Security of the Internet of Things is a crucial topic, due to the criticality of the networks and the sensitivity of exchanged data. In this paper, we evaluate the adoption of IoT devices to execute cyber-threats by using a specific Wi-Fi module called ESP8266. This module may implement custom user applications, but it could also be adopted for malicious purposes, as to perpetrate cyber-attacks. In particular, we implemented a social engineering attack to steal sensitive information and a slow denial of service attack to saturate the resources of a web service based on an Apache2 server. Obtained results report that the ESP8266 module is able to perform both attacks successfully. Hence, we demonstrate that even a simple and cheap module is able to execute critical cyber-attacks.
Perpetrate cyber-attacks using IoT devices as attack vector: The ESP8266 use case
Vaccari I;Narteni S;Mongelli M;Aiello M;Cambiaso E
2021
Abstract
Security of the Internet of Things is a crucial topic, due to the criticality of the networks and the sensitivity of exchanged data. In this paper, we evaluate the adoption of IoT devices to execute cyber-threats by using a specific Wi-Fi module called ESP8266. This module may implement custom user applications, but it could also be adopted for malicious purposes, as to perpetrate cyber-attacks. In particular, we implemented a social engineering attack to steal sensitive information and a slow denial of service attack to saturate the resources of a web service based on an Apache2 server. Obtained results report that the ESP8266 module is able to perform both attacks successfully. Hence, we demonstrate that even a simple and cheap module is able to execute critical cyber-attacks.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
