An Analysis of the Use of CVEs by IoT Malware

Khoury, Raphaël; Vignau, Benjamin; Hallé, Stéphane; Hamou-Lhadj, Abdelwahab; Razgallah, Asma

doi:10.1007/978-3-030-70881-8_4

Cited by 6 publications

(2 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…There are several reasons for this. Notably, recent research indicates that vulnerabilities for which an exploit code is difficult to create, or which the impact of the exploitation is limited are less likely to be exploited even after the public divulgation of the vulnerability [14]. The prospect of avoiding blackhat exploitation of the vulnerability even after it is discovered and disclosed mitigates the risks incurred by the creation of the backdoor.…”

Section: Utilitarianismmentioning

confidence: 99%

Are Backdoor Mandates Ethical?—A Position Paper

Khoury

Hallé

2022

IEEE Technol. Soc. Mag.

View full text Add to dashboard Cite

show abstract

Section: Utilitarianismmentioning

confidence: 99%

Are Backdoor Mandates Ethical?—A Position Paper

Khoury

Hallé

2022

IEEE Technol. Soc. Mag.

View full text Add to dashboard Cite

show abstract

“…The Bashlite worm abuses the Shell-Shock vulnerability, which is a serious security vulnerability of Unix Bash Shell, to infect over one million Busybox devices [22].The IoT Reaper integrates a series of nine HTTP-based exploits, which all based on previously disclosed IoT vulnerabilities [25]. According to statistics, the number of CVE vulnerabilities involved in Echobot is as high as 73 [23].…”

Section: Related To Target Environmentmentioning

confidence: 99%

Research on IoT Malware Based on the ATT&CK Model

2021

Proceedings of 2021 the 11th International Workshop on Computer Science and Engineering

View full text Add to dashboard Cite

The security of the IoT has become a hot research area in cyberspace security, among which the malware is a major threat. Based on the ATT&CK model, this paper studies the composition and behavior of IoT malware, constructs a malicious behavior model of IoT malware, and analyzes the technical implementation of each tactic in the malicious behavior model of IoT malware from three aspects: operating system related, target environment related and specific tools related. Based on this, we finally propose the evolution direction of IoT malware, which will be conducive to a more comprehensive grasp of the characteristics of IoT malware, and be supportive for maintaining the security of IoT.

show abstract