Exploiting Memory Corruption Vulnerabilities in Connman for IoT Devices

In the recent past, there has been a rapid increase in attacks on consumer Internet-of-Things (IoT) devices. Several attacks currently focus on easy targets for exploitation, such as weak configurations (weak default passwords). However, with governments, industries, and organizations proposing new laws and regulations to reduce and prevent such easy targets in the IoT space, attackers will move to more subtle exploits in these devices. Memory corruption vulnerabilities are a significant class of vulnerabilities in software security through which attackers can gain control of the entire system. Numerous memory corruption vulnerabilities have been found in IoT firmware already deployed in the consumer market. This paper presents an approach for exploiting stack-based buffer-overflow attacks in IoT firmware, to hijack the device remotely. To show the feasibility of this approach, we demonstrate exploiting a common network software application, Connman, used widely in IoT firmware such as Samsung smart TVs. A series of experiments are reported on, including: crashing and executing arbitrary code in the targeted software application in a controlled environment, adopting the attacks in uncontrolled environments (with standard software defenses such as W⊕X and ASLR enabled), and installing publicly available IoT firmware that uses this software application on a Raspberry Pi. The presented exploits demonstrate the ease in which an adversary can control IoT devices.

• Publication year

  2019

• Venue

  Dependable Systems and Networks

• Publication date

  2019-06-01

• Fields of study

  Computer Science, Engineering

• Identifiers
  DOI 10.1109/DSN.2019.00036
• External record

  Open on Semantic Scholar

• Source metadata

  Semantic Scholar

• No claims are published for this paper.

• No concepts are published for this paper.

• Soteria: Automated IoT Safety and Security Analysis

  2018cited by this paper
• NETRA: Enhancing IoT Security Using NFV-Based Edge Traffic Analysis

  2018cited by this paper
• Analyzing & designing the security of shared resources on smartphone operating systems

  2018cited by this paper
• A Review on Security Challenges and Features in Wireless Sensor Networks: IoT Perspective

  2018cited by this paper
• Alexa, Are You Listening?

  2018cited by this paper
• A Security Analysis Method for Industrial Internet of Things

  2018cited by this paper
• SIOTOME: An Edge-ISP Collaborative Architecture for IoT Security

  2018cited by this paper
• Anatomy of Memory Corruption Attacks and Mitigations in Embedded Systems

  2018cited by this paper
• To Detect Stack Buffer Overflow with Polymorphic Canaries

  2018cited by this paper
• Security analysis of an IoT system used for indoor localization in healthcare facilities

  2018cited by this paper
• Application of learning algorithms in smart home IoT system security

  2018cited by this paper
• The Continuing Arms Race: Code-Reuse Attacks and Defenses

  2018cited by this paper
• A security evaluation of popular Internet of Things protocols for manufacturers

  2018cited by this paper
• Dramatically Reducing Software Vulnerabilities | NIST

  2017cited by this paper
• SIoT: Securing Internet of Things through distributed systems analysis

  2017cited by this paper
• Botnets and Internet of Things Security

  2017cited by this paper
• IoT security: Review, blockchain solutions, and open challenges

  2017cited by this paper
• Understanding the Mirai Botnet

  2017cited by this paper
• What the Stack? On Memory Exploitation and Protection in Resource Constrained Automotive Systems

  2017cited by this paper
• CFI CaRE: Hardware-supported Call and Return Enforcement for Commercial Microcontrollers

  2017cited by this paper
• Intel SGX Explained

  2016cited by this paper
• AoT: Authentication and Access Control for the Entire IoT Device Life-Cycle

  2016cited by this paper
• A Survey of Various Methods for Analyzing the Amazon Echo

  2016cited by this paper
• Security, privacy and trust in Internet of Things: The road ahead

  2015cited by this paper
• SHIELD: a data verification framework for participatory sensing systems

  2015cited by this paper
• Federated End-to-End Authentication for the Constrained Internet of Things Using IBC and ECC

  2015cited by this paper
• SoK: Automated Software Diversity

  2014influential reference
• Kinesis: a security incident response and prevention system for wireless sensor networks

  2014cited by this paper
• AddressSanitizer: A Fast Address Sanity Checker

  2012cited by this paper
• Compiler-Generated Software Diversity

  2011cited by this paper
• The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86)

  2007cited by this paper
• Comparing Elliptic Curve Cryptography and RSA on 8-bit CPUs

  2004cited by this paper
• A public-key infrastructure for key distribution in TinyOS based on elliptic curve cryptography

  2004cited by this paper
• TinyPK: securing sensor networks with public key technology

  2004cited by this paper
• Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits

  2003cited by this paper
• LEAP: efficient security mechanisms for large-scale distributed sensor networks

  2003cited by this paper
• Smashing The Stack For Fun And Profit

  1996cited by this paper

• A Protocol Fuzzing Framework to Detect Remotely Exploitable Vulnerabilities in IoT Nodes

  2025cites this paper
• Adaptive Code Relocation: Mitigating Remote Brute-Force Code Gadgets in Small IoT Devices

  2025cites this paper
• Proteus: An Automatical High-Efficiency Framework for Generating Compact and Printable Shellcode on ARMv8

  2025cites this paper
• SoK: The Design Paradigm of Safe and Secure Defaults

  2024cites this paper
• DAEDALUS: Defense Against Firmware ROP Exploits Using Stochastic Software Diversity

  2024influential citation
• WARDuino: An embedded WebAssembly virtual machine

  2024cites this paper
• Creating a Large-scale Memory Error IoT Botnet Using NS3DockerEmulator

  2023influential citation
• Interactive Program Visualization to Teach Stack Smashing

  2023cites this paper
• Detecting return-oriented programming on firmware-only embedded devices using hardware performance counters

  2022cites this paper
• Cyber-physical security for IoT networks: a comprehensive review on traditional, blockchain and artificial intelligence based key-security

  2022cites this paper
• A comparative analysis of Buffer Overflow vulnerabilities in High-End IoT devices

  2022cites this paper
• IoT: Communication Protocols and Security Threats

  2021cites this paper
• IoT Fuzzing using AGAPIA and the River Framework

  2021cites this paper
• A Survey on Recent Advanced Research of CPS Security

  2021cites this paper
• On Runtime Software Security of TrustZone-M Based IoT Devices

  2020cites this paper
• A Comprehensive Study of the IoT Cybersecurity in Smart Cities

  2020cites this paper
• Internet de las Cosas: una revisión sobre los retos de seguridad y sus contramedidas

  2020cites this paper