Abstract:With a code injection attack (CIA) an attacker can introduce malicious code into a computer program or system that fails to properly encode data that comes from an untrusted source. A CIA can have different forms depending on the execution context of the application and the location of the programming flaw that leads to the attack. Currently, CIAs are considered one of the most damaging classes of application attacks since they can severely affect an organisation's infrastructure and cause financial and reputa… Show more
“…The final category concerns Code Injection, which defines any threat that seeks to introduce malicious code onto a device through unsecured inputs [42]. Such attacks are quite common and generally target applications where inputs are fundamental to their function.…”
With the ever advancing expansion of the Internet of Things (IoT) into our everyday lives, the number of attack possibilities increases. Furthermore, with the incorporation of the IoT into Critical Infrastructure (CI) hardware and applications, the protection of not only the systems but the citizens themselves has become paramount. To do so, specialists must be able to gain a foothold in the ongoing cyber attack war-zone. By organising the various attacks against their systems, these specialists can not only gain a quick overview of what they might expect but also gain knowledge into the specifications of the attacks based on the categorisation method used. This paper presents a glimpse into the area of IoT Critical Infrastructure security as well as an overview and analysis of attack categorisation methodologies in the context of wireless IoT-based Critical Infrastructure applications. We believe this can be a guide to aid further researchers in their choice of adapted categorisation approaches. Indeed, adapting appropriated categorisation leads to a quicker attack detection, identification, and recovery. It is, thus, paramount to have a clear vision of the threat landscapes of a specific system.
“…The final category concerns Code Injection, which defines any threat that seeks to introduce malicious code onto a device through unsecured inputs [42]. Such attacks are quite common and generally target applications where inputs are fundamental to their function.…”
With the ever advancing expansion of the Internet of Things (IoT) into our everyday lives, the number of attack possibilities increases. Furthermore, with the incorporation of the IoT into Critical Infrastructure (CI) hardware and applications, the protection of not only the systems but the citizens themselves has become paramount. To do so, specialists must be able to gain a foothold in the ongoing cyber attack war-zone. By organising the various attacks against their systems, these specialists can not only gain a quick overview of what they might expect but also gain knowledge into the specifications of the attacks based on the categorisation method used. This paper presents a glimpse into the area of IoT Critical Infrastructure security as well as an overview and analysis of attack categorisation methodologies in the context of wireless IoT-based Critical Infrastructure applications. We believe this can be a guide to aid further researchers in their choice of adapted categorisation approaches. Indeed, adapting appropriated categorisation leads to a quicker attack detection, identification, and recovery. It is, thus, paramount to have a clear vision of the threat landscapes of a specific system.
“…Physical devices essential and indispensable constituents of the physical layer of IoT architectures, for instance, radio frequency Identification (RFID), which are a major element of IoT-based systems. Within an internet-connected embedded system, RFID performs a considerable responsibility in designing microprocessors for wireless The exploitation of a misconfiguration All Improper configuration of amenities (i.e., databases, hosting system) related to IoT application enables the attacker to easily access an IoT application [72] Robust application design, execute checks and inspections constantly [73] Malicious code injection All An invader inserts a malevolent code into various packets with the main aim to sneak or change confidential application data [74] Static analysis, dynamic detection, firewalls [52] Malware…”
This chapter elaborates on different security aspects to be taken into accounts during the development and the deployments of IoT architecture. To make the reader about the security of the IoT based system, this chapter begins by defining the contemporary security requirements that should be considered to realize a reliable and trustworthy IoT environment. Then, the discussion extends to differentiate different concepts of IoT security i.e., threat, vulnerability, countermeasure, attacks, risks; and also explain how the concepts relate to each other. Later, a systematic taxonomy is presented for classifying IoT attacks according to IoT assets, where each class of IoT is further classified into more subcategories. Finally, the discussion of each elaborate different categories of IoT attack indicating their main security targets and possible IoT countermeasures.To sum up, this chapter intends to provide a comprehensive overview regarding IoT security vulnerabilities, threats, countermeasures, risks along with practices of handling them all through the following sections: • Security Requirements in Internet of Things • IoT threats, Attacks, vulnerabilities, and risks • Today's IoT attacks and Countermeasures • IoT attack surfaces • Summary and Learnt Lessons.
“…Code injection attacks are a type of cybersecurity threat in which an attacker injects malicious code into a vulnerable application or software. This code is designed to exploit security weaknesses in the application or software, allowing the attacker to gain unauthorized access to the system, steal sensitive data, or carry out other malicious activities and attacks [22,23]. Code injection attacks can be performed in various ways, including Structured Query Language (SQL) injection [24], Cross-Site Scripting (XSS) [25], and command injection [26], etc.…”
The Internet of Things (IoT) has transformed various domains in our lives by enabling seamless communication and data exchange between interconnected devices, necessitating robust networking infrastructure. This paper presents a comprehensive analysis of code injection attacks in IoT, focusing on the wireless domain. Code injection attacks exploit security weaknesses in applications or software and can have severe consequences, such as data breaches, financial losses, and denial of service. This paper discusses vulnerabilities in IoT systems and examines how wireless frames in state-of-the-art wireless technologies, which serve IoT applications, are exposed to such attacks. To demonstrate the severity of these threats, we introduce a comprehensive framework illustrating code injection attacks in the wireless domain. Several code injection attacks are performed on Wireless Fidelity (Wi-Fi) devices operating on an embedded system commonly used in IoT applications. Our proof of concept reveals that the victims’ devices become further exposed to a full range of cyber-attacks following a successful severe code injection attack. We also demonstrate three scenarios where malicious codes had been detected inside the firmware of wireless devices used in IoT applications by performing reverse engineering techniques. Criticality analysis is conducted for the implemented and demonstrated attacks using Intrusion Modes and Criticality Analysis (IMECA). By understanding the vulnerabilities and potential consequences of code injection attacks on IoT networks and devices, researchers and practitioners can develop more secure IoT systems and better protect against these emerging threats.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.