In all three devices, the firmware image is modified to include the memory introspection capability by hooking an existing data exfiltration mechanism used by the device. In this work, a memory introspection capability is developed for three Z-Wave devices containing a ZW0301, a Z-Wave transceiver system-on-chip. While there are a variety of open source tools for analyzing Z-Wave frames, inspecting non-volatile memory, and disassembling firmware, there are no dynamic analysis tools allowing one to inspect the internal state of a Z-Wave transceiver while it is running. The proprietary nature of Z-Wave devices makes it difficult to determine their security aptitude. Z-Wave is a proprietary Internet of Things substrate providing distributed home and office automation services. Finally, we propose some general design suggestions for building a more secure smart home solution.
We also discuss the implications of the disclosed attacks in the context of business competition. To this end, five concrete attacks are constructed and illustrated. While these minor security flaws appear to be irrelevant, we show that combining them in a surprising way poses serious security or privacy hazards to smart home users. Based on the state machine, we reveal several vulnerabilities that lead to unexpected state transitions. Combining firmware reverse-engineering, network traffic interception, and black-box testing, we distill the general state transitions representing the complex interactions among the three entities. In this work, we conducted an in-depth analysis to four widely used smart home solutions.
However, we found that the complexity of the interactions among the participating entities (device, IoT cloud, and mobile app) has not yet been systematically investigated. Prior research studied smart home security from various aspects. While bringing unprecedented convenience, accessibility, and efficiency, it also introduces safety hazards to users. Smart home connects tens of home devices into the Internet, running a smart algorithm in the cloud that sends remote commands to the devices.
0 kommentar(er)
