The Transactions of The Korean Institute of Electrical Engineers (전기학회논문지)

The Korean Institute of Electrical Engineers (대한전기학회)
권호 표지
DOI QR코드

DOI QR Code

A Study on the Security Threats of IoT Devices Exposed in Search Engine

검색엔진에 노출된 IoT 장치의 보안 위협에 대한 연구

  • Received : 2015.10.31
  • Accepted : 2015.12.24
  • Published : 2016.01.01
Download PDF
⟨ Previous Next ⟩

Abstract

IoT devices including smart devices are connected with internet, thus they have security threats everytime. Particularly, IoT devices are composed of low performance MCU and small-capacity memory because they are miniaturized, so they are likely to be exposed to various security threats like DoS attacks. In addition, in case of IoT devices installed for a remote place, it's not easy for users to control continuously them and to install immediately security patch for them. For most of IoT devices connected directly with internet under user's intention, devices exposed to outside by setting IoT gateway, and devices exposed to outside by the DMZ function or Port Forwarding function of router, specific protocol for IoT services was used and the devices show a response when services about related protocol are required from outside. From internet search engine for IoT devices, IP addresses are inspected on the basis of protocol mainly used for IoT devices and then IP addresses showing a response are maintained as database, so that users can utilize related information. Specially, IoT devices using HTTP and HTTPS protocol, which are used at usual web server, are easily searched at usual search engines like Google as well as search engine for the sole IoT devices. Ill-intentioned attackers get the IP addresses of vulnerable devices from search engine and try to attack the devices. The purpose of this study is to find the problems arisen when HTTP, HTTPS, CoAP, SOAP, and RestFUL protocols used for IoT devices are detected by search engine and are maintained as database, and to seek the solution for the problems. In particular, when the user ID and password of IoT devices set by manufacturing factory are still same or the already known vulnerabilities of IoT devices are not patched, the dangerousness of the IoT devices and its related solution were found in this study.

Keywords

References

  1. ABI Research (2013), More Than 30 Billion Devices Will Wirelessly Connect to the Internet of Everything in 2020, https://www.abiresearch.com/press/more-than-30-billion-devices-will-wirelessly-conne
  2. Seong-ho Lee(2014), A Study of Forward/Reverse Connection Relay Communication for Security of IoT Devices, Dankook University
  3. Samsung artik, https://www.artik.io/hardware
  4. Intel galileo overview, http://www.intel.co.kr/content/www/kr/ko/embedded/products/galileo/galileo-overview.html
  5. Shodan Computer Search Engine, http://www.shodan.io
  6. Busybox, http://www.busybox.net/
  7. NIS, https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4883
  8. Wikipedia, Robot.txt, https://en.wikipedia.org/wiki/Robots_exclusion_standard
  9. Roland Bodenheim, Jonathan Butts, Stephen Dunlap, Barry Mullins (2014). Evaluation of the ability of the Shodan search engine to identify Internet-facing industrial control devices. International Journal of Critical Infrastructure Protection Volume 7, Issue 2, June 2014, Pages 114-123 https://doi.org/10.1016/j.ijcip.2014.03.001
  10. Elsevier (2010). Stuxnet may be the work of statebacked hackers. Network Security Volume 2010, Issue 9, September 2010, Pages 1-2 https://doi.org/10.1016/S1353-4858(10)70111-2
  11. Roland Bodenheim, Jonathan Butts, Stephen Dunlap, Barry Mullins (2014). Evaluation of the ability of the Shodan search engine to identify Internet-facing industrial control devices. International Journal of Critical Infrastructure Protection Volume 7, Issue 2, June 2014, Pages 114-123 https://doi.org/10.1016/j.ijcip.2014.03.001
  12. Jieyu Wu, Xinyu Shao, Haiping Zhu(2013). Relay node deployment based small world effect in hierarchical industrial wireless sensor networks. 2013 IEEE International Conference on Green Computing and Communications and IEEE Internet of Things and IEEE Cyber, Physical and Social Computing. page 1066-1071

Cited by

  1. Attack Scenarios and Countermeasures using CoAP in IoT Environment vol.7, pp.4, 2016, https://doi.org/10.15207/JKCS.2016.7.4.033