Framework to analyze and exploit the smart home IoT firmware
Thousands of smart gadgets are linked to the internet each month, and due to various privacy and security issues, such devices may be vulnerable to evil attackers. Currently, there are around 8 billion devices online, and by the beginning of 2025, there will likely be 25 to 35 billion IoT devices gl...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Elsevier
2025-02-01
|
| Series: | Measurement: Sensors |
| Subjects: | |
| Online Access: | http://www.sciencedirect.com/science/article/pii/S2665917424003829 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1832586197429387264 |
|---|---|
| author | Keshav Kaushik Akashdeep Bhardwaj Susheela Dahiya |
| author_facet | Keshav Kaushik Akashdeep Bhardwaj Susheela Dahiya |
| author_sort | Keshav Kaushik |
| collection | DOAJ |
| description | Thousands of smart gadgets are linked to the internet each month, and due to various privacy and security issues, such devices may be vulnerable to evil attackers. Currently, there are around 8 billion devices online, and by the beginning of 2025, there will likely be 25 to 35 billion IoT devices globally. Despite this, the security of the devices is not receiving any more attention. Since operating system (OS) and hardware security have improved recently, researchers and hackers now seek vulnerabilities in other areas, such as firmware. When the firmware on many IoT devices isn't updated, it leaves them open to cyberattacks. The period when the Mirai Botnet was widely used is one of the situations in which we may have heard about firmware security. By gaining access to the equipment using the default credentials, the Mirai Botnet infects devices. Therefore, to analyze the firmware's contents for alteration during runtime, the authors of this research performed reverse engineering on it. Authors have exploited the smart home IoT firmware using our framework that identified ten critical network-based vulnerabilities within the firmware, with five vulnerabilities scoring a maximum CVSS score of 10.0 and the remaining five scoring 9.8, highlighting significant threats to smart home IoT devices. In addition, examining the firmware binaries demonstrates the widespread usage of dangerous functions like sprintf and strcpy in addition to the absence of critical security features like NX, PIE, RELRO, and stack protection. By offering a thorough analysis of the vulnerabilities and suggesting best practices for boosting the security of smart home IoT firmware, the results add to the body of information already in existence. |
| format | Article |
| id | doaj-art-605eca80569a48baad9b9a8a8013fe25 |
| institution | Kabale University |
| issn | 2665-9174 |
| language | English |
| publishDate | 2025-02-01 |
| publisher | Elsevier |
| record_format | Article |
| series | Measurement: Sensors |
| spelling | doaj-art-605eca80569a48baad9b9a8a8013fe252025-01-26T05:04:51ZengElsevierMeasurement: Sensors2665-91742025-02-0137101406Framework to analyze and exploit the smart home IoT firmwareKeshav Kaushik0Akashdeep Bhardwaj1Susheela Dahiya2School of Computer Science, University of Petroleum and Energy Studies, Dehradun, Uttarakhand, India; Amity School of Engineering and Technology, Amity University Punjab, Mohali, India; Corresponding author. School of Computer Science, University of Petroleum and Energy Studies, Dehradun, Uttarakhand, India.School of Computer Science, University of Petroleum and Energy Studies, Dehradun, Uttarakhand, IndiaDepartment of Computer Science and Engineering, Graphic Era Hill University, Dehradun, Uttarakhand, IndiaThousands of smart gadgets are linked to the internet each month, and due to various privacy and security issues, such devices may be vulnerable to evil attackers. Currently, there are around 8 billion devices online, and by the beginning of 2025, there will likely be 25 to 35 billion IoT devices globally. Despite this, the security of the devices is not receiving any more attention. Since operating system (OS) and hardware security have improved recently, researchers and hackers now seek vulnerabilities in other areas, such as firmware. When the firmware on many IoT devices isn't updated, it leaves them open to cyberattacks. The period when the Mirai Botnet was widely used is one of the situations in which we may have heard about firmware security. By gaining access to the equipment using the default credentials, the Mirai Botnet infects devices. Therefore, to analyze the firmware's contents for alteration during runtime, the authors of this research performed reverse engineering on it. Authors have exploited the smart home IoT firmware using our framework that identified ten critical network-based vulnerabilities within the firmware, with five vulnerabilities scoring a maximum CVSS score of 10.0 and the remaining five scoring 9.8, highlighting significant threats to smart home IoT devices. In addition, examining the firmware binaries demonstrates the widespread usage of dangerous functions like sprintf and strcpy in addition to the absence of critical security features like NX, PIE, RELRO, and stack protection. By offering a thorough analysis of the vulnerabilities and suggesting best practices for boosting the security of smart home IoT firmware, the results add to the body of information already in existence.http://www.sciencedirect.com/science/article/pii/S2665917424003829Internet of ThingsFirmwareSmart homeFirmware exploitationSensorsReverse engineering |
| spellingShingle | Keshav Kaushik Akashdeep Bhardwaj Susheela Dahiya Framework to analyze and exploit the smart home IoT firmware Measurement: Sensors Internet of Things Firmware Smart home Firmware exploitation Sensors Reverse engineering |
| title | Framework to analyze and exploit the smart home IoT firmware |
| title_full | Framework to analyze and exploit the smart home IoT firmware |
| title_fullStr | Framework to analyze and exploit the smart home IoT firmware |
| title_full_unstemmed | Framework to analyze and exploit the smart home IoT firmware |
| title_short | Framework to analyze and exploit the smart home IoT firmware |
| title_sort | framework to analyze and exploit the smart home iot firmware |
| topic | Internet of Things Firmware Smart home Firmware exploitation Sensors Reverse engineering |
| url | http://www.sciencedirect.com/science/article/pii/S2665917424003829 |
| work_keys_str_mv | AT keshavkaushik frameworktoanalyzeandexploitthesmarthomeiotfirmware AT akashdeepbhardwaj frameworktoanalyzeandexploitthesmarthomeiotfirmware AT susheeladahiya frameworktoanalyzeandexploitthesmarthomeiotfirmware |