Journal ArticleDOI
Data Exfiltration From Internet of Things Devices: iOS Devices as Case Studies
TLDR
The potential for pairing mode in iOS devices (which allows the establishment of a trusted relationship between an iOS device and a personal computer) to be exploited for covert data exfiltration is highlighted.Abstract:
Increasingly, big data (including sensitive and commercial-in-confidence data) is being accessible and stored on a range of Internet of Things (IoT) devices, such as our mobile devices. Therefore, any vulnerability in IoT devices, operating system or software can be exploited by cybercriminals seeking to exfiltrate our data. In this paper, we use iOS devices as case studies and highlight the potential for pairing mode in iOS devices (which allows the establishment of a trusted relationship between an iOS device and a personal computer) to be exploited for covert data exfiltration. In our three case studies, we demonstrate how an attacker could exfiltrate data from a paired iOS device by abusing a library and a command line tool distributed with iTunes. With the aim of avoiding similar attacks in the future, we present two recommendations.read more
Citations
More filters
Journal ArticleDOI
Smart Contract-Based Access Control for the Internet of Things
TL;DR: A smart contract-based framework, which consists of multiple access control contracts, one judge contract (JC), and one register contract (RC), to achieve distributed and trustworthy access control for IoT systems is proposed.
Journal ArticleDOI
Internet of Things security and forensics: Challenges and opportunities
TL;DR: This paper first introduces existing major security and forensics challenges within IoT domain and then briefly discusses about papers published in this special issue targeting identified challenges.
Journal ArticleDOI
A Two-Layer Dimension Reduction and Two-Tier Classification Model for Anomaly-Based Intrusion Detection in IoT Backbone Networks
TL;DR: A novel model for intrusion detection based on two-layer dimension reduction and two-tier classification module, designed to detect malicious activities such as User to Root (U2R) and Remote to Local (R2L) attacks is presented.
Journal ArticleDOI
Robust Malware Detection for Internet of (Battlefield) Things Devices Using Deep Eigenspace Learning
TL;DR: This paper transmute OpCodes into a vector space and applies a deep Eigenspace learning approach to classify malicious and benign applications and presents a deep learning based method to detect Internet of Battlefield Things malware via the device’s Operational Code (OpCode) sequence.
Journal ArticleDOI
Detecting crypto-ransomware in IoT networks based on energy consumption footprint
TL;DR: This paper presents a machine learning based approach to detect ransomware attacks by monitoring power consumption of Android devices and demonstrates that the proposed approach outperforms K-Nearest Neighbors, Neural Networks, Support Vector Machine and Random Forest in terms of accuracy rate, recall rate, precision rate and F-measure.
References
More filters
Proceedings ArticleDOI
RiskRanker: scalable and accurate zero-day android malware detection
TL;DR: An automated system called RiskRanker is developed to scalably analyze whether a particular app exhibits dangerous behavior and is used to produce a prioritized list of reduced apps that merit further investigation, demonstrating the efficacy and scalability of riskRanker to police Android markets of all stripes.
Proceedings Article
The ghost in the browser analysis of web-based malware
TL;DR: This work identifies the four prevalent mechanisms used to inject malicious content on popular web sites: web server security, user contributed content, advertising and third-party widgets, and presents examples of abuse found on the Internet.
Journal ArticleDOI
The visual microphone: passive recovery of sound from video
TL;DR: This paper explores how to leverage the rolling shutter in regular consumer cameras to recover audio from standard frame-rate videos, and uses the spatial resolution of the method to visualize how sound-related vibrations vary over an object's surface, which it can use to recover the vibration modes of an object.
Proceedings Article
Detecting malware domains at the upper DNS hierarchy
TL;DR: Kopis passively monitors DNS traffic at the upper levels of the DNS hierarchy, and is able to accurately detect malware domains by analyzing global DNS query resolution patterns.
Journal ArticleDOI
Robust iso-surface tracking for interactive character skinning
TL;DR: A novel approach to interactive character skinning is presented, which is robust to extreme character movements, handles skin contacts and produces the effect of skin elasticity (sliding), and includes new composition operators enabling blending effects and local self-contact between implicit surfaces.