Design and Evaluation of Feature Distributed Malware Attacks against the Internet of Things (IoT)

Abstract

In this paper, we analyse the Internet of Things (IoT) aspect of smart home from a security perspective, and adapt an advanced malware technique (called feature-distributed malware) for the IoT. We design several attacks including cyber-physical system attacks and advanced cyber attacks, and then evaluate their impact via practical evaluations. Our proposed offensive techniques are based on the following current smart home status: (1) almost every smart home appliance is directly or indirectly connected to the Internet for remote monitoring and/or control. (2) there are Internet services that integrate heterogeneous devices into one single smart home environment. These integration services make it easy and simple to build any form of customised smart home configurations. However, at the same time, such services also put the smart home at risk when they are compromised and abused by attackers, which means that the attackers can achieve their goals without needing to compromise individual smart home devices. Our evaluation results show that using traditional web attack techniques such as cookie stealing can be turned into sophisticated attacks that enable the attackers to perform various malicious activities such as unlocking the smart lock installed at the target premises and disarming security alarms. Considering existing research efforts on the smart home security are mainly about security analysis of individual devices and protocols, we believe this work will shed light on the practical implications of integrating the smart home with the Internet of things, therefore helping the development of more secure smart home environments in the future.