Reverse Engineering IoT Devices: Effective Techniques and Methods

Omer Shwartz, Yael Mathov, Michael Bohadana, Yuval Elovici, Yossi Oren

Research output: Contribution to journalArticlepeer-review

28 Scopus citations

Abstract

Recent Internet of Things (IoT) botnet attacks have called the attention to the fact that there are many vulnerable IoT devices connected to the Internet today. Some of these Web-connected devices lack even basic security practices such as strong password authentication. As a consequence, many IoT devices are already infected with malware and many more are vulnerable to exploitation. In this paper we analyze the security level of 16 popular IoT devices. We evaluate several low-cost black-box techniques for reverse engineering these devices, including software and fault injection-based techniques used to bypass password protection. We use these techniques to recover device firmware and passwords. We also discover several common design flaws which lead to previously unknown vulnerabilities. We demonstrate the effectiveness of our approach by modifying a laboratory version of the Mirai botnet to automatically add these devices to a botnet. We also discuss how to improve the security of IoT devices without significantly increasing their cost or affecting their usability.

Original languageEnglish
Article number8488542
Pages (from-to)4965-4976
Number of pages12
JournalIEEE Internet of Things Journal
Volume5
Issue number6
DOIs
StatePublished - 1 Dec 2018

Keywords

  • Computer security
  • Internet of Things (IoT)
  • IoT application design
  • IoT standardization
  • IoT system architecture
  • IoT test-bed
  • Privacy
  • Reverse engineering

ASJC Scopus subject areas

  • Signal Processing
  • Information Systems
  • Hardware and Architecture
  • Computer Science Applications
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Reverse Engineering IoT Devices: Effective Techniques and Methods'. Together they form a unique fingerprint.

Cite this