IEEE Consumer Electronics Magazine - March/April 2020 - 18

Privacy and Security by Design

Figure 1. Eight common security attacks on the physical IoT
layer with their relevant case studies.

urity vulnerabilities. Another study classifies the
physical/perception layer of the IoT architecture
that sits at the highest security risk zone, due to
the devices being deployed in hostile and open
environments.2
There is, therefore, a need to educate users
about the potential risks of everyday consumer
IoT devices, for example by mapping them to the
known security risks in the IoT physical layer.
This is the focus of this article, where the findings
can help consumer IoT device manufacturers in
strengthening their security design for future
products. In the next section, we will describe
eight common attacks targeting IoT devices at the
physical layer with the help of one case study for
each attack (also see Figure 1), as well as suggesting potential mitigation strategies.

POTENTIAL ATTACKS ON THE
PHYSICAL IOT LAYER WITH THEIR
RELEVANT CASE STUDIES
Device Software Failure
In this type of attack, any inherent vulnerability in the firmware/software of the device can
potentially be exploited to carry out a range of
attacks, such as the following case study involving an electric vehicle (EV) charger from ChargePoint, Inc.
Attack and Consequences: The researchers3
demonstrated how the EV charger's password
authentication phase can be bypassed by

18

changing the "Branch if equal" (BEQ) assembly
instruction to "Branch if not equal" (BNE)
instruction in the debug mode. This enables the
attackers to input incorrect passwords and still
log in to the device's system code. A permanent
user account with root access can be now created in the device. Exploiting a buffer overflow
in the communication between its Android application (app) and the Bluetooth executable process btclassic, a denial of service could then be
carried out. Furthermore, it was also shown that
the attacker can modify/create any file in the file
system or execute any operating system (OS)
reserved command on the device's kernel.
To attract customers, IoT device manufacturers frequently add new features to their products (EV home charger in this case), without
thoroughly testing them. Exploiting the inherent
security problems, the attackers may gain full
control of the device. For example, in the above
case study the maximum current used while
charging the EV charger can be adjusted to disable the users home electrical systems or even
cause physical damage. Device charging can
also be disrupted at any time, thus limiting the
mobility of the EV owner.
Vulnerabilities and Countermeasures: The
btclassic process in ChargePoint's firmware copies the password onto the stack buffer without
verifying its length, causing a buffer flow. The
strncpyðÞ function can be used in place of
strcpyðÞ for string length verification while parsing the password to connect to WiFi in btclassic.
The uploadsm process passes the "filename"
parameter for opening the file without validation. While passing parameters to the system
call, command line delimiters are not verified
properly, leading to an OS command being executed on the device. To ensure that an attacker
does not take advantage of the above two vulnerabilities, privilege level and other parameter validation checks should be employed. Other major
security vulnerabilities found in the remote-controlled charging feature of the device and their
corresponding mitigation strategies are outlined
in Table 1.
Integer/buffer overflow vulnerabilities can
potentially be exploited to facilitate such an attack
targeting the IoT devices. Therefore, one could
explore using static verification techniques (e.g.,

IEEE Consumer Electronics Magazine



IEEE Consumer Electronics Magazine - March/April 2020

Table of Contents for the Digital Edition of IEEE Consumer Electronics Magazine - March/April 2020

Contents
IEEE Consumer Electronics Magazine - March/April 2020 - Cover1
IEEE Consumer Electronics Magazine - March/April 2020 - Cover2
IEEE Consumer Electronics Magazine - March/April 2020 - Contents
IEEE Consumer Electronics Magazine - March/April 2020 - 2
IEEE Consumer Electronics Magazine - March/April 2020 - 3
IEEE Consumer Electronics Magazine - March/April 2020 - 4
IEEE Consumer Electronics Magazine - March/April 2020 - 5
IEEE Consumer Electronics Magazine - March/April 2020 - 6
IEEE Consumer Electronics Magazine - March/April 2020 - 7
IEEE Consumer Electronics Magazine - March/April 2020 - 8
IEEE Consumer Electronics Magazine - March/April 2020 - 9
IEEE Consumer Electronics Magazine - March/April 2020 - 10
IEEE Consumer Electronics Magazine - March/April 2020 - 11
IEEE Consumer Electronics Magazine - March/April 2020 - 12
IEEE Consumer Electronics Magazine - March/April 2020 - 13
IEEE Consumer Electronics Magazine - March/April 2020 - 14
IEEE Consumer Electronics Magazine - March/April 2020 - 15
IEEE Consumer Electronics Magazine - March/April 2020 - 16
IEEE Consumer Electronics Magazine - March/April 2020 - 17
IEEE Consumer Electronics Magazine - March/April 2020 - 18
IEEE Consumer Electronics Magazine - March/April 2020 - 19
IEEE Consumer Electronics Magazine - March/April 2020 - 20
IEEE Consumer Electronics Magazine - March/April 2020 - 21
IEEE Consumer Electronics Magazine - March/April 2020 - 22
IEEE Consumer Electronics Magazine - March/April 2020 - 23
IEEE Consumer Electronics Magazine - March/April 2020 - 24
IEEE Consumer Electronics Magazine - March/April 2020 - 25
IEEE Consumer Electronics Magazine - March/April 2020 - 26
IEEE Consumer Electronics Magazine - March/April 2020 - 27
IEEE Consumer Electronics Magazine - March/April 2020 - 28
IEEE Consumer Electronics Magazine - March/April 2020 - 29
IEEE Consumer Electronics Magazine - March/April 2020 - 30
IEEE Consumer Electronics Magazine - March/April 2020 - 31
IEEE Consumer Electronics Magazine - March/April 2020 - 32
IEEE Consumer Electronics Magazine - March/April 2020 - 33
IEEE Consumer Electronics Magazine - March/April 2020 - 34
IEEE Consumer Electronics Magazine - March/April 2020 - 35
IEEE Consumer Electronics Magazine - March/April 2020 - 36
IEEE Consumer Electronics Magazine - March/April 2020 - 37
IEEE Consumer Electronics Magazine - March/April 2020 - 38
IEEE Consumer Electronics Magazine - March/April 2020 - 39
IEEE Consumer Electronics Magazine - March/April 2020 - 40
IEEE Consumer Electronics Magazine - March/April 2020 - 41
IEEE Consumer Electronics Magazine - March/April 2020 - 42
IEEE Consumer Electronics Magazine - March/April 2020 - 43
IEEE Consumer Electronics Magazine - March/April 2020 - 44
IEEE Consumer Electronics Magazine - March/April 2020 - 45
IEEE Consumer Electronics Magazine - March/April 2020 - 46
IEEE Consumer Electronics Magazine - March/April 2020 - 47
IEEE Consumer Electronics Magazine - March/April 2020 - 48
IEEE Consumer Electronics Magazine - March/April 2020 - 49
IEEE Consumer Electronics Magazine - March/April 2020 - 50
IEEE Consumer Electronics Magazine - March/April 2020 - 51
IEEE Consumer Electronics Magazine - March/April 2020 - 52
IEEE Consumer Electronics Magazine - March/April 2020 - 53
IEEE Consumer Electronics Magazine - March/April 2020 - 54
IEEE Consumer Electronics Magazine - March/April 2020 - 55
IEEE Consumer Electronics Magazine - March/April 2020 - 56
IEEE Consumer Electronics Magazine - March/April 2020 - 57
IEEE Consumer Electronics Magazine - March/April 2020 - 58
IEEE Consumer Electronics Magazine - March/April 2020 - 59
IEEE Consumer Electronics Magazine - March/April 2020 - 60
IEEE Consumer Electronics Magazine - March/April 2020 - 61
IEEE Consumer Electronics Magazine - March/April 2020 - 62
IEEE Consumer Electronics Magazine - March/April 2020 - 63
IEEE Consumer Electronics Magazine - March/April 2020 - 64
IEEE Consumer Electronics Magazine - March/April 2020 - 65
IEEE Consumer Electronics Magazine - March/April 2020 - 66
IEEE Consumer Electronics Magazine - March/April 2020 - 67
IEEE Consumer Electronics Magazine - March/April 2020 - 68
IEEE Consumer Electronics Magazine - March/April 2020 - 69
IEEE Consumer Electronics Magazine - March/April 2020 - 70
IEEE Consumer Electronics Magazine - March/April 2020 - 71
IEEE Consumer Electronics Magazine - March/April 2020 - 72
IEEE Consumer Electronics Magazine - March/April 2020 - 73
IEEE Consumer Electronics Magazine - March/April 2020 - 74
IEEE Consumer Electronics Magazine - March/April 2020 - 75
IEEE Consumer Electronics Magazine - March/April 2020 - 76
IEEE Consumer Electronics Magazine - March/April 2020 - 77
IEEE Consumer Electronics Magazine - March/April 2020 - 78
IEEE Consumer Electronics Magazine - March/April 2020 - 79
IEEE Consumer Electronics Magazine - March/April 2020 - 80
IEEE Consumer Electronics Magazine - March/April 2020 - 81
IEEE Consumer Electronics Magazine - March/April 2020 - 82
IEEE Consumer Electronics Magazine - March/April 2020 - 83
IEEE Consumer Electronics Magazine - March/April 2020 - 84
IEEE Consumer Electronics Magazine - March/April 2020 - 85
IEEE Consumer Electronics Magazine - March/April 2020 - 86
IEEE Consumer Electronics Magazine - March/April 2020 - 87
IEEE Consumer Electronics Magazine - March/April 2020 - 88
IEEE Consumer Electronics Magazine - March/April 2020 - 89
IEEE Consumer Electronics Magazine - March/April 2020 - 90
IEEE Consumer Electronics Magazine - March/April 2020 - 91
IEEE Consumer Electronics Magazine - March/April 2020 - 92
IEEE Consumer Electronics Magazine - March/April 2020 - 93
IEEE Consumer Electronics Magazine - March/April 2020 - 94
IEEE Consumer Electronics Magazine - March/April 2020 - 95
IEEE Consumer Electronics Magazine - March/April 2020 - 96
IEEE Consumer Electronics Magazine - March/April 2020 - 97
IEEE Consumer Electronics Magazine - March/April 2020 - 98
IEEE Consumer Electronics Magazine - March/April 2020 - 99
IEEE Consumer Electronics Magazine - March/April 2020 - 100
IEEE Consumer Electronics Magazine - March/April 2020 - 101
IEEE Consumer Electronics Magazine - March/April 2020 - 102
IEEE Consumer Electronics Magazine - March/April 2020 - 103
IEEE Consumer Electronics Magazine - March/April 2020 - 104
IEEE Consumer Electronics Magazine - March/April 2020 - 105
IEEE Consumer Electronics Magazine - March/April 2020 - 106
IEEE Consumer Electronics Magazine - March/April 2020 - 107
IEEE Consumer Electronics Magazine - March/April 2020 - 108
IEEE Consumer Electronics Magazine - March/April 2020 - 109
IEEE Consumer Electronics Magazine - March/April 2020 - 110
IEEE Consumer Electronics Magazine - March/April 2020 - 111
IEEE Consumer Electronics Magazine - March/April 2020 - 112
IEEE Consumer Electronics Magazine - March/April 2020 - 113
IEEE Consumer Electronics Magazine - March/April 2020 - 114
IEEE Consumer Electronics Magazine - March/April 2020 - 115
IEEE Consumer Electronics Magazine - March/April 2020 - 116
IEEE Consumer Electronics Magazine - March/April 2020 - Cover3
IEEE Consumer Electronics Magazine - March/April 2020 - Cover4
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20240102
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20231112
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20230910
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20230708
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20230506
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20230304
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20230102
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20221112
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20220910
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20220708
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20220506
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20220304
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20220102
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20211112
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20210910
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20210708
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20210506
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20210304
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_202010
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_202009
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_202007
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_202004
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_202003
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_202001
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201910
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201909
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201907
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201905
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201903
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201901
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201811
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201809
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201807
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201805
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201803
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_july2017
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_april2017
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_january2017
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_october2016
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_july2016
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_april2016
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_january2016
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_october2015
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_july2015
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_april2015
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_january2015
https://www.nxtbookmedia.com