Implications of vulnerable internetconnected smart home devices

Hellman, Felix, Hellmann, Pierre

January 2018

Background. With the rise of Internet of Things and Internet connected devices many things become convenient and efficient but these products also carry risks. Even though a lot of people own devices like this not so many think of the consequences if these devices aren't secure. Objectives. Given this our thesis aims to discover the implications of vulnerable devices and also at what rate there are insecure, unpatched devices compared to the patched, secure counterpart. Methods. The approach implemented uses Shodan to find these devices on the internet and also to find version information about each device. After the devices are found the objective is to calculate a CVSS score on the vulnerabilities and the exploit that can abuse the vulnerability, if there exists any. Results. What we found was that 71.85% of a smart home server brand was running an insecure version. As to the consequences of having an insecure device, it can be severe.Conclusions. We found that, for instance, an attacker can without much difficulty shut off alarms in your smart home and then proceed to break into your house. Keywords: Vulnerability; Shodan; Internet of Things (IoT); Patching

Vulnerability

Shodan

Internet of Things

IoT

Patching

Computer Sciences

Datavetenskap (datalogi)

On the investigation of vulnerabilities in smart connected cameras

Jönsson, Désirée

January 2017

Människan har alltid utvecklat produkter för att förenkla sin vardag i hemmet. Ett område som växer snabbt är sakernas Internet där smarta ansluta enheter tillhör. Intentionen med smarta kameror är övervakning där man har möjlighet att bevaka sin intelligenta kamera trådlöst från exempelvis en smartmobil. Utmaningar med de intelligenta anslutna kamerorna är att hur kan man få kunskap om spionage, attacker och skador. Många av dessa smarta kameror har mindre resurser tillgängliga, och har då inte möjlighet att implementera optimala säkerhetsmekanismer. Även om dessa smarta enheter kan berika tillvaron och skapa trygghet med sin övervakning, så möjliggör också den smarta kameran nya sätt för angripare att göra intrång, då enheten är uppkopplade mot Internet.Syftet med den här uppsatsen är att undersöka vilken öppen data som finns tillgänglig på Internet om uppkopplade kameror. Detta genom att skapa ett program för att extrahera publik tillgänglig information om smarta kameror som är synliga för alla som har tillgång till Internet, och då också tillgång till Shodans sökmotor. Den öppna datan påvisar sårbarheter som kan utnyttjas för att göra intrång. Sårbarheterna som fanns hos de uppkopplade kamerorna på grund av tillgängligheten på Shodan var osäker konfigurations hantering och otillräcklig autentisering. Genom att belysa befintliga sårbarheter i smarta kameror som finns idag, kunna bidra till hur man med publik tillgänglig information kan få kunskap om sårbarheter hos smarta produkter. Med bakgrund till att sårbarheter finns och den smarta kameran är uppkopplad mot Internet, kan det vara så att det är fler än ägaren till den smarta kameran som övervakar hemmet. / Humans have always developed products to simplify their everyday lives in the home environment. A fast growing area is the Internet of Things where smart connect devices belong. The intention with smart cameras is surveillance where one can monitor their smart camera wireless from e.g a smartphone. Challenges with the intelligent connected cameras includes, how to get knowledge about espionage, attacks and damages. Many of these smart cameras have a reduced-size, low-power hardware with smaller resources available, and therefore unable to implement optimal security mechanisms. Although these connected cameras can enrich the safety and create security with their surveillance, the smart camera also allows new ways for attackers to intrude due to the devices are connected to the Internet.The purpose of this thesis is to investigate what kind of open data is available on the Internet from, connected cameras. This is done by creating a program to extract publicly available smart camera information that is visible to anyone who has access to the Internet, and thus access to Shodan’s search engine. The open data shows vulnerabilities that can potentially be exploited to intrude on devices. The vulnerabilities found in the connected cameras due to availability of Shodan, were insecure configuration management and insufficient authentication. By highlighting significant vulnerabilities in smart cameras found today, the thesis can contribute to how one with publicly available information can gain knowledge about vulnerabilities in smart devices. Given that vulnerabilities exist and the smart camera is connected to the Internet, it may be more than the owner of the smart camera that monitors the residence.

Smart camera

Internet of Things

Shodan

Smart devices

Engineering and Technology

Teknik och teknologier

Modeling and Recognizing Network Scanning Activities with Finite Mixture Models and Hidden Markov Models / Modélisation et reconnaissance des activités de balayage du réseau à l'aide de modèles à mélange fini et de modèles de Markov cachés

De Santis, Giulia

20 December 2018

Le travail accompli dans cette thèse a consisté à construire des modèles stochastiques de deux scanners de l'Internet qui sont ZMap et Shodan. Les paquets provenant de chacun des deux scanners ont été collectés par le Laboratoire de Haute Sécurité (LHS) hébergé à Inria Nancy Grand Est, et ont été utilisés pour construire par apprentissage des chaînes de Markov cachées (HMMs). La première partie du travail consistait à modéliser l'intensité des deux scanners considérés. Nous avons cherché à savoir si l'intensité de ZMap varie en fonction du service ciblé et si les intensités des deux scanners sont comparables. Les résultats ont montré que la réponse à la première question est positive (c'est-à-dire que l'intensité de ZMap varie en fonction des ports ciblés), alors que la réponse à la deuxième question est négative. En d'autres termes, nous avons obtenu un modèle pour chaque ensemble de logs. La partie suivante du travail consistait à étudier deux autres caractéristiques des mêmes scanners : leurs mouvements spatiotemporels. Nous avons créé des ensembles d'échantillons de logs avec chacune d'elle contient une seule exécution de ZMap et Shodan. Ensuite, nous avons calculé les différences d'adresses IP ciblées consécutivement par le même scanner (c.-à-d. dans chaque échantillon), et les timestamps correspondants. Les premiers ont été utilisés pour modéliser les mouvements spatiaux, tandis que les seconds pour les mouvements temporels. Une fois que les modèles de chaînes de Markov cachées sont construites, ils ont été appliqués pour identifier les scanners d'autres ensembles de logs. Dans les deux cas, nos modèles ne sont pas capables de détecter le service ciblé, mais ils détectent correctement le scanner qui génère de nouveaux logs, avec une précision de 95% en utilisant les mouvements spatiaux et de 98% pour les mouvements temporels / The work accomplished in this PhD consisted in building stochastic models of ZMap and Shodan, respectively, two Internet-wide scanners. More in detail, packets originated by each of the two considered scanners have been collected by the High Security Lab hosted in Inria, and have been used to learn Hidden Markov Models (HMMs). The rst part of the work consisted in modeling intensity of the two considered scanners. We investigated if the intensity of ZMap varies with respect to the targeted service, and if the intensities of the two scanners are comparable. Results showed that the answer to the first question is positive (i.e., intensity of ZMap varied with respect to the targeted ports), whereas the answer to the second question is negative. In other words, we obtained a model for each set of logs. The following part of the work consisted in investigating other two features of the same scanners: their spatial and temporal movements, respectively. More in detail, we created datasets containing logs of one single execution of ZMap and Shodan, respectively. Then, we computed di erences of IP addresses consecutively targeted by the same scanner (i.e., in each sample), and of the corresponding timestamps. The former have been used to model spatial movements, whereas the latter temporal ones. Once the Hidden Markov Models are available, they have been applied to detect scanners from other sets of logs. In both cases, our models are not able to detect the targeted service, but they correctly detect the scanner that originates new logs, with an accuracy of 95% when exploiting spatial movements, and of 98% when using temporal movements

Activités du scanning des réseaux

Modèles de Markov cachés

Scanners des réseaux

Zmap

Shodan

Sécurité de réseaux

Analyse de données

Network Scanning Activities

Zmap

Shodan

Hidden Markov Models

Network Scanners

Network Security

Data Analysis

005.8

Datová sada pro klasifikaci síťových zařízení pomocí strojového učení / Dataset for Classification of Network Devices Using Machine Learning

Eis, Pavel

January 2021

Automatic classification of devices in computer network can be used for detection of anomalies in a network and also it enables application of security policies per device type. The key to creating a device classifier is a quality data set, the public availability of which is low and the creation of a new data set is difficult. The aim of this work is to create a tool, that will enable automated annotation of the data set of network devices and to create a classifier of network devices that uses only basic data from network flows. The result of this work is a modular tool providing automated annotation of network devices using system ADiCT of Cesnet's association, search engines Shodan and Censys, information from PassiveDNS, TOR, WhoIs, geolocation database and information from blacklists. Based on the annotated data set are created several classifiers that classify network devices according to the services they use. The results of the work not only significantly simplify the process of creating new data sets of network devices, but also show a non-invasive approach to the classification of network devices.