Abstract
Carriers are rolling out Internet of Things (IoT) services including various IoT devices and use scenarios. Compared with conventional non-IoT devices such as smartphones and tablets, IoT devices have limited network capabilities (e.g., low rates) and specific use scenarios (e.g., inside vehicles only). These specialized use scenarios lead to carries often offering cheaper device access fees for IoT devices. However, the aforementioned disparity of service charging between IoT and non-IoT devices may lead to security issues. In this work, we conduct the first empirical security study on cellular IoT service charging over two major US carriers and make three major contributions. First, we discover four security vulnerabilities and analyze their root causes, which help us identify two significant security threats, IoT masquerading and IoT use scenario abuse. Second, we devise three proof-of-concept attacks and assess their real-world impact. We determine that they can be exploited to allow adversaries to pay 43.75-80.00 percent less for cellular data services. Third, we analyze the challenges in addressing these vulnerabilities and develop an anti-abuse solution to mitigate attack incentives. The solution is standard-compliant and can be used immediately in practice. Our prototype and evaluation confirm its effectiveness.
Accepted Version
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.