Internet of Things devices are widely adopted by the general population. People today are more connected than ever before. The widespread use and low-cost driven construction of these devices in a competitive marketplace render Internet-connected devices an easier and attractive target for malicious actors. This paper demonstrates non-invasive physical attacks against IoT devices in two case studies in a tutorial style format. The study focuses on demonstrating the: i)exploitation of debug interfaces, often left open after manufacture; and ii)the exploitation of exposed memory buses. We illustrate a person could commit such attacks with entry-level knowledge, inexpensive equipment, and limited time (in 8 to 25 minutes).
翻译:大众广泛采用 " 事物装置 " 的互联网,人们现在比以往更普遍地使用这种装置,在竞争性市场中,广泛使用和低成本地建造这些装置,使得与互联网连接的装置成为恶意行为者容易和有吸引力的目标,本文件在两个案例研究中以教学风格的形式表明对IoT装置的无侵犯性人身攻击,研究的重点是展示:i)对调试接口的利用,这种接口在制造后往往保持开放;ii)对暴露的记忆巴士的利用。我们用初级知识、廉价设备和有限时间(8至25分钟)来说明一个人可能进行这种攻击。
相关内容
微信扫码咨询专知VIP会员