IoT hacking - A primer

Dorottya Papp, Kristóf Tamás, L. Buttyán

Research output: Article

Abstract

The Internet of Things (IoT) enables many new and exciting applications, but it also creates a number of new risks related to information security. Several recent attacks on IoT devices and systems illustrate that they are notoriously insecure. It has also been shown that a major part of the attacks resulted in full adversarial control over IoT devices, and the reason for this is that IoT devices themselves are weakly protected and they often cannot resist even the most basic attacks. Penetration testing or ethical hacking of IoT devices can help discovering and fixing their vulnerabilities that, if exploited, can result in highly undesirable conditions, including damage of expensive physical equipment or even loss of human life. In this paper, we give a basic introduction into hacking IoT devices. We give an overview on the methods and tools for hardware hacking, firmware extraction and unpacking, and performing basic firmware analysis. We also provide a survey on recent research on more advanced firmware analysis methods, including static and dynamic analysis of binaries, taint analysis, fuzzing, and symbolic execution techniques. By giving an overview on both practical methods and readily available tools as well as current scientific research efforts, our work can be useful for both practitioners and academic researchers.

Original languageEnglish
Pages (from-to)2-13
Number of pages12
JournalInfocommunications Journal
Volume11
Issue number2
Publication statusPublished - jan. 1 2019

Fingerprint

Firmware
Static analysis
Security of data
Dynamic analysis
Computer hardware
Internet of things
Testing

ASJC Scopus subject areas

  • Computer Science(all)
  • Electrical and Electronic Engineering

Cite this

Papp, D., Tamás, K., & Buttyán, L. (2019). IoT hacking - A primer. Infocommunications Journal, 11(2), 2-13.

IoT hacking - A primer. / Papp, Dorottya; Tamás, Kristóf; Buttyán, L.

In: Infocommunications Journal, Vol. 11, No. 2, 01.01.2019, p. 2-13.

Research output: Article

Papp, D, Tamás, K & Buttyán, L 2019, 'IoT hacking - A primer', Infocommunications Journal, vol. 11, no. 2, pp. 2-13.
Papp D, Tamás K, Buttyán L. IoT hacking - A primer. Infocommunications Journal. 2019 jan. 1;11(2):2-13.
Papp, Dorottya ; Tamás, Kristóf ; Buttyán, L. / IoT hacking - A primer. In: Infocommunications Journal. 2019 ; Vol. 11, No. 2. pp. 2-13.
@article{c53ffd898d3840d0a4cc0d142bbbaa79,
title = "IoT hacking - A primer",
abstract = "The Internet of Things (IoT) enables many new and exciting applications, but it also creates a number of new risks related to information security. Several recent attacks on IoT devices and systems illustrate that they are notoriously insecure. It has also been shown that a major part of the attacks resulted in full adversarial control over IoT devices, and the reason for this is that IoT devices themselves are weakly protected and they often cannot resist even the most basic attacks. Penetration testing or ethical hacking of IoT devices can help discovering and fixing their vulnerabilities that, if exploited, can result in highly undesirable conditions, including damage of expensive physical equipment or even loss of human life. In this paper, we give a basic introduction into hacking IoT devices. We give an overview on the methods and tools for hardware hacking, firmware extraction and unpacking, and performing basic firmware analysis. We also provide a survey on recent research on more advanced firmware analysis methods, including static and dynamic analysis of binaries, taint analysis, fuzzing, and symbolic execution techniques. By giving an overview on both practical methods and readily available tools as well as current scientific research efforts, our work can be useful for both practitioners and academic researchers.",
keywords = "Binary program analysis, Embedded firmware analysis, Ethical hacking, IoT security, Penetration testing",
author = "Dorottya Papp and Krist{\'o}f Tam{\'a}s and L. Butty{\'a}n",
year = "2019",
month = "1",
day = "1",
language = "English",
volume = "11",
pages = "2--13",
journal = "Infocommunications Journal",
issn = "2061-2079",
publisher = "Scientific Association for Infocommunications",
number = "2",

}

TY - JOUR

T1 - IoT hacking - A primer

AU - Papp, Dorottya

AU - Tamás, Kristóf

AU - Buttyán, L.

PY - 2019/1/1

Y1 - 2019/1/1

N2 - The Internet of Things (IoT) enables many new and exciting applications, but it also creates a number of new risks related to information security. Several recent attacks on IoT devices and systems illustrate that they are notoriously insecure. It has also been shown that a major part of the attacks resulted in full adversarial control over IoT devices, and the reason for this is that IoT devices themselves are weakly protected and they often cannot resist even the most basic attacks. Penetration testing or ethical hacking of IoT devices can help discovering and fixing their vulnerabilities that, if exploited, can result in highly undesirable conditions, including damage of expensive physical equipment or even loss of human life. In this paper, we give a basic introduction into hacking IoT devices. We give an overview on the methods and tools for hardware hacking, firmware extraction and unpacking, and performing basic firmware analysis. We also provide a survey on recent research on more advanced firmware analysis methods, including static and dynamic analysis of binaries, taint analysis, fuzzing, and symbolic execution techniques. By giving an overview on both practical methods and readily available tools as well as current scientific research efforts, our work can be useful for both practitioners and academic researchers.

AB - The Internet of Things (IoT) enables many new and exciting applications, but it also creates a number of new risks related to information security. Several recent attacks on IoT devices and systems illustrate that they are notoriously insecure. It has also been shown that a major part of the attacks resulted in full adversarial control over IoT devices, and the reason for this is that IoT devices themselves are weakly protected and they often cannot resist even the most basic attacks. Penetration testing or ethical hacking of IoT devices can help discovering and fixing their vulnerabilities that, if exploited, can result in highly undesirable conditions, including damage of expensive physical equipment or even loss of human life. In this paper, we give a basic introduction into hacking IoT devices. We give an overview on the methods and tools for hardware hacking, firmware extraction and unpacking, and performing basic firmware analysis. We also provide a survey on recent research on more advanced firmware analysis methods, including static and dynamic analysis of binaries, taint analysis, fuzzing, and symbolic execution techniques. By giving an overview on both practical methods and readily available tools as well as current scientific research efforts, our work can be useful for both practitioners and academic researchers.

KW - Binary program analysis

KW - Embedded firmware analysis

KW - Ethical hacking

KW - IoT security

KW - Penetration testing

UR - http://www.scopus.com/inward/record.url?scp=85071042583&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85071042583&partnerID=8YFLogxK

M3 - Article

AN - SCOPUS:85071042583

VL - 11

SP - 2

EP - 13

JO - Infocommunications Journal

JF - Infocommunications Journal

SN - 2061-2079

IS - 2

ER -