Litcius/Paper detail

Who's In Control? On Security Risks of Disjointed IoT Device Management Channels

Yan Jia, Bin Yuan, Luyi Xing, Dongfang Zhao, Yifan Zhang, XiaoFeng Wang, Yijing Liu, Kaimin Zheng, Peyton Crnjak, Yuqing Zhang, Deqing Zou, Hai Jin

202123 citationsDOI

Abstract

An IoT device today can be managed through different channels, e.g., by its device manufacturer's app, or third-party channels such as Apple's Home app, or a smart speaker. Supporting each channel is a management framework integrated in the device and provided by different parties. For example, a device that integrates Apple HomeKit framework can be managed by Apple Home app. We call the management framework of this kind, including all its device- and cloud-side components, a device management channel (DMC). 4 third-party DMCs are widely integrated in today's IoT devices along with the device manufacturer's own DMC: HomeKit, Zigbee/Z-Wave compatible DMC, and smart-speaker Seamless DMC. Each of these DMCs is a standalone system that has full mandate on the device; however, if their security policies and control are not aligned, consequences can be serious, allowing a malicious user to utilize one DMC to bypass the security control imposed by the device owner on another DMC. We call such a problem Chaotic Device Management (Codema).

Topics & Concepts

Computer scienceComputer securityChannel (broadcasting)Cloud computingControl (management)Computer networkMandateSmart deviceSide channel attackAccess controlEmbedded systemCryptographyOperating systemPolitical scienceArtificial intelligenceLawAdvanced Malware Detection TechniquesSecurity and Verification in ComputingInformation and Cyber Security