Exploiting Memory Corruption Vulnerabilities in Connman for IoT Devices

English, K. Virgil; Obaidat, Islam; Sridhar, Meera

doi:10.1109/dsn.2019.00036

Cited by 16 publications

(7 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…9. Root Exploit attack The root exploit software requires the attacker to gain privileges granted by the system administrator to execute a sequence of commands resulting from known vulnerability to harm software and associated devices in the network [46].…”

Section: Software Attacksmentioning

confidence: 99%

See 1 more Smart Citation

Cyber-physical security for IoT networks: a comprehensive review on traditional, blockchain and artificial intelligence based key-security

Attkan

Ranga

2022

Complex Intell. Syst.

View full text Add to dashboard Cite

The recent years have garnered huge attention towards the Internet of Things (IoT) because it enables its consumers to improve their lifestyles and professionally keep up with the technological advancements in the cyber-physical world. The IoT edge devices are heterogeneous in terms of the technology they are built on and the storage file formats used. These devices require highly secure modes of mutual authentication to authenticate each other before actually sending the data. Mutual authentication is a very important aspect of peer-to-peer communication. Secure session keys enable these resource-constrained devices to authenticate each other. After successful authentication, a device can be authorized and can be granted access to shared resources. The need for validating a device requesting data transfer to avoid data privacy breaches that may compromise confidentiality and integrity. Blockchain and artificial intelligence (AI) both are extensively being used as an integrated part of IoT networks for security enhancements. Blockchain provides a decentralized mechanism to store validated session keys that can be allotted to the network devices. Blockchain is also used to load balance the stressing edge devices during low battery levels. AI on the other hand provides better learning and adaptiveness towards IoT attacks. The integration of newer technologies in IoT key management yields enhanced security features. In this article, we systematically survey recent trending technologies from an IoT security point of view and discuss traditional key security mechanisms. This article delivers a comprehensive quality study for researchers on authentication and session keys, integrating IoT with blockchain and AI-based authentication in cybersecurity.

show abstract

Section: Software Attacksmentioning

confidence: 99%

“…When the malicious software modifies the files the data loss might lead to system failure. The data corruption caused by the malware might be as a part of their process to execute the payload and overwrites the files with garbage codes which is unusable to be considered for other operations [46]. 2.…”

Section: Data Attacksmentioning

confidence: 99%

Cyber-physical security for IoT networks: a comprehensive review on traditional, blockchain and artificial intelligence based key-security

Attkan

Ranga

2022

Complex Intell. Syst.

View full text Add to dashboard Cite

show abstract

“…English et al [111] presented a series of PoCs for the DNS proxy module of Connman, a widely used network connection manager in IoT firmware. They used a crafted DNS response packet to crash the proxy module, which could lead to denial-of-service or remote command execution.…”

Section: Memory Protectionmentioning

confidence: 99%

A Survey on Recent Advanced Research of CPS Security

et al. 2021

View full text Add to dashboard Cite

Cyber-physical systems (CPSs) are next-generation intelligent systems that integrate computing, communication, and control. Malicious attacks on CPSs can lead to both property damage and casualties. Therefore, it is worth surveying CPS security by reviewing and analyzing the latest high-quality related works. In this paper, we provide an overview of the CPS security studies from the last five years and select 142 related works from A- or B-level conferences/journals recommended by the China Computer Federation (CCF). First, we review the main contents of the selected papers and classify them into 24 topics. Then, we analyze hotspots and trends of CPS security technologies in three dimensions: (1) architecture layers (perception, network, and application); (2) application scenarios (smart grids, health care, smart transportation, smart homes, and general grids); and (3) MADC (Measure, Attack, Defense, and Control) types. Finally, we also perform a statistical analysis in terms of paper publication times, author institutes, countries, and sponsors to show the current worldwide CPS security research situation.

show abstract

“…Yu et al [25] mention that the firmware identification method to detect the device type and brand of IoT solutions could be based on weak passwords. English et al [26] contribute to this field, indicating that attackers could develop memory buffer attacks to gain access to the entire system using weak default passwords. Hsu et al [27] mention that an attacker could trigger a privilege escalation attack to change the behavior of IoT systems.…”

Section: Introductionmentioning

confidence: 99%

“…This metadata may contain sensitive information, so it is essential not to have information such as a password because it would allow attackers to access resources more quickly. Attackers seek to identify credentials in the metadata using the SSRF vulnerability in the [26], [36], [37] The average password length on IoT devices is short. public frontend.…”

Section: Introductionmentioning

confidence: 99%