SECURITY AND SAFETY OF INTERNET OF THINGS (IoTs)

Presentation on theme: "SECURITY AND SAFETY OF INTERNET OF THINGS (IoTs)"— Presentation transcript:

SECURITY AND SAFETY OF INTERNET OF THINGS (IoTs)An Investigation on Belkin WeMos

PurposeTo further identify security liabilities of IoTs, in particular those of Belkin WeMo smart outlets.

IntroductionInternet of Things (IoT): Network of normal devices embedded with electronics and software that allow them to interact with pre-existing infrastructure of the Internet. Convenient but liable to security attacks that could invade the homeowners’ privacy. Most tangible potential threat: IoTs that improve home automation.

AcknowledgementsWe would like to extend our gratitude to:Muhammad Naveed for being a research advisor that challenges us to think independently. Professor Carl Gunter for providing support throughout the semester. Edward Chou for being a supportive research colleague.

ReferencesBelkin Wemo remote shell and rapid state exchange. https://www.youtube.com/watch?v=BcW2q0aHOFo, 2013.Chris Lu. Overview of Security and Privacy Issues in the Internet of Things. http://www1.cse.wustl.edu/~jain/cse574-14/ftp/security/index.htmlGartner’s 2013 Hype Cycle for Emerging Technology Maps Out Evolving Relationship Between Humans and Machines. Gartner, Inc., USA, 2013.Ian McCracken. ouimeaux Documentation, release 0.7.2. Jan. 2014. James Kempf, Jari Arkko, Neda Behest, and Kiran Yedavalli. Thoughts on Reliability in Internet of Things. Ericsson Research, Internet Architecture Board, 2011. 

Mentees: Stephanie Wang, Renee Zhu Mentor: Muhammad Naveed

Next Steps

Belkin WeMo-specificSecurity: Connect WeMo with computer; execute strong attack on its firmware.Safety: Control WeMo from computer; develop potentially dangerous safety concerns.BeyondBegin study on more complex IoTs and accessories.Smart door bells and locks, Piper monitors, multi-sensors, Electric Imps, etc.

Figure 1.

Gartner’s 2013 Hype Cycle shows that IoTs are among the hottest emerging tech

Figure 2.

Hardware teardown of the Belkin WeMo Insight shows the

Ralink

Wi-Fi chip.

Figure 3. Paired WeMo Insight and Wi-Fi allow remote control from the WeMo app.

Hardware TeardownPurpose: To better understand components through reverse-engineering of hardware. Firmware Attack IdeasChange firmware to disregard commands from original user’s WeMo app.Detect what device is connected to WeMo based on power consumption.Established attack: Rapid state exchange; ex. burn out Weak attack: Physical access to WeMo; ex. short circuit.

Issues

Difficulty connecting smart outlets to Wi-Fi.

Only recently successfully paired WeMo.