Attackers can intercept or change the behavior of IoT devices in anyways.Some methods require physical access to the device, making an attack moredifficult to conduct. Other attacks can be carried out over the internet from aremote location. The following below lists the different attack scenarios basedon the access level that attacker may have. An attacker can gain the highest level of access to the smart home devicesif they get physical access to it. Although this might seem like an improbableattack vector, it is still a plausible threat.
Your friends could gain accessto your IoT device to play a prank while visiting you. Friend could attempt toreconfigure some of the devices while they still have access to the home. Forsome devices, such as security camera an attacker could simply cut the cablesto turn them off. Smart home devices could also be compromised through supplychain hacks. In this scenario, attackers compromise a supplier company’snetwork their software updates, allowing the threat to spread to any devicethat avails of the poisoned update. This is not a new scenario; we have seenattack groups conduct supply-chain attacks to spread their malware totraditional computers many times before, such as during some of the Hidden Lynxattackers’ campaigns.
Unfortunately, there is currently no easy way to verify thatan IoT device has not been tampered with. Having physical access to the device allows the attacker to alterconfiguration settings. These could include issuing a new device pairingrequest, resetting the device to factory settings and configuring a newpassword, or installing custom SSL certificates and redirecting traffic to aserver controlled by the attacker.
Physical access may also allow a skilledattacker to read the device’s internal memory and its firmware. Reading the internal memory and reversing the firmware allows an attackerto better understand how a device works, allowing them to find vulnerabilities,cryptographic key materials, backdoors, or design flaws that could be used toperform further attacks. If the attacker gains a full understanding of thefirmware, they could use this knowledge to create their own malicious versionof the firmware and upload it to the device. This could give the attacker fullcontrol over the device. Most new devices offer ways for users to update thefirmware throughout the lifecycle of the device. These updates could arrivethrough a USB connection, an SD card, or over the network.
The majority oftested devices did not use encrypted nor digitally signed their firmwareupdates, making it easy for an attacker to generate a valid, malicious firmwareupdate that could be installed. Local attacks over Wi-Fi/Ethernet An attackerwith access to the local home network, either wirelessly or through an Ethernetconnection, is able to perform various attacks against smart home devices.There are generally two common modes of for smart home devices: cloud pollingand direct connection.
Depending on the function, the device may use either ofthese methods to receive commands.