A Large-Scale Empirical Study on the Vulnerability of Deployed IoT Devices

Zhao, Binbin; Ji, Shouling; Lee, Wei-Han; Lin, Changting; Weng, Haiqin; Wu, Jiamin; Zhou, Pan; Fang, Liming; Beyah, Raheem

doi:10.1109/tdsc.2020.3037908

Cited by 33 publications

(20 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In this work, we conduct a comprehensive security evaluation on FLV using deepfake, which may raise some ethical concerns. Similar to the previous studies about the security of AI-powered systems [33][34][35], we pay special attention to the legal and ethical boundaries. First, we use open-source datasets to conduct deepfake synthesis and security evaluation, which is a legitimate and common practice in face-related security research [29,36].…”

Section: Ethical Considerationmentioning

confidence: 94%

Seeing is Living? Rethinking the Security of Facial Liveness Verification in the Deepfake Era

Li¹,

Wang²,

Ji³

et al. 2022

Preprint

Self Cite

View full text Add to dashboard Cite

Facial Liveness Verification (FLV) is widely used for identity authentication in many security-sensitive domains and offered as Platform-as-a-Service (PaaS) by leading cloud vendors. Yet, with the rapid advances in synthetic media techniques (e.g., deepfake), the security of FLV is facing unprecedented challenges, about which little is known thus far.To bridge this gap, in this paper, we conduct the first systematic study on the security of FLV in real-world settings. Specifically, we present LiveBugger, a new deepfake-powered attack framework that enables customizable, automated security evaluation of FLV. Leveraging LiveBugger, we perform a comprehensive empirical assessment of representative FLV platforms, leading to a set of interesting findings. For instance, most FLV APIs do not use anti-deepfake detection; even for those with such defenses, their effectiveness is concerning (e.g., it may detect high-quality synthesized videos but fail to detect low-quality ones). We then conduct an in-depth analysis of the factors impacting the attack performance of LiveBugger: a) the bias (e.g., gender or race) in FLV can be exploited to select victims; b) adversarial training makes deepfake more effective to bypass FLV; c) the input quality has a varying influence on different deepfake techniques to bypass FLV. Based on these findings, we propose a customized, two-stage approach that can boost the attack success rate by up to 70%. Further, we run proof-of-concept attacks on several representative applications of FLV (i.e., the clients

show abstract

Section: Ethical Considerationmentioning

confidence: 94%

Seeing is Living? Rethinking the Security of Facial Liveness Verification in the Deepfake Era

Li¹,

Wang²,

Ji³

et al. 2022

Preprint

Self Cite

View full text Add to dashboard Cite

show abstract

“…Without the source code of IoT firmware, many approaches perform static analysis on the binary image [46]- [52]. For instance, Gemini [50] utilizes a neural network-based approach to detect known vulnerable functions.…”

Section: B Vulnerable Iot Device Analysismentioning

confidence: 99%

IFIZZ: Deep-State and Efficient Fault-Scenario Generation to Test IoT Firmware

Liu

Zhang

et al. 2021

2021 36th IEEE/ACM International Conference on Automated Software Engineering (ASE)

Self Cite

View full text Add to dashboard Cite

IoT devices are abnormally prone to diverse errors due to harsh environments and limited computational capabilities. As a result, correct error handling is critical in IoT. Implementing correct error handling is non-trivial, thus requiring extensive testing such as fuzzing. However, existing fuzzing cannot effectively test IoT error-handling code. First, errors typically represent corner cases, thus are hard to trigger. Second, testing error-handling code would frequently crash the execution, which prevents fuzzing from testing following deep error paths.In this paper, we propose IFIZZ, a new bug detection system specifically designed for testing error-handling code in Linuxbased IoT firmware. IFIZZ first employs an automated binarybased approach to identify realistic runtime errors by analyzing errors and error conditions in closed-source IoT firmware. Then, IFIZZ employs state-aware and bounded error generation to reach deep error paths effectively. We implement and evaluate IFIZZ on 10 popular IoT firmware. The results show that IFIZZ can find many bugs hidden in deep error paths. Specifically, IFIZZ finds 109 critical bugs, 63 of which are even in widely used IoT libraries. IFIZZ also features high code coverage and efficiency, and covers 67.3% more error paths than normal execution. Meanwhile, the depth of error handling covered by IFIZZ is 7.3 times deeper than that covered by the state-of-theart method. Furthermore, IFIZZ has been practically adopted and deployed in a worldwide leading IoT company. We will opensource IFIZZ to facilitate further research in this area.

show abstract

“…Using keywords only, the authors [11] searched Shodan for the PLCs; each PLC was found within 19 days of the initial deployment. In 2020, Zhao et al [22] evaluated five popular search engines, including Censys and Shodan, measuring their searching ability (how many devices each engine returns), raw data accuracy (ratio of valid data), response time (how long until a new device is indexed) and the scanning period (time difference between two contiguous scans). They found that Censys and Shodan had similar searching ability, and both are appropriate for users who wish to find newly exposed devices.…”

Section: Related Workmentioning

confidence: 99%

“…They found that Censys and Shodan had similar searching ability, and both are appropriate for users who wish to find newly exposed devices. The authors [22] recommended users who conduct research on recent data to use Shodan.…”

Section: Related Workmentioning

confidence: 99%

Empirical Scanning Analysis of Censys and Shodan

Bennett¹,

Abdou²,

Oorschot³

2021

Proceedings 2021 Workshop on Measurements, Attacks, and Defenses for the Web

View full text Add to dashboard Cite

Engines that scan Internet-connected devices allow for fast retrieval of useful information regarding said devices, and their running services. Examples of such engines include Censys and Shodan. We present a snapshot of our in-progress effort towards the characterization and systematic evaluation of such engines, herein focusing on results obtained from an empirical study that sheds light on several aspects. These include: the freshness of a result obtained from querying Censys and Shodan, the resources they consume from the scanned devices, and several interesting operational differences between engines observed from the network edge. Preliminary results confirm that the information retrieved from both engines can reflect updates within 24 hours, which aligns with implicit usage expectations in recent literature. The results also suggest that the consumed resources appear insignificant for common Internet applications, e.g., one full application-layer connection (banner grab) per port, per day. Results so far highlight the value of such engines to the research community.

show abstract

A Large-Scale Empirical Study on the Vulnerability of Deployed IoT Devices

Cited by 33 publications

References 23 publications

Seeing is Living? Rethinking the Security of Facial Liveness Verification in the Deepfake Era

Seeing is Living? Rethinking the Security of Facial Liveness Verification in the Deepfake Era

IFIZZ: Deep-State and Efficient Fault-Scenario Generation to Test IoT Firmware

Empirical Scanning Analysis of Censys and Shodan

Contact Info

Product

Resources

About