Quantifying the reflective DDoS attack capability of household IoT devices

Distributed Denial-of-Service (DDoS) attacks are increasing in frequency and volume on the Internet, and there is evidence that cyber-criminals are turning to Internet-of-Things (IoT) devices such as cameras and vending machines as easy launchpads for large-scale attacks. This paper quantifies the capability of consumer IoT devices to participate in reflective DDoS attacks. We first show that household devices can be exposed to Internet reflection even if they are secured behind home gateways. We then evaluate eight household devices available on the market today, including lightbulbs, webcams, and printers, and experimentally profile their reflective capability, amplification factor, duration, and intensity rate for TCP, SNMP, and SSDP based attacks. Lastly, we demonstrate reflection attacks in a real-world setting involving three IoT-equipped smart-homes, emphasising the imminent need to address this problem before it becomes widespread.

[1]  Niels Provos,et al.  The Ghost in the Browser: Analysis of Web-based Malware , 2007, HotBots.

[2]  Christian Rossow,et al.  Exit from Hell? Reducing the Impact of Amplification DDoS Attacks , 2014, USENIX Security Symposium.

[3]  Deian Stefan,et al.  The Most Dangerous Code in the Browser , 2015, HotOS.

[4]  Roksana Boreli,et al.  Smart-Phones Attacking Smart-Homes , 2016, WISEC.

[5]  Steve Hanna,et al.  A survey of mobile malware in the wild , 2011, SPSM '11.

[6]  Christian Rossow,et al.  Hell of a Handshake: Abusing TCP for Reflective Amplification DDoS Attacks , 2014, WOOT.

[7]  S. M. García,et al.  2014: , 2020, A Party for Lazarus.

[8]  C. Martin 2015 , 2015, Les 25 ans de l’OMC: Une rétrospective en photos.

[9]  Eliot Lear Manufacturer Usage Description Framework , 2016 .

[10]  Florence March,et al.  2016 , 2016, Affair of the Heart.

[11]  Christian Rossow,et al.  Amplification Hell: Revisiting Network Protocols for DDoS Abuse , 2014, NDSS.