2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) 2019
DOI: 10.1109/dsn.2019.00036
|View full text |Cite
|
Sign up to set email alerts
|

Exploiting Memory Corruption Vulnerabilities in Connman for IoT Devices

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
7
0

Year Published

2020
2020
2024
2024

Publication Types

Select...
3
3

Relationship

0
6

Authors

Journals

citations
Cited by 16 publications
(7 citation statements)
references
References 23 publications
0
7
0
Order By: Relevance
“…9. Root Exploit attack The root exploit software requires the attacker to gain privileges granted by the system administrator to execute a sequence of commands resulting from known vulnerability to harm software and associated devices in the network [46].…”
Section: Software Attacksmentioning
confidence: 99%
See 1 more Smart Citation
“…9. Root Exploit attack The root exploit software requires the attacker to gain privileges granted by the system administrator to execute a sequence of commands resulting from known vulnerability to harm software and associated devices in the network [46].…”
Section: Software Attacksmentioning
confidence: 99%
“…When the malicious software modifies the files the data loss might lead to system failure. The data corruption caused by the malware might be as a part of their process to execute the payload and overwrites the files with garbage codes which is unusable to be considered for other operations [46]. 2.…”
Section: Data Attacksmentioning
confidence: 99%
“…English et al [111] presented a series of PoCs for the DNS proxy module of Connman, a widely used network connection manager in IoT firmware. They used a crafted DNS response packet to crash the proxy module, which could lead to denial-of-service or remote command execution.…”
Section: Memory Protectionmentioning
confidence: 99%
“…Yu et al [25] mention that the firmware identification method to detect the device type and brand of IoT solutions could be based on weak passwords. English et al [26] contribute to this field, indicating that attackers could develop memory buffer attacks to gain access to the entire system using weak default passwords. Hsu et al [27] mention that an attacker could trigger a privilege escalation attack to change the behavior of IoT systems.…”
Section: Introductionmentioning
confidence: 99%
“…This metadata may contain sensitive information, so it is essential not to have information such as a password because it would allow attackers to access resources more quickly. Attackers seek to identify credentials in the metadata using the SSRF vulnerability in the [26], [36], [37] The average password length on IoT devices is short. public frontend.…”
Section: Introductionmentioning
confidence: 99%