Fatal injection: a survey of modern code injection attack countermeasures

Mitropoulos, Dimitris; Spinellis, Diomidis

doi:10.7717/peerj-cs.136

Cited by 15 publications

(8 citation statements)

References 112 publications

(74 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The final category concerns Code Injection, which defines any threat that seeks to introduce malicious code onto a device through unsecured inputs [42]. Such attacks are quite common and generally target applications where inputs are fundamental to their function.…”

Section: Attack Typementioning

confidence: 99%

Attack Categorisation for IoT Applications in Critical Infrastructures, a Survey

2021

View full text Add to dashboard Cite

With the ever advancing expansion of the Internet of Things (IoT) into our everyday lives, the number of attack possibilities increases. Furthermore, with the incorporation of the IoT into Critical Infrastructure (CI) hardware and applications, the protection of not only the systems but the citizens themselves has become paramount. To do so, specialists must be able to gain a foothold in the ongoing cyber attack war-zone. By organising the various attacks against their systems, these specialists can not only gain a quick overview of what they might expect but also gain knowledge into the specifications of the attacks based on the categorisation method used. This paper presents a glimpse into the area of IoT Critical Infrastructure security as well as an overview and analysis of attack categorisation methodologies in the context of wireless IoT-based Critical Infrastructure applications. We believe this can be a guide to aid further researchers in their choice of adapted categorisation approaches. Indeed, adapting appropriated categorisation leads to a quicker attack detection, identification, and recovery. It is, thus, paramount to have a clear vision of the threat landscapes of a specific system.

show abstract

Section: Attack Typementioning

confidence: 99%

Attack Categorisation for IoT Applications in Critical Infrastructures, a Survey

2021

View full text Add to dashboard Cite

show abstract

“…Physical devices essential and indispensable constituents of the physical layer of IoT architectures, for instance, radio frequency Identification (RFID), which are a major element of IoT-based systems. Within an internet-connected embedded system, RFID performs a considerable responsibility in designing microprocessors for wireless The exploitation of a misconfiguration All Improper configuration of amenities (i.e., databases, hosting system) related to IoT application enables the attacker to easily access an IoT application [72] Robust application design, execute checks and inspections constantly [73] Malicious code injection All An invader inserts a malevolent code into various packets with the main aim to sneak or change confidential application data [74] Static analysis, dynamic detection, firewalls [52] Malware…”

Section: Physical Surfacementioning

confidence: 99%

Internet of Things Security Requirements, Threats, Attacks, and Countermeasures

Abdel‐Basset

Moustafa

Hawash

et al. 2021

Deep Learning Techniques for IoT Security and Privacy

View full text Add to dashboard Cite

This chapter elaborates on different security aspects to be taken into accounts during the development and the deployments of IoT architecture. To make the reader about the security of the IoT based system, this chapter begins by defining the contemporary security requirements that should be considered to realize a reliable and trustworthy IoT environment. Then, the discussion extends to differentiate different concepts of IoT security i.e., threat, vulnerability, countermeasure, attacks, risks; and also explain how the concepts relate to each other. Later, a systematic taxonomy is presented for classifying IoT attacks according to IoT assets, where each class of IoT is further classified into more subcategories. Finally, the discussion of each elaborate different categories of IoT attack indicating their main security targets and possible IoT countermeasures.To sum up, this chapter intends to provide a comprehensive overview regarding IoT security vulnerabilities, threats, countermeasures, risks along with practices of handling them all through the following sections: • Security Requirements in Internet of Things • IoT threats, Attacks, vulnerabilities, and risks • Today's IoT attacks and Countermeasures • IoT attack surfaces • Summary and Learnt Lessons.

show abstract

“…Code injection attacks are a type of cybersecurity threat in which an attacker injects malicious code into a vulnerable application or software. This code is designed to exploit security weaknesses in the application or software, allowing the attacker to gain unauthorized access to the system, steal sensitive data, or carry out other malicious activities and attacks [22,23]. Code injection attacks can be performed in various ways, including Structured Query Language (SQL) injection [24], Cross-Site Scripting (XSS) [25], and command injection [26], etc.…”

Section: Introductionmentioning

confidence: 99%

Code Injection Attacks in Wireless-Based Internet of Things (IoT): A Comprehensive Review and Practical Implementations

Noman

Abu-Sharkh

2023

Sensors

View full text Add to dashboard Cite

The Internet of Things (IoT) has transformed various domains in our lives by enabling seamless communication and data exchange between interconnected devices, necessitating robust networking infrastructure. This paper presents a comprehensive analysis of code injection attacks in IoT, focusing on the wireless domain. Code injection attacks exploit security weaknesses in applications or software and can have severe consequences, such as data breaches, financial losses, and denial of service. This paper discusses vulnerabilities in IoT systems and examines how wireless frames in state-of-the-art wireless technologies, which serve IoT applications, are exposed to such attacks. To demonstrate the severity of these threats, we introduce a comprehensive framework illustrating code injection attacks in the wireless domain. Several code injection attacks are performed on Wireless Fidelity (Wi-Fi) devices operating on an embedded system commonly used in IoT applications. Our proof of concept reveals that the victims’ devices become further exposed to a full range of cyber-attacks following a successful severe code injection attack. We also demonstrate three scenarios where malicious codes had been detected inside the firmware of wireless devices used in IoT applications by performing reverse engineering techniques. Criticality analysis is conducted for the implemented and demonstrated attacks using Intrusion Modes and Criticality Analysis (IMECA). By understanding the vulnerabilities and potential consequences of code injection attacks on IoT networks and devices, researchers and practitioners can develop more secure IoT systems and better protect against these emerging threats.

show abstract

Fatal injection: a survey of modern code injection attack countermeasures

Cited by 15 publications

References 112 publications

Attack Categorisation for IoT Applications in Critical Infrastructures, a Survey

Attack Categorisation for IoT Applications in Critical Infrastructures, a Survey

Internet of Things Security Requirements, Threats, Attacks, and Countermeasures

Code Injection Attacks in Wireless-Based Internet of Things (IoT): A Comprehensive Review and Practical Implementations

Contact Info

Product

Resources

About