Lazzaro, S;
De Angelis, V;
Mandalari, AM;
Buccafurri, F;
(2024)
Is Your Kettle Smarter Than a Hacker? A Scalable Tool for Assessing Replay Attack Vulnerabilities on Consumer IoT Devices.
In:
Proceedings of the International Conference on Pervasive Computing and Communications (PerCom) IEEE 2024.
(pp. pp. 114-124).
Institute of Electrical and Electronics Engineers (IEEE)
Preview |
Text
Mandalari_Improving the representativeness of UKs national COVID19 Infection Survey through spatio-temporal regression and poststratification_AAM.pdf - Accepted Version Download (465kB) | Preview |
Abstract
Consumer Internet of Things (IoT) devices often leverage the local network to communicate with the corresponding companion app or other devices. This has benefits in terms of efficiency since it offloads the cloud. ENISA and NIST security guidelines underscore the importance of enabling default local communication for safety and reliability. Indeed, an IoT device should continue to function in case the cloud connection is not available. While the security of cloud-device connections is typically strengthened through the usage of standard protocols, local connectivity security is frequently overlooked. Neglecting the security of local communication opens doors to various threats, including replay attacks. In this paper, we investigate this class of attacks by designing a systematic methodology for automatically testing IoT devices vulnerability to replay attacks. Specifically, we propose a tool, named REPLIoT, able to test whether a replay attack is successful or not, without prior knowledge of the target devices. We perform thousands of automated experiments using popular commercial devices spanning various vendors and categories. Notably, our study reveals that among these devices, 51% of them do not support local connectivity, thus they are not compliant with the reliability and safety requirements of the ENISA/NIST guidelines. We find that 75% of the remaining devices are vulnerable to replay attacks with REPLIoT having a detection accuracy of 0.98-1. Finally, we investigate the possible causes of this vulnerability, discussing possible mitigation strategies.
| Type: | Proceedings paper |
|---|---|
| Title: | Is Your Kettle Smarter Than a Hacker? A Scalable Tool for Assessing Replay Attack Vulnerabilities on Consumer IoT Devices |
| Event: | 2024 IEEE International Conference on Pervasive Computing and Communications (PerCom) |
| Location: | Biarritz, France |
| Dates: | 11th-15th March 2024 |
| ISBN-13: | 9798350326031 |
| Open access status: | An open access version is available from UCL Discovery |
| DOI: | 10.1109/PerCom59722.2024.10494466 |
| Publisher version: | http://dx.doi.org/10.1109/percom59722.2024.1049446... |
| Language: | English |
| Additional information: | This version is the author accepted manuscript. For information on re-use, please refer to the publisher's terms and conditions. |
| UCL classification: | UCL UCL > Provost and Vice Provost Offices > UCL BEAMS UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Electronic and Electrical Eng |
| URI: | https://discovery.ucl.ac.uk/id/eprint/10192881 |
Loading...
Loading...Loading...Loading...Archive Staff Only
 |
View Item |
