Explore a comprehensive security analysis of smart home platforms in this 22-minute USENIX Security '19 conference talk. Delve into the complex interactions between IoT devices, mobile apps, and cloud services, uncovering potential vulnerabilities in widely-used smart home systems. Learn about reverse-engineering techniques, including firmware analysis, network traffic interception, and blackbox testing, used to create state transition diagrams for smart home entities. Discover how unexpected state transitions can lead to new vulnerabilities, and understand the implementation of phantom devices to trigger and confirm these security risks. Gain insights into specific attack examples, such as Phantom Device Substitution and Phantom Device Hijacking, and explore their underlying causes. Conclude with mitigation suggestions, including state machine enforcement, to enhance the security of smart home platforms.
Discovering and Understanding the Security Hazards in the Interactions between IoT Devices, Mobile Apps, and Clouds on Smart Home Platforms
Overview
Syllabus
Intro
Interactions involved in Smart Home Platform
Example 1- Phantom Device Substitution Attack
Deep Cause for phantom device attack
Analyzing the Deep Cause
Analyzing the Interaction
Challenge 1: Decrypting the Interaction
State Machines of Three Entities
Identifying Unexpected State Transitions
Flaw 1: Insufficient State Guard
Identified Attacks
Flaw 2 illegal State Combination
Example 2: Phantom Device Hijacking Attack
Mitigation Suggestions
State Machine Enforcement
Conclusion
Taught by
USENIX
