Vulnerabilities in IoT Devices with Software-Defined Radio

Hung, Phan Duy; Vinh, Bui Trong

doi:10.1109/ccoms.2019.8821711

Cited by 10 publications

(2 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…running on a machine with Microsoft Windows operating system. A HackRF was also used [50]. This is a software defined radio device that allows to receive, transmit, and manipulate radio signals.…”

Section: Methodsmentioning

confidence: 99%

Assessing Cybersecurity Risks in BLE-based Asset Management Systems

Verde

Paiva

Lopes

2023

2023 30th International Conference on Systems, Signals and Image Processing (IWSSIP)

View full text Add to dashboard Cite

In the current era of digital transformation, Asset Management (AM) systems using Bluetooth Low Energy (BLE) beacons are being applied across various domains, allowing for the detection of individuals or objects within a building. While the impact of a compromised Indoor Positioning System (IPS) may not be significant in certain domains, in others it can pose risks and potentially lead to the loss of human lives or other significant consequences.This work starts with a literature review on vulnerabilities that target BLE beacon devices. With the gathered knowledge from the review, a risk assessment of cyber-attacks targeting AM systems using BLE devices in two specific scenarios is presented: healthcare and industry. The aim is to estimate the attacks that pose the greatest risk in each application area. An experimental setup was also created with a focus on testing a set of vulnerabilities, such as replay attack, device cloning, jamming, battery exhaustion attack and physical hijacking. Lastly, mitigation measures and a list of best practices and guidelines are proposed to help harden these systems.Results show that, risk levels vary depending on the targeted scenario. Replay, battery exhaustion, jamming, fuzzing, blue-smack, and physical hijacking attacks are the ones that pose the greatest risk levels in the considered scenarios. Additionally, the vulnerabilities exploited in the experimental setup manifest a concerning accessibility, that can lead to irreversible damages.

show abstract

Section: Methodsmentioning

confidence: 99%

Assessing Cybersecurity Risks in BLE-based Asset Management Systems

Verde

Paiva

Lopes

2023

2023 30th International Conference on Systems, Signals and Image Processing (IWSSIP)

View full text Add to dashboard Cite

show abstract

“…With the right tools and skillset, enthusiasts can access hacking IoT devices that use RF communication. Hung and Vinh studied vulnerabilities in IoT devices from unknown RF protocols by analyzing the frequency and decoding the RF signal (Hung and Vinh, 2019). After decoding the recorded signal data, they rebroadcasted it to the IoT devices, performing a replay attack.…”

Section: Related Workmentioning

confidence: 99%

Defending Small Satellites from Malicious Cybersecurity Threats

Lin

Henry

Dill

2022

iccws

View full text Add to dashboard Cite

The connection between space and cyberspace domains is increasingly intertwined. Advancements in space technology, decreasing costs for satellite development, and the use of commercial off-the-shelf products present many cybersecurity challenges to space infrastructure. Additionally, space-based global critical infrastructure makes the space domain a prime target for malicious cyber threats. Software-defined radios introduce a potential attack vector for adversaries planning malicious satellite activity. This paper demonstrates how an adversary would send malicious commands via a software-defined radio to affect the integrity of the sensors on the satellite running NASA's core Flight System software. The experiment demonstrates one possible threat vector using a commercially available USRP N210 software-defined radio. The results show that well-constructed messages can be created to manipulate sensors on a target small satellite system. Identifying cybersecurity vulnerabilities like these in space systems can improve security and prevent disruptions for the global space enterprise.

show abstract