Security of the Internet of Things is a crucial topic, due to the criticality of the networks and the sensitivity of exchanged data. In this paper, we evaluate the adoption of IoT devices to execute cyber-threats by using a specific Wi-Fi module called ESP8266. This module allows to implement custom applications by the users but could be adopted to malicious purposes as implements cyber-threats. In particular, we implemented a social engineering attack to steal sensitive information to victims and a slow denial of service attack to saturate a service based on an Apache2 server. Obtained results report that the ESP8266 module is able to perform both attacks successfully. This work demonstrate that, with a simple module, is possible to execute critical cyber-attacks.
Perpetrate cyber-threats using IoT devices as attack vector: the ESP8266 use case
Ivan Vaccari;Sara Narteni;Maurizio Mongelli;Maurizio Aiello;Enrico Cambiaso
2021
Abstract
Security of the Internet of Things is a crucial topic, due to the criticality of the networks and the sensitivity of exchanged data. In this paper, we evaluate the adoption of IoT devices to execute cyber-threats by using a specific Wi-Fi module called ESP8266. This module allows to implement custom applications by the users but could be adopted to malicious purposes as implements cyber-threats. In particular, we implemented a social engineering attack to steal sensitive information to victims and a slow denial of service attack to saturate a service based on an Apache2 server. Obtained results report that the ESP8266 module is able to perform both attacks successfully. This work demonstrate that, with a simple module, is possible to execute critical cyber-attacks.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
