Hello !
?
Trace: Infrared distance sensor Power sources 1-wire temperature sensor IoT Communication and Networking Technologies IoT Hardware and Cybersecurity

This is an old revision of the document!

IoT Hardware and Cybersecurity

IoT hardware attacks

IoT hardware attacks are the various ways that security weaknesses resulting from limitations in IoT hardware can be exploited to compromise the security of IoT data and systems. An attacker may install malware on IoT devices, manipulate their functionality, or exploit their weaknesses to gain access to steal or damage data, degrade the quality of services, or disrupt the services. An attack could conduct an IoT on devices to use them for a more sophisticated large-scale attack on ICT infrastructures and critical systems. There is an increase in the scale and frequency of IoT attacks due to the rise in IoT attack surfaces, the ease with which IoT devices can be compromised, and the integration of IoT devices into existing systems and critical infrastructure. Some of the common IoT hardware attacks include:

  • Unauthorised access: Some IoT device manufacturers use weak or no security mechanisms to minimise manufacturing costs and reduce the time to market to meet the increase in market demand. They sometimes do not provide mechanisms for necessary updates to patch up security holes. Some create backdoors for remote servicing, which malicious hackers can exploit. In contrast, others use default or no passwords, making it easier for attackers to access and exploit the device to escalate their attacks.
  • Emulation of fake IoT devices: A third party that knows the communication protocol could develop software to emulate standard functionalities between IoT devices and then get the leverage to share false information.
  • Identity Theft: An attacker could steal the identification of legitimate devices and then perform malicious actions within the network without being identified.
  • Injection of fake information: An attacker can inject fake or misleading information to disrupt the intended functionalities. For example, in a food supply chain, a third party could inject false information about the ethylene sensor and make the system think that the transported commodity is already rotten. Therefore, mechanisms must be implemented to protect the system from fake information injection.
  • Firmware-base attacks: When a new security threat is discovered, a new firmware update is required to obtain an updated version to address the security threat. The firmware, security configuration and other device features can be cloned. The attacker can also upgrade the firmware of a device with malicious software [1]. The firmware, security configuration and other device features can be cloned. The attacker can also upgrade the firmware of a device with malicious software [2].
  • Eavesdropping and man-in-the-middle attacks: Data exchange should be performed securely, making data interception by a third party impossible. Traditional data encryption schemes cannot be implemented in IoT devices, requiring lightweight encryption, which is not straightforward and is sometimes ignored by manufacturers. Transmitting unencrypted IoT data, including security data, makes IoT networks susceptible to eavesdropping and man-in-the-middle attacks.
  • Energy depletion attacks: In this kind of attack, an attacker tries to increase the energy consumption of a battery-powered IoT device significantly, drain the device's battery, and eventually shut down the device. Examples of such attacks include Denial of Sleep (DoS), flooding, a carousel, and stretch attacks [3].
  • Vampire attacks: In this kind of attack, an attacker tries to increase the energy consumption of a battery-powered IoT device significantly, drain the device's battery, and eventually shut down the device. Examples of such attacks include Denial of Sleep (DoS), flooding, a carousel, and stretch attacks [4].
  • Routing attacks: An attacker may manipulate the routing information of the devices to create routing loops, selectively forward packets or intend to use longer routes to increase energy consumption. Some routing attacks include sinkholes, selective forwarding, wormholes, and Sybil attacks [5].
  • Jamming attacks: A denial of service attack in a shared wireless communication channel where a user may prevent other users from using the shared channel [6]. It is an attack targeting the IoT wireless network's physical or data link layer.
  • Brut-force attacks: This kind of attack is aimed at obtaining the login credentials of the detail to gain unauthorised access to the device. For devices with fault passwords, commonly used passwords (e.g., admin), or weak passwords, attackers can access these credentials and use them to gain illegal access to IoT devices.
  • DoD/DDoD attacks: Because adequate security mechanisms are not implemented to harden the security of IoT devices, they can easily be compromised. Many IoT devices can constitute an army of botnets to conduct DDoS attacks to saturate the buffers and other resources in the access points, fog nodes and cloud platforms.
  • Packet collision attacks: This attack is typical in IoT applications where the devices share the wireless communication channel. An attacker can capture some of the devices and then use them to create packet collisions in the communication channel to disrupt the communication and force the devices to consume more energy by trying to transmit packets multiple times and increase the time the devices stay awake to perform communication (or decreases the sleep time of the device). This kind of attack is a type of energy depletion attack.
  • Physical attack on the device: An IoT device may be physically manipulated or damaged to extract vital information. This is an essential aspect of IoT-based agriculture, as the IoT infrastructure in the fields can be vandalised.
[1] O. Garcia-Morchon, S. Kumar, S. Keoh, R. Hummen, R. Struik, Security Considerations in the IP-based Internet of Things draft-garcia-core-security-06, Internet Engineering Task Force (IETF), https://tools.ietf.org, 2013 accessed on 28/02/2020.
[2] O. Garcia-Morchon, S. Kumar, S. Keoh, R. Hummen, R. Struik, Security Considerations in the IP-based Internet of Things draft-garcia-core-security-06, Internet Engineering Task Force (IETF), https://tools.ietf.org, 2013 accessed on 28/02/2020.
[3] A. Rayes, S. Salam, Internet of Things-From Hype to Reality, Springer Nature, 2017.
[4] A. Rayes, S. Salam, Internet of Things-From Hype to Reality, Springer Nature, 2017.
[5] A. Rayes, S. Salam, Internet of Things-From Hype to Reality, Springer Nature, 2017.
[6] S. Yan-Qiang, W. Xiao-dong, Handbook of Research on Developments and Trends in Wireless Sensor Networks: From Principle to Practice, DOI: 10.4018/978-1-61520-701-5.ch015, IGI Global Knowledge Disseminator, https://www.igi-global.com/chapter/jamming-attacks-countermeasures-wireless-sensor/41122, 2010, access date: 7/03/2020
en/iot-reloaded/hardware_and_cybersecurity/test.1747231969.txt.gz · Last modified: 2025/05/14 14:12 by raivo.sell
CC Attribution-Share Alike 4.0 International
www.chimeric.de Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0