Remotely Exploiting AT Command Attacks on ZigBee Networks

Internet of Things networks represent an emerging phenomenon bringing connectivity to common sensors. Due to the limited capabilities and to the sensitive nature of the devices, security assumes a crucial and primary role. In this paper, we report an innovative and extremely dangerous threat targeting IoT networks. The attack is based on Remote AT Commands exploitation, providing a malicious user with the possibility of reconfiguring or disconnecting IoT sensors from the network. We present the proposed attack and evaluate its efficiency by executing tests on a real IoT network. Results demonstrate how the threat can be successfully executed and how it is able to focus on the targeted nodes, without affecting other nodes of the network.

[1]  Rajeev Piyare,et al.  Performance Analysis of XBee ZB Module Based Wireless Sensor Networks , 2013 .

[2]  Yu Cheng,et al.  Ghost-in-the-Wireless: Energy Depletion Attack on ZigBee , 2014, ArXiv.

[3]  Rutvij H. Jhaveri,et al.  DoS Attacks in Mobile Ad Hoc Networks: A Survey , 2012, 2012 Second International Conference on Advanced Computing & Communication Technologies.

[4]  Joshua R. Smith,et al.  Power consumption analysis of Bluetooth Low Energy, ZigBee and ANT sensor nodes in a cyclic sleep scenario , 2013, 2013 IEEE International Wireless Symposium (IWS).

[5]  Pekka Toivanen,et al.  Security Threats in ZigBee-Enabled Systems: Vulnerability Evaluation, Practical Experiments, Countermeasures, and Lessons Learned , 2013, 2013 46th Hawaii International Conference on System Sciences.

[6]  Jisheng Sui,et al.  Study on ZigBee network architecture and routing algorithm , 2010, 2010 2nd International Conference on Signal Processing Systems.

[7]  Li Li,et al.  The applications of WiFi-based Wireless Sensor Network in Internet of Things and Smart Grid , 2011, 2011 6th IEEE Conference on Industrial Electronics and Applications.

[8]  Franco Davoli,et al.  Peer-to-peer middleware for bandwidth allocation in sensor networks , 2005, IEEE Communications Letters.

[9]  Jaesung Lim,et al.  An Approach to Mitigating Sybil Attack in Wireless Networks using ZigBee , 2008, 2008 10th International Conference on Advanced Communication Technology.

[10]  David A. Wagner,et al.  Security considerations for IEEE 802.15.4 networks , 2004, WiSe '04.

[11]  Wojciech Mazurczyk,et al.  Seeing the Unseen: Revealing Mobile Malware Hidden Communications via Energy Consumption and Artificial Intelligence , 2016, IEEE Transactions on Information Forensics and Security.

[12]  Wei Yang,et al.  Security Vulnerabilities and Countermeasures for Time Synchronization in IEEE802.15.4e Networks , 2016, 2016 IEEE 3rd International Conference on Cyber Security and Cloud Computing (CSCloud).

[13]  Perry S. Marshall Industrial Ethernet , 2004 .

[14]  Rozeha A. Rashid,et al.  Experimental studies of the ZigBee frequency agility mechanism in home area networks , 2014, 39th Annual IEEE Conference on Local Computer Networks Workshops.

[15]  Fan Wang,et al.  A middleware of Internet of Things (IoT) based on ZigBee and RFID , 2011 .

[16]  Salavat Marian,et al.  Sybil attack type detection in Wireless Sensor networks based on received signal strength indicator detection scheme , 2015, 2015 IEEE 10th Jubilee International Symposium on Applied Computational Intelligence and Informatics.

[17]  Jianfeng Wang,et al.  Zigbee light link and its applicationss , 2013, IEEE Wireless Communications.

[18]  C. Muthu Ramya,et al.  Study on ZigBee technology , 2011, 2011 3rd International Conference on Electronics Computer Technology.

[19]  Victor C. M. Leung,et al.  Intrusion Detection and Prevention for ZigBee-Based Home Area Networks in Smart Grids , 2018, IEEE Transactions on Smart Grid.

[20]  Keijo Haataja,et al.  Three practical attacks against ZigBee security: Attack scenario definitions, practical experiments, countermeasures, and lessons learned , 2014, 2014 14th International Conference on Hybrid Intelligent Systems.

[21]  Md Azmi Bin Karnain,et al.  A Review on ZigBee Security Enhancement in Smart Home Environment , 2015, 2015 2nd International Conference on Information Science and Security (ICISS).

[22]  Maurizio Aiello,et al.  Measuring the Energy Consumption of Cyber Security , 2017, IEEE Communications Magazine.

[23]  Baojiang Cui,et al.  A Novel Fuzzing Method for Zigbee Based on Finite State Machine , 2014, Int. J. Distributed Sens. Networks.

[24]  Stefano Chessa,et al.  Wireless sensor networks: A survey on the state of the art and the 802.15.4 and ZigBee standards , 2007, Comput. Commun..

[25]  Markku Antikainen,et al.  Denial-of-service attacks in OpenFlow SDN networks , 2015, 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM).

[26]  Maurizio Aiello,et al.  Are mobile botnets a possible threat? The case of SlowBot Net , 2016, Comput. Secur..

[27]  Eduardo Alchieri,et al.  Evaluation of Distributed Denial of Service threat in the Internet of Things , 2016, 2016 IEEE 15th International Symposium on Network Computing and Applications (NCA).

[28]  Jia Jia,et al.  A novel approach for impulsive noise mitigation in ZigBee communication system , 2014, 2014 Global Information Infrastructure and Networking Symposium (GIIS).

[29]  Aleksandr Ometov,et al.  Implementing a Broadcast Storm Attack on a Mission-Critical Wireless Sensor Network , 2016, WWIC.

[30]  Steve Gold,et al.  Cracking wireless networks , 2011, Netw. Secur..

[31]  Gianluca Dini,et al.  Considerations on Security in ZigBee Networks , 2010, 2010 IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing.

[32]  Xiaofeng Xue,et al.  Application and Analysis of ZigBee Security Services Specification , 2010, 2010 Second International Conference on Networks Security, Wireless Communications and Trusted Computing.

[33]  Adi Shamir,et al.  IoT Goes Nuclear: Creating a ZigBee Chain Reaction , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[34]  Youssif B. Al-Nashif,et al.  Anomaly Behavior Analysis System for ZigBee in smart buildings , 2015, 2015 IEEE/ACS 12th International Conference of Computer Systems and Applications (AICCSA).

[35]  Thomas Kunz,et al.  A lightweight defence against the Packet in Packet attack in ZigBee networks , 2012, 2012 IFIP Wireless Days.

[36]  Jiafu Wan,et al.  Security in the Internet of Things: A Review , 2012, 2012 International Conference on Computer Science and Electronics Engineering.

[37]  Giovanni Chiola,et al.  Slow DoS attacks: definition and categorisation , 2013, Int. J. Trust. Manag. Comput. Commun..

[38]  Gabi Dreo Rodosek,et al.  Thwarting attacks on ZigBee - Removal of the KillerBee stinger , 2013, Proceedings of the 9th International Conference on Network and Service Management (CNSM 2013).

[39]  Erdal Cayirci,et al.  Security in Wireless Ad Hoc and Sensor Networks , 2009 .