Abstract
The Internet of Things (IoT) is an emerging phenomenon where different kinds of devices that were previously not networked are being connected to networks. Examples include network connected thermostats, light bulbs, and door locks.
These newly networked devices present additional attack surfaces, and due to the ad hoc nature of their implementations, many do not follow current security best practices. We assessed the security of several currently available IoT devices targeted at consumers.
We considered all user-facing interfaces and all networking components to be in scope of our investigation, and evaluated the devices for common security vulnerabilities. All of the devices we investigated had numerous exploitable security flaws.
We discuss in detail the vulnerabilities and the processes used to discover them.
Prepared by
Brian Belleville (bbellevi@uci.edu)
Patrick Biernat (biernp@rpi.edu)
Adam Cotenoff (acotenoff@isecpartners.com)
Kevin Hock (kevin.hock@stonybrook.edu)
Tanner Prynn (tannerprynn+iot@gmail.com)
Sivaranjani Sankaralingam (sivarans@andrew.cmu.edu)
Terry Sun (terrynsun@gmail.com)
Daniel Mayer (daniel@matasano.com, Manager)