TY - GEN
T1 - Discovering and understanding the security hazards in the interactions between IoT devices, mobile apps, and clouds on smart home platforms
AU - Zhou, Wei
AU - Jia, Yan
AU - Yao, Yao
AU - Zhu, Lipeng
AU - Guan, Le
AU - Mao, Yuhang
AU - Liu, Peng
AU - Zhang, Yuqing
N1 - Publisher Copyright:
© 2019 by The USENIX Association. All rights reserved.
PY - 2019
Y1 - 2019
N2 - A smart home connects tens of home devices to the Internet, where an IoT cloud runs various home automation applications. While bringing unprecedented convenience and accessibility, it also introduces various security hazards to users. Prior research studied smart home security from several aspects. However, we found that the complexity of the interactions among the participating entities (i.e., devices, IoT clouds, and mobile apps) has not yet been systematically investigated. In this work, we conducted an in-depth analysis of five widely-used smart home platforms. Combining firmware analysis, network traffic interception, and black-box testing, we reverse-engineered the details of the interactions among the participating entities. Based on the details, we inferred three legitimate state transition diagrams for the three entities, respectively. Using these state machines as a reference model, we identified a set of unexpected state transitions. To confirm and trigger the unexpected state transitions, we implemented a set of phantom devices to mimic a real device. By instructing the phantom devices to intervene in the normal entity-entity interactions, we have discovered several new vulnerabilities and a spectrum of attacks against real-world smart home platforms.
AB - A smart home connects tens of home devices to the Internet, where an IoT cloud runs various home automation applications. While bringing unprecedented convenience and accessibility, it also introduces various security hazards to users. Prior research studied smart home security from several aspects. However, we found that the complexity of the interactions among the participating entities (i.e., devices, IoT clouds, and mobile apps) has not yet been systematically investigated. In this work, we conducted an in-depth analysis of five widely-used smart home platforms. Combining firmware analysis, network traffic interception, and black-box testing, we reverse-engineered the details of the interactions among the participating entities. Based on the details, we inferred three legitimate state transition diagrams for the three entities, respectively. Using these state machines as a reference model, we identified a set of unexpected state transitions. To confirm and trigger the unexpected state transitions, we implemented a set of phantom devices to mimic a real device. By instructing the phantom devices to intervene in the normal entity-entity interactions, we have discovered several new vulnerabilities and a spectrum of attacks against real-world smart home platforms.
UR - http://www.scopus.com/inward/record.url?scp=85076353556&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85076353556&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85076353556
T3 - Proceedings of the 28th USENIX Security Symposium
SP - 1133
EP - 1150
BT - Proceedings of the 28th USENIX Security Symposium
PB - USENIX Association
T2 - 28th USENIX Security Symposium
Y2 - 14 August 2019 through 16 August 2019
ER -