Security Vulnerabilities of Internet of Things: A Case Study of the Smart Plug System

Zhen Ling; Junzhou Luo; Yiling Xu; Chao Gao; Kui Wu; Xinwen Fu

doi:10.1109/JIOT.2017.2707465

Security Vulnerabilities of Internet of Things : A Case Study of the Smart Plug System

Research output: Journal Publications and Reviews › RGC 21 - Publication in refereed journal › peer-review

Overview

175 Scopus Citations

Scopus Metrics

View graph of relations

Author(s)

Zhen Ling
Junzhou Luo
Yiling Xu
Chao Gao
Xinwen Fu

Detail(s)

Original language	English
Article number	7932855
Pages (from-to)	1899-1909
Journal / Publication	IEEE Internet of Things Journal
Volume	4
Issue number	6
Publication status	Published - 1 Dec 2017
Externally published	Yes

Link(s)

DOI	DOI https://doi.org/10.1109/JIOT.2017.2707465 Final Published version
	Check@CityULib
Link to Scopus	https://www.scopus.com/record/display.uri?eid=2-s2.0-85039170002&origin=recordpage
Permanent Link	https://scholars.cityu.edu.hk/en/publications/publication(92c02cff-e5f6-41e5-8a8b-ce40a603e1cc).html

Abstract

With the rapid development of the Internet of Things, more and more small devices are connected into the Internet for monitoring and control purposes. One such type of devices, smart plugs, have been extensively deployed worldwide in millions of homes for home automation. These smart plugs, however, would pose serious security problems if their vulnerabilities were not carefully investigated. Indeed, we discovered that some popular smart home plugs have severe security vulnerabilities which could be fixed but unfortunately are left open. In this paper, we case study a smart plug system of a known brand by exploiting its communication protocols and successfully launching four attacks: 1) device scanning attack; 2) brute force attack; 3) spoofing attack; and 4) firmware attack. Our real-world experimental results show that we can obtain the authentication credentials from the users by performing these attacks. We also present guidelines for securing smart plugs. © 2017 IEEE.

Research Area(s)

Attacks, countermeasures, Internet of Things (IoT), vulnerabilities

Bibliographic Note

Publication details (e.g. title, author(s), publication statuses and dates) are captured on an “AS IS” and “AS AVAILABLE” basis at the time of record harvesting from the data source. Suggestions for further amendments or supplementary information can be sent to [email protected].