A Machine Learning-Based Exploration of Relationship Between Security Vulnerabilities of IoT Devices and Manufacturers

A Machine Learning-Based Exploration of Relationship Between Security Vulnerabilities of IoT Devices and Manufacturers

Ritu Chauhan, Gatha Varma
Copyright: © 2020 |Pages: 12
DOI: 10.4018/IJDA.2020070101
(Individual Articles)
No Current Special Offers


The internet of things has brought in innovations in the daily lives of users. The enthusiasm and openness of consumers have fuelled the manufacturers to dish out new devices with more features and better aesthetics. In an attempt to keep up with the competition, the manufacturers are not paying enough attention to cyber security of these smart devices. The gravity of security vulnerabilities is further aggravated due to their connected nature. As a result, a compromised device would not only stop providing the intended service but could also act as a host for malware introduced by an attacker. This study has focused on 10 manufacturers, namely Fitbit, D-Link, Edimax, Ednet, Homematic, Smarter, Osram, Belkin Wemo, Philips Hue, and Withings. The authors studied the security issues which have been raised in the past and the communication protocols used by devices made by these brands. It was found that while security vulnerabilities could be introduced due to lack of attention to details while designing an IoT device, they could also get introduced by the protocol stack and inadequate system configuration. Researchers have iterated that protocols like TCP, UDP, and mDNS have inherent security shortcomings and manufacturers need to be mindful of the fact. Furthermore, if protocols like EAPOL or Zigbee have been used, then the device developers need to be aware of safeguarding the keys and other authentication mechanisms. The authors also analysed the packets captured during setup of 23 devices by the above-mentioned manufacturers. The analysis gave insight into the underlying protocol stack preferred by the manufacturers. In addition, they also used count vectorizer to tokenize the protocols used during device setup and use them to model a multinomial classifier to identify the manufacturers. The intent of this experiment was to determine if a manufacturer could be identified based on the tokenized protocols. The modelled classifier could then be used to drive an algorithm to checklist against possible security vulnerabilities, which are characteristic of the protocols and the manufacturer history. Such an automated system will be instrumental in regular diagnostics of a smart system. The authors then wrapped up this report by suggesting some measures a user can take to protect their local networks and connected devices.
Article Preview


Alex is a 28-year-old professional. His friends know about his love for gadgets and find it easy to buy gifts for him. Recently his friend gifted him a popular smart plug and Alex could not be more thrilled. He quickly went through the instruction manual and installed the device in his living room. The smart plug helped him know when he did not need to use certain lights, turn on the living room heater when he would be ten minutes away from home, and simply show his other friends how the ambience of the room was under his control. He is also aware of the safety practices like securing his home network and using strong passwords. Also, since the smart plug had not required any of his personal information, it seems like the perfect smart appliance which could not pose any cyber threat. Then a few months later he read a news article on how some researchers had managed to turn a smart plug, manufactured by the same brand, into a portal to the home network. They had also managed to introduce a non-malicious software worm, thus revealing security vulnerabilities of the smart device.

While thousands of tech-savvy consumers like Alex are enthusiastically accepting smart appliances, they are unfortunately unaware that the price of remotely heating water could be the loss of their cyber security. A number of researchers and hackers have been able to exploit simplest of security flaws to turn seemingly innocuous smart appliances into hosts for malware (Rawlinson), (Kolias, Kambourakis, Stavrou, & Voas, 2017). These flaws arise from the underlying software and the protocol stack over which the devices are running. While a protocol stack governs how the device would carry out communication with other network entities such as the network hub, other directly connected devices and the parent server connected over the internet. The software is the working set of instructions programmed in to the device hardware. Together the software and protocol stack enable a device to carry out its intended operations. While being coded with sophisticated software and firmware, these smart appliances are usually low-powered and have a low memory capacity. This limitation also makes them vulnerable to denial of service attacks, which could be caused by something as simple as a buffer overflow (Fu & Shi, 2012).

Another reason why smart appliance is becoming an open field for hackers is because the manufacturers are more focussed on delivering new products at a faster pace. While the new products boast of better efficiency and more features, the manufacturers may end up paying less attention to the security aspect of the products. Also, with regular firmware updates, it is possible that some new code addition could introduce a bug which was not present before. It should also be noted that while the major onus is on the manufacturers, it is also important to enhance security of communication protocols being used by the devices. The communication protocols are used either in their publicly published form, or modified by the manufacturers to suit their requirements. Therefore, it is necessary to exhaustively test the devices to check for any shortcoming which could get exploited by someone sniffing and analysing the device transmissions (Bandekar & Javaid, 2017).

In this paper, we have discussed some security compromises which hit the headlines and how the manufacturers handled them. The common trend followed by the manufacturers is to develop a remedial patch and share it with the existing users through a firmware update. While this strategy lets the manufacturers off the hook, the mechanism of firmware updates is not reliable. Since a number of devices are not configured for automatic updates, they tend to miss out on the security patches and make them sitting ducks for hackers. Also, there are a number of conditionals for a successful firmware update, such as power supply requirement during the update, or a continuous internet connectivity. Thereby making the user responsible for securing their devices and the home network.

We have also analysed the transmissions of 23 devices during their initiation to the network (Kaggle n.d.). The dataset is publicly available on kaggle.com. The dataset consists of packet capture (pcap) files which were recorded with the devices turned off and on 20 times. The devices used for the study were manufactured by major brands like D-Link, Fitbit, Philips Hue, EdiMax, Smarter and so on. We analysed the pcap files for the communication protocols used by the devices, their distribution over the start-up traffic and what vulnerabilities plague the specific protocols.

Complete Article List

Search this Journal:
Volume 4: 1 Issue (2023)
Volume 3: 2 Issues (2022): 1 Released, 1 Forthcoming
Volume 2: 2 Issues (2021)
Volume 1: 2 Issues (2020)
View Complete Journal Contents Listing