Papers
Topics
Authors
Recent
Search
2000 character limit reached

PoisonIvy: (In)secure Practices of Enterprise IoT Systems in Smart Buildings

Published 12 Oct 2020 in cs.CR | (2010.05658v1)

Abstract: The rise of IoT devices has led to the proliferation of smart buildings, offices, and homes worldwide. Although commodity IoT devices are employed by ordinary end-users, complex environments such as smart buildings, smart offices, conference rooms, or hospitality require customized and highly reliable solutions. Those systems called Enterprise Internet of Things (EIoT) connect such environments to the Internet and are professionally managed solutions usually offered by dedicated vendors. As EIoT systems require specialized training, software, and equipment to deploy, this has led to very little research investigating the security of EIoT systems and their components. In effect, EIoT systems in smart settings such as smart buildings present an unprecedented and unexplored threat vector for an attacker. In this work, we explore EIoT system vulnerabilities and insecure development practices. Specifically, focus on the usage of drivers as an attack mechanism, and introduce PoisonIvy, a number of novel attacks that demonstrate an attacker can easily compromise EIoT system controllers using malicious drivers. Specifically, we show how drivers used to integrate third-party devices to EIoT systems can be misused in a systematic fashion. To demonstrate the capabilities of attackers, we implement and evaluate PoisonIvy using a testbed of real EIoT devices. We show that an attacker can perform DoS attacks, gain remote control, and maliciously abuse system resources of EIoT systems. To the best of our knowledge, this is the first work to analyze the (in)securities of EIoT deployment practices and demonstrate the associated vulnerabilities in this ecosystem. With this work, we raise awareness on the (in)secure development practices used for EIoT systems, the consequences of which can largely impact the security, privacy, reliability, and performance of millions of EIoT systems worldwide.

Citations (14)
View on Semantic Scholar

Summary

  • The paper demonstrates how insecure driver practices in enterprise IoT systems lead to severe exploits such as denial-of-service, remote control, and unauthorized cryptocurrency mining.
  • It employs a real-world testbed with Control4 systems to validate the feasibility and impact of PoisonIvy attacks on centralized EIoT architectures.
  • The research emphasizes the need for robust security frameworks, recommending driver certification and secure development practices to mitigate these vulnerabilities.

PoisonIvy: (In)secure Practices of Enterprise IoT Systems in Smart Buildings

Introduction

The advancement of IoT technologies has fueled the proliferation of smart environments globally. In professional and complex settings, however, there exists a demand for Enterprise IoT (EIoT) systems that are rigid, bespoke solutions tailored to specific automation needs. Despite their prominence in high-profile environments, the security of EIoT systems remains largely under-researched. This gap in security analysis presents a pronounced vector for malicious exploits. The paper “PoisonIvy: (In)secure Practices of Enterprise IoT Systems in Smart Buildings” explores the vulnerabilities found in EIoT systems, specifically focusing on driver misuse as an attack vector.

Architecture of EIoT Systems

EIoT systems exhibit a centralized design comprising controllers, user interfaces, drivers, and physical devices. This architecture equips EIoT solutions with significant advantages, such as robust integration and reliability. However, this bespoke design is susceptible to exploitation due to its reliance on closed-source and proprietary implementations.

EIoT Drivers as Attack Vectors

A critical component of EIoT systems are the drivers responsible for integrating third-party devices and services. Given the absence of comprehensive verification mechanisms, drivers often lack security assurance. The paper introduces the concept of PoisonIvy attacks, revealing that insecure drivers can catalyze malicious activity. PoisonIvy represents an array of exploits leveraging driver vulnerabilities, such as overwhelming system resources, remote control, and illicit cryptocurrency mining.

Implementation of PoisonIvy Attacks

Experiments were conducted utilizing a real-world EIoT testbed with Control4 systems to implement malicious drivers. The demonstration validates that insecure driver practices can lead to severe threats, allowing attackers to commandeer EIoT controllers effectively. The presence of unverified drivers introduces crypto attacks and network disruptions, proving the danger when deploying EIoT systems without adequate security checks.

Denial-of-Service (DoS) Attack

This destructive attack exemplifies how attackers can inundate system resources via driver-based mechanisms, crippling EIoT functionalities and leading to complete system unavailability.

Remote Control

PoisonIvy enables attackers to manipulate integrated devices remotely, facilitating several malicious endeavors including Distributed Denial-of-Service (DDoS) on external web resources.

Malicious Resource Farming

This attack showcases leveraging compromised system resources for unauthorized cryptographic activities, predominantly cryptocurrency mining, impacting performance and security.

Evaluation and Results

The paper meticulously evaluates the PoisonIvy exploits on the EIoT testbed, substantiating the feasibility of such attacks due to inherent weaknesses in the management and deployment processes of EIoT systems. Each exploit represents significant risks such as invasion of privacy, interruption of critical services, and exposure of sensitive data through compromised components.

Implications and Countermeasures

The findings underscore the urgent need for comprehensive security frameworks within the EIoT domain. Recommendations include the incorporation of driver certification processes, secure development practices, risk-awareness protocols among integrators, and standardized methodologies for driver implementation. Enhancing these factors may significantly reduce the likelihood of vulnerabilities being exploited.

Conclusion

The paper effectively raises awareness of the latent insecurities present within the EIoT ecosystem, urging the community to consider proactive measures in securing smart environments. By illustrating the potential for exploitation through insecure driver conduct, the research highlights the necessity for diligent security protocols and practices to mitigate the impact of vulnerabilities, ensuring the reliability and safety of EIoT solutions and their user environments.

File Document Download Save Streamline Icon: https://streamlinehq.com Markdown

Paper to Video (Beta)

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Sign Up to Generate

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now

Collections

Sign up for free to add this paper to one or more collections.

User Circle Single Streamline Icon: https://streamlinehq.com Sign Up