security analysis of emerging smart home applications
play

Security Analysis of Emerging Smart Home Applications Earlence - PowerPoint PPT Presentation

Nov 08, 2023 •137 likes •502 views

Security Analysis of Emerging Smart Home Applications Earlence Fernandes, Jaeyeon Jung, Atul Prakash IEEE Security and Privacy 24 May 2016 Smart Door Locks CO Sensors Connected Ovens Smart Plugs IP Cameras Emerging Smart Home Frameworks

  1. Security Analysis of Emerging Smart Home Applications Earlence Fernandes, Jaeyeon Jung, Atul Prakash IEEE Security and Privacy 24 May 2016

  2. Smart Door Locks CO Sensors Connected Ovens Smart Plugs IP Cameras Emerging Smart Home Frameworks Smart TVs 2

  3. Potential Security Risks Current Vulnerabilities Devices Protocols Remotely determine prime time for Flooding [1] OR Burglary [1,2] These attacks are device-specific, and require proximity to the home [1] Denning et al., Computer Security and the Modern Home, CACM’13 3 [2] FTC Internet of Things Report’15

  4. In what ways are these emerging, programmable smart homes vulnerable to attacks, and what do those attacks entail? 4

  5. Analysis of SmartThings Access Control • Why SmartThings? • Relatively Mature (2012) • 521 SmartApps • 132 device types Trigger-Action • Shares design principles with other existing, nascent frameworks Programming • Methodology • Examine security from 5 perspectives by constructing test apps to exercise SmartThings API • Empirical analysis of 499 apps to determine security issue prevalence • Proof of concept attacks that compose security flaws 5

  6. Analysis of SmartThings – Results Overview Security Analysis Area Finding Overprivilege in Apps Two Types of Automatic Overprivilege Event System Security Event Snooping and Spoofing Third-party Integration Safety Incorrect OAuth Can Lead to Attacks External Input Sanitization Groovy Command Injection Attacks API Access Control No Access Control around SMS/Internet API > 40% of apps exhibit overprivilege of Empirical Analysis of 499 Apps atleast one type Pincode Injection and Snooping, Disabling Proof of Concept Attacks Vacation Mode, Fake Fire Alarms 6

  7. SmartThings Primer SmartThings Cloud Platform Capability Groovy-Based Groovy-Based HTTPS System GET/PUT Sandbox Sandbox SmartDevice SmartApp [Cmd/Attr] Internet API [Events] SMS API WiFi Configure SmartThings Companion App Control ZWave 7

  8. Capability System Send commands ZWave Lock SmartDevice Untrusted Read/set attributes SmartApp Receive events capability.lock capability.lockCodes capability.battery Capability Commands Attributes … capability.lock lock(), unlock() lock (lock status) capability.battery N/A battery (battery status) Security Ease of Development Usability Very Granular Capabilities Expressive Functionality Simpler Coarser Capabilities 8

  9. SmartApps request Capabilities de defini nition (name: “DemoApp”, namespace: “com.testing”, category: “Utility”) //query the user for capabilities preference ces { sect ction (“Battery-Powered Devices”) { in input “dev”, “capability.battery”, title: “Select battery powered devices you wish to authorize”, multiple: true } } … Device Enumeration 9

  10. Overprivilege in SmartApps SmartThings Cloud Platform Capability Groovy-Based Groovy-Based HTTPS System GET/PUT Sandbox Sandbox SmartDevice SmartApp [Cmd/Attr] Internet API [Events] SMS API WiFi Configure SmartThings Companion App Control ZWave 10

  11. Overprivilege in SmartApps Coarse-Grained Capabilities Coarse SmartApp-SmartDevice Binding SmartApp input “dev”, “capability.battery” • “Auto-lock” app from app store • Only needs “lock” command, but SmartDevice1 SmartDevice2 [ZWave Lock] [Smoke Sensor] can also issue “unlock” capability.battery capability.battery capability.lock capability.smoke capability.refresh capability.refresh Overprivilege Increases Attack Surface of the Home Physical Lock Physical Smoke Sensor 11

  12. Insufficient Event Data Protection SmartThings Cloud Platform Capability Groovy-Based Groovy-Based HTTPS System GET/PUT Sandbox Sandbox SmartDevice SmartApp [Cmd/Attr] Internet API [Events] SMS API WiFi Configure SmartThings Companion App Control ZWave 12

  13. Insufficient Event Data Protection subscribe dev, “door.unlock”, handler ZWave Door Lock SmartApp 71c9344e-6bea-4ae8-993a-28a7817a7d9e handler(EventData: {unlocked, time: 9AM}) • Once a SmartApp gains any capability for a device, it can subscribe to any event that device generates • If a SmartApp acquires the 128-bit ID, then it can monitor all events of that device without gaining any of the capabilities the device supports • Using the 128-bit ID, a SmartApp can spoof physical device events 13

  14. Insufficient Event Data Protection subscribe dev, “door.unlock”, handler ZWave Door Lock SmartApp 71c9344e-6bea-4ae8-993a-28a7817a7d9e handler(EventData: {unlocked, time: 9AM}) • Can lead to leakage of confidential information • Spoofed Events can lead to Apps/Devices taking incorrect actions 14

  15. Other Potential Security Issues - OAuth SmartThings Cloud Platform Capability Groovy-Based Groovy-Based HTTPS System Sandbox Sandbox GET/PUT SmartDevice SmartApp [Cmd/Attr] Internet API [Events] SMS API • Insecurity of Third-Party Integration: SmartApps expose HTTP endpoints protected by OAuth; Incorrect implementation can lead to remote attacks [1] [1] Chen et al., OAuth Demystified for Mobile Application Developers, CCS’14 15

  16. Other Potential Security Issues - OAuth SmartThings Cloud Platform Capability Groovy-Based Groovy-Based HTTPS System Sandbox Sandbox GET/PUT SmartDevice SmartApp [Cmd/Attr] Internet API [Events] SMS API • Unsafe use of Groovy Dynamic de def foo() { … } Method Invocation: Apps can be de def str = “foo” tricked into performing unintended “$str”() actions 16

  17. Other Potential Security Issues – Unrestricted External Communication APIs SmartThings Cloud Platform Capability Groovy-Based Groovy-Based HTTPS System Sandbox Sandbox GET/PUT SmartDevice SmartApp [Cmd/Attr] Internet API [Events] SMS API • Unrestricted Communication Abilities: SMS and Internet; Can be used to leak data arbitrarily 17

  18. Computing Overprivilege Coarse-Grained Capabilities Coarse SmartApp-SmartDevice Binding Requested Granted Cmds/Attrs Capabilities Used Used Cmds/Attrs Capabilities 18

  19. Measuring Overprivilege in SmartApps Challenge Solution • Incomplete capability details • Discovered an unpublished REST (commands/attributes) endpoint, which, if given a device ID, returns capability details • Study source code of apps from • SmartThings is closed source; open-source app store instead can’t do instrumentation • Static analysis on AST • Groovy is extremely dynamic; Bytecode uses reflection (Groovy Meta Object Protocol) 19

  20. Empirical Analysis Results Documented Completed Commands 65 93 Attributes 60 85 Reason for Overprivilege Number of Apps Coarse-grained Capability 276 (55%) Coarse SmartApp-SmartDevice 213 (43%) Binding Overprivilege Usage 68 (14%) Prevalence (Coarse Binding) 20

  21. Exploiting Design Flaws in SmartThings Command OAuth Unrestricted Event Overprivilege Injection Compromise SMS API Spoofing Disabling Pincode Pincode Fake CO Vacation Injection Snooping Alarm Mode Popular Existing SmartApp Stealthy malware SmartApp; Malware SmartApps with no capabilities; with Android companion ONLY requests Misuses logic of existing SmartApps with fake app; Unintended action of capability.battery events setCode() on lock 21

  22. Potential Defense Strategies • Achieving least-privilege in SmartApps • Risk asymmetry in device operations, e.g., oven.on and oven.off • Include notions of risk from multiple stakeholders, rank [1], and regroup • Preventing information leakage from events • Provide a notion of strong identity for apps + access control on events • Make apps request access to certain types of events, e.g., lock pincode ACKs [1] Felt et al., I’ve got 99 problems, but vibration ain’t one: A survey of smartphone users’ concerns, SPSM’12 22

  23. Summary • First look at the security design of a programmable smart home platform : Samsung SmartThings; Challenge: Blackbox Cloud System • Two security design issues : • Overprivilege: Coarse grained capabilities, and Coarse SmartApp-SmartDevice Binding • Insecure Events: Apps do not need special privileges to access sensitive info • Empirical Analysis : 55% of apps do not use all operations their capabilities imply; 43% get capabilities they did not explicitly request • Four PoC attacks that combine various security design issues • These attacks are device independent, and long-range • Security Improvements: Notified SmartThings in Dec 2015; Improvements in vetting process and developer best practices for Groovy Strings (Apr 2016); Discussion on improvements to capability system (May 2016) 23

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

SECURITY ANALYSIS OF EMERGING SMART HOME APPLICATIONS Earlence Fernandes, Jaeyeon jung, Atul

SECURITY ANALYSIS OF EMERGING SMART HOME APPLICATIONS Earlence Fernandes, Jaeyeon jung, Atul

SECURITY ANALYSIS OF EMERGING SMART HOME APPLICATIONS Earlence Fernandes, Jaeyeon jung, Atul Prakash Presented by Surya Mani Content Motivation Related Work SmartThings-Big Picture Security Analysis Proof-of-concept attacks

858 views • 30 slides
Security Analysis of Emerging Smart Home Applica6ons Earlence Fernandes, Jaeyeon Jung, Atul

Security Analysis of Emerging Smart Home Applica6ons Earlence Fernandes, Jaeyeon Jung, Atul

Security Analysis of Emerging Smart Home Applica6ons Earlence Fernandes, Jaeyeon Jung, Atul Prakash Presented by: Gohar Irfan Chaudhry IEEE Security and Privacy 24 May 2016 Smart Door Locks nsors Connected Ovens Plugs IP Cameras Emerging

484 views • 31 slides
SoK: Security Evaluation of Home-based IoT Deployments Omar Alrawi , Chaz Lever, Fabian Monrose,

SoK: Security Evaluation of Home-based IoT Deployments Omar Alrawi , Chaz Lever, Fabian Monrose,

SoK: Security Evaluation of Home-based IoT Deployments Omar Alrawi , Chaz Lever, Fabian Monrose, Manos Antonakakis 1 2 Alexa, unlock the front door. 3 Internet of Things 4 5 Prior Work Security Analysis of Emerging Smart Home

592 views • 22 slides
Security Architecture for the Smart Home Jacob Fahrenkrug, CTO at yetu AG

Security Architecture for the Smart Home Jacob Fahrenkrug, CTO at yetu AG

Security Architecture for the Smart Home Jacob Fahrenkrug, CTO at yetu AG jacob.fahrenkrug@yetu.com http://yetu.com twitter: @yetuAG, @jacobfahrenkrug 2 Definition of Smart Home 3 Smart Home is not home automation! 4 5 6

243 views • 23 slides
Power Consumption Analysis and Hardware Security Arnaud Tisserand CNRS, Lab-STICC laboratory

Power Consumption Analysis and Hardware Security Arnaud Tisserand CNRS, Lab-STICC laboratory

Power Consumption Analysis and Hardware Security Arnaud Tisserand CNRS, Lab-STICC laboratory Cergy, December 2017 Applications with Security Needs Applications : smart cards, computers, Internet, telecommunications, set-top boxes, data storage,

763 views • 63 slides
Home Security and Automation On The Road And At Home Eric McHenry (#2242) Region 12 // Greater

Home Security and Automation On The Road And At Home Eric McHenry (#2242) Region 12 // Greater

Home Security and Automation On The Road And At Home Eric McHenry (#2242) Region 12 // Greater Bay Area Airstream Club eric.mchenry@airstreamclub.net Topics Security and automation objectives Traditional vs. emerging home security and

594 views • 31 slides
Section 8: Smart Home Security & Privacy CSE 484 / CSE M 584 Administrivia May 22 nd May 29

Section 8: Smart Home Security & Privacy CSE 484 / CSE M 584 Administrivia May 22 nd May 29

Section 8: Smart Home Security & Privacy CSE 484 / CSE M 584 Administrivia May 22 nd May 29 th June 8 th Lab 2 Due HW 3 & Final Project Checkpoint Final Project Due #2 Due Memorial Day Lab 3 Due May 25 th June 5 th The Smart Home

760 views • 31 slides
APPLYING SMART CARDS FOR SECURITY CRITICAL MOBILE APPLICATIONS Michael Hlzl Institut of

APPLYING SMART CARDS FOR SECURITY CRITICAL MOBILE APPLICATIONS Michael Hlzl Institut of

APPLYING SMART CARDS FOR SECURITY CRITICAL MOBILE APPLICATIONS Michael Hlzl Institut of Networks and Security, JKU Linz PhD defense 2 nd of March 2018 14:15-15:45, Science Park 3 Room S3 218 MOTIVATION Trend towards security and

541 views • 28 slides
Quantifying and Clustering User-Centric Considerations About Smart Home Device Adoption Nat M.

Quantifying and Clustering User-Centric Considerations About Smart Home Device Adoption Nat M.

Do Privacy and Security Matter to Everyone? Quantifying and Clustering User-Centric Considerations About Smart Home Device Adoption Nat M. Barbosa , Zhuohao Zhang, Yang Wang The Smart Home Adoption-Concern Conundrum

639 views • 10 slides
What is a Loxone Smart Home? A Home That Takes Care Of Itself Life at home is like flying on

What is a Loxone Smart Home? A Home That Takes Care Of Itself Life at home is like flying on

What is a Loxone Smart Home? A Home That Takes Care Of Itself Life at home is like flying on autopilot! My Loxone Smart Home and I think alike. If I ever want to change something, a single press on a switch is enough. Simple To Use

95 views • 9 slides
Packet-Level Signatures for Smart Home Devices Rahmadi Trimananda, Janus Varmarken, Athina

Packet-Level Signatures for Smart Home Devices Rahmadi Trimananda, Janus Varmarken, Athina

Packet-Level Signatures for Smart Home Devices Rahmadi Trimananda, Janus Varmarken, Athina Markopoulou, and Brian Demsky Smart Home 2 Smart Home Smart Plugs 2 Smart Home Smart Plugs Light Bulbs 2 Smart Home Smart Plugs Light Bulbs

1.92k views • 146 slides
Is Anybody Home? Inferring Activity from Smart Home Network Traffic Bogdan Copos Matt Bishop

Is Anybody Home? Inferring Activity from Smart Home Network Traffic Bogdan Copos Matt Bishop

Is Anybody Home? Inferring Activity from Smart Home Network Traffic Bogdan Copos Matt Bishop Karl Levitt Jeff Rowe University of California, Davis 1 / 21 2 / 21 3 / 21 4 / 21 Security Many things can go wrong... malicious firmware

803 views • 36 slides
Smart Proactive Homes Live independently at home for longer ProActivated will turn your own

Smart Proactive Homes Live independently at home for longer ProActivated will turn your own

Smart Proactive Homes Live independently at home for longer ProActivated will turn your own home in a smart home. Combining new and innovative technology with our smart software allows your home to deliver support in your daily life.

428 views • 20 slides
Zigator: Analyzing the Security of Zigbee-Enabled Smart Homes Dimitrios-Georgios Akestoridis,

Zigator: Analyzing the Security of Zigbee-Enabled Smart Homes Dimitrios-Georgios Akestoridis,

Zigator: Analyzing the Security of Zigbee-Enabled Smart Homes Dimitrios-Georgios Akestoridis, Madhumitha Harishankar, Michael Weber, and Patrick Tague Carnegie Mellon University ACM WiSec 2020 Motivation Smart home network security affects

867 views • 64 slides
ZIPATILE SMART HOME ASSISTANT Security Thermostat Intercom Automation External Temp. Speaker

ZIPATILE SMART HOME ASSISTANT Security Thermostat Intercom Automation External Temp. Speaker

ZIPATILE SMART HOME ASSISTANT Security Thermostat Intercom Automation External Temp. Speaker IP Camera Shock Sensor Sensor ZIPATILE Alarm Siren Noise Sensor A L L I N O N E ZipaTile is the complete home control system in a form of

208 views • 18 slides
Security analysis of Dutch smart metering systems Sander Keemink and Bart Roos July 2, 2008 1 /

Security analysis of Dutch smart metering systems Sander Keemink and Bart Roos July 2, 2008 1 /

Security analysis of Dutch smart metering systems Security analysis of Dutch smart metering systems Sander Keemink and Bart Roos July 2, 2008 1 / 19 Security analysis of Dutch smart metering systems 1 Smart metering introduction 2 Theoretical

430 views • 19 slides
Uncovering Zero-Days and advanced fuzzing How to successfully get the tools to unlock UNIX and

Uncovering Zero-Days and advanced fuzzing How to successfully get the tools to unlock UNIX and

Uncovering Zero-Days and advanced fuzzing How to successfully get the tools to unlock UNIX and Windows Servers About the presentation Whoami Introduction 0days and the rush for public vulnerabilities And Advanced fuzzing techniques

432 views • 31 slides
Lec08: Remote Exploit Taesoo Kim 2 Scoreboard 3 NSA Codebreaker Challenges 4 Administrivia

Lec08: Remote Exploit Taesoo Kim 2 Scoreboard 3 NSA Codebreaker Challenges 4 Administrivia

1 Lec08: Remote Exploit Taesoo Kim 2 Scoreboard 3 NSA Codebreaker Challenges 4 Administrivia No class on Oct 28 If you are interested in, check out EKOPARTY CTF 2016 Due: Lab08 is out and its due on Nov 3 (two weeks!)

530 views • 21 slides
Tutorial on Adversarial Machine Learning with CleverHans Nicholas Carlini University of

Tutorial on Adversarial Machine Learning with CleverHans Nicholas Carlini University of

@NicolasPapernot Tutorial on Adversarial Machine Learning with CleverHans Nicholas Carlini University of California, Berkeley Nicolas Papernot Pennsylvania State University Did you git clone https://github.com/carlini/odsc_adversarial_nn ?

493 views • 46 slides
Discussion: Remote Timing Attacks are Practical 600.624 2/11/05 Outline Why are timing

Discussion: Remote Timing Attacks are Practical 600.624 2/11/05 Outline Why are timing

Discussion: Remote Timing Attacks are Practical 600.624 2/11/05 Outline Why are timing attacks important? Clarifications Zero-One Gap / Neighborhood Size etc. Problems Questions Extensions Contribution Discussion

645 views • 26 slides
A WMI S HELL A new way to get shells on remote Windows machines using only the WMI service LEXSI

A WMI S HELL A new way to get shells on remote Windows machines using only the WMI service LEXSI

A WMI S HELL A new way to get shells on remote Windows machines using only the WMI service LEXSI > CLIENT Andrei Dumitrescu Security Consultant, LEXSI S UMMARY Introduction Authenticated remote code execution (RCE) methods on

817 views • 32 slides
Scheduling Operating System Services PhD Planner Research Area: Operating Systems, Distributed

Scheduling Operating System Services PhD Planner Research Area: Operating Systems, Distributed

Scheduling Operating System Services PhD Planner Research Area: Operating Systems, Distributed Systems Stefan Bonfert | Ulm University Advisor: Stefan Wesner | Ulm University Slide 2 Scheduling Operating System Services | Stefan Bonfert

474 views • 15 slides
Consul: Discover your Services Oliver Fischer Jrg Mller @sweblogtweets @JoergM

Consul: Discover your Services Oliver Fischer Jrg Mller @sweblogtweets @JoergM

Consul: Discover your Services Oliver Fischer Jrg Mller @sweblogtweets @JoergM Jrg Mller @JoergM Hypoport AG Oliver Fischer @sweblogtweets E-Post Development GmbH Why are we talking about Consul? Distributed Systems

856 views • 44 slides
Flux: Practical Job Scheduling Dong H. Ahn, Ned Bass, Al Chu, Jim Garlick, Mark Grondona, Stephen

Flux: Practical Job Scheduling Dong H. Ahn, Ned Bass, Al Chu, Jim Garlick, Mark Grondona, Stephen

Flux: Practical Job Scheduling Dong H. Ahn, Ned Bass, Al Chu, Jim Garlick, Mark Grondona, Stephen Herbein , Tapasya Patki, Tom Scogland, Becky Springmeyer August 15, 2018 LLNL-PRES-757227 This work was performed under the auspices of the U.S.

956 views • 77 slides

More recommend