post
j
next post/next comment
k
previous post/previous comment
r
reply
e
edit
o
show/hide comments
t
go to top
l
go to login
h
show/hide help
shift + esc
cancel