Design Flaws in IoT Devices Prevent Them from Notifying about Hacks
CYBER NEWS

Design Flaws in IoT Devices Prevent Them from Notifying about Hacks

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

IoT devices are convenient but they are far from secure and harmless, and there’s another report that proves this fact. Apparently, IoT devices contain design flaws that can allow third parties to prevent them from sharing information.

Related:
Security experts discovered a major weakness in M2M protocols that allows hacker to overtake IoT devices, read more about this in our article
Iot Security Under Threat Due to M2M Protocols Abuse.

What does this mean? These flaws can be deployed to obstruct security systems from warning about break-ins. The alarming discovery comes from researchers at North Carolina State University which presented their findings in a report titled “Blinded and Confused: Uncovering Systemic Flaws in Device Telemetry for Smart-Home Internet of Things“.




New Report Outlines Design Flaws in IoT Devices

According to researchers, the devices are designed with the assumption that wireless connectivity is secure but this is not always the case.

IoT devices consist of two subsystems: always-responsive and ondemand [28]. The always-responsive subsystem maintains a perpetual connection to remote servers to report the availability of the device and listen for server-side instructions. In turn, the servers use low-bandwidth messages to monitor connectivity health. We label this message exchange heartbeats, since they periodically indicate the connectivity health of a device. When a timeout expires without receiving any heartbeats, servers mark the device as offine and present the user with a smart phone alert.

In the researchers’ experiments, they measured the timeout period as brief as forty seconds and as long as thirty minutes. It should also be noted that some battery constrained devices entirely eliminate the always-responsive subsystem due to the power constraints of periodic messaging, the report said. More specifically, if threat actors or unnamed third parties hack a home’s router, network layer suppression malware can be uploaded to the router.

The malware will enable the vulnerable devices to upload their heartbeat signals informing that they are online but will block any security signals. These attacks can be triggered both on-site and remotely. The problem is that the system is telling homeowners that everything is in order when it’s not.

Related:
Almost half of the Smart Homes of Today?s world have at least one weak device due to an outdated and unpatched software. Researchers and experts at Avast have established that around 40.8% of the smart homes at the moment are...Read more
40% of Smart Homes Currently Vulnerable to Hacking.

According to says TJ O’Connor, one of the authors of the paper, “one potential fix would be to make heartbeat signals indistinguishable from other signals, so malware couldn’t selectively allow heartbeat signals to pass through.” Another solution is including more information in the heartbeat signal:

For example, if a device sends three motion-sensor alerts, the subsequent heartbeat signal would include data noting that three sensor alerts had been sent. Even if the network layer suppression malware blocked the sensor alert signals, the system would see the heartbeat signal and know that three sensor alerts were sent but not received. This could then trigger a system warning for homeowners, O’Connor said.

In conclusion, the report hypothesized that the NEST and Amazon Key incidents are not isolated occurrences, but rather an indication of a larger systemic design flaw in a prevalent number IoT devices.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...