iotworm.eyalro.netIoT Goes Nuclear: Creating a ZigBee Chain Reaction | Eyal Ronen

iotworm.eyalro.net Profile

iotworm.eyalro.net

Maindomain:eyalro.net

Title:IoT Goes Nuclear: Creating a ZigBee Chain Reaction | Eyal Ronen

Description:Eyal Ronen, Colin O’Flynn, Adi Shamir and Achi-Or Weingarten Creating an IoT worm Within the next few years, billions of IoT devices will densely populate our cities. In this paper we describe a new type of threat in which adjacent IoT devices will infect each other with a worm that will spread explosively over large areas in a kind of nuclear chain reaction, provided that the density of compatible IoT devices exceeds a certain critical mass.

Discover iotworm.eyalro.net website stats, rating, details and status online.Use our online tools to find owner and admin contact info. Find out where is server located.Read and write reviews or vote to improve it ranking. Check alliedvsaxis duplicates with related css, domain relations, most used words, social networks references. Go to regular site

iotworm.eyalro.net Information

Website / Domain: iotworm.eyalro.net
HomePage size:32.588 KB
Page Load Time:0.247812 Seconds
Website IP Address: 162.255.119.193
Isp Server: Namecheap Inc.

iotworm.eyalro.net Ip Information

Ip Country: United States
City Name: Atlanta
Latitude: 33.727291107178
Longitude: -84.42537689209

iotworm.eyalro.net Keywords accounting

Keyword Count

iotworm.eyalro.net Httpheader

Connection: keep-alive
Content-Length: 8045
Cache-Control: max-age=3600
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Etag: 2fe0a20f29d4fd9b04dc54c7b04b0c28b8220bbe092f8d4f78ec0f0bc4817283
Last-Modified: Wed, 06 May 2020 17:13:43 GMT
Strict-Transport-Security: max-age=31556926
Accept-Ranges: bytes
Date: Wed, 13 May 2020 05:56:11 GMT
X-Served-By: cache-sjc10028-SJC
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1589349372.788008,VS0,VE211
Vary: x-fh-requested-host, accept-encoding

iotworm.eyalro.net Meta Info

charset="utf-8"/
content="width=device-width, initial-scale=1" name="viewport"/
content="IE=edge" http-equiv="X-UA-Compatible"/
content="Source Themes Academic 4.4.0" name="generator"/
content="Eyal Ronen" name="author"/
content="Eyal Ronen, Colin O’Flynn, Adi Shamir and Achi-Or Weingarten Creating an IoT worm Within the next few years, billions of IoT devices will densely populate our cities. In this paper we describe a new type of threat in which adjacent IoT devices will infect each other with a worm that will spread explosively over large areas in a kind of nuclear chain reaction, provided that the density of compatible IoT devices exceeds a certain critical mass." name="description"/
content="#2962ff" name="theme-color"/
content="summary_large_image" property="twitter:card"/
content="@eyalr0" property="twitter:site"/
content="@eyalr0" property="twitter:creator"/
content="Eyal Ronen" property="og:site_name"/
content="http://www.eyalro.net/project/iotworm.html" property="og:url"/
content="IoT Goes Nuclear: Creating a ZigBee Chain Reaction | Eyal Ronen" property="og:title"/
content="Eyal Ronen, Colin O’Flynn, Adi Shamir and Achi-Or Weingarten Creating an IoT worm Within the next few years, billions of IoT devices will densely populate our cities. In this paper we describe a new type of threat in which adjacent IoT devices will infect each other with a worm that will spread explosively over large areas in a kind of nuclear chain reaction, provided that the density of compatible IoT devices exceeds a certain critical mass." property="og:description"/
content="http://www.eyalro.net/project/iotworm/featured.jpg" property="og:image"/
content="http://www.eyalro.net/project/iotworm/featured.jpg" property="twitter:image"/
content="en-us" property="og:locale"/
content="2018-11-21T11:27:11+02:00" property="article:published_time"/
content="2018-11-21T11:27:11+02:00" property="article:modified_time"/

162.255.119.193 Domains

Domain WebSite Title

iotworm.eyalro.net Similar Website

Domain WebSite Title
iotworm.eyalro.netIoT Goes Nuclear: Creating a ZigBee Chain Reaction | Eyal Ronen
advantech.comAdvantech Co-Creating the Future of the IoT World
inbound.r-scc.comNuclear Power Cables Nuclear Reactor Cables Nuclear
digiembedded.comIoT Solutions, Software, Products, Services for the Industrial IoT | Digi International
support.digiembedded.comIoT Solutions, Software, Products, Services for the Industrial IoT | Digi International
xively.comGoogle Cloud IoT - Fully Managed IoT Services
developer.xively.comGoogle Cloud IoT - Fully Managed IoT Services
tonic.physics.sunysb.eduStony Brook Center for Nuclear Theory / Nuclear Theory Group
iot.aptilabs.comIoT Soutions (Platform & Devices) — IoT cloud platform the Internet of Things solutions and applicat
creatingloveonpurpose.comCreating Love On Purpose with Orna and Matthew Walters - Creating Love on Purpose
lms-nrc.goaclc.comNuclear Regulatory Commission
analysis.nuclearenergyinsider.comReuters Events Nuclear
nei.orgNuclear Energy Institute - Home
ssl.ans.orgAmerican Nuclear Society -- ANS
npsi.pnnl.govNuclear Process Science Initiative |

iotworm.eyalro.net Traffic Sources Chart

iotworm.eyalro.net Alexa Rank History Chart

iotworm.eyalro.net aleax

iotworm.eyalro.net Html To Plain Text

Search Eyal Ronen Home Publications Talks Projects Contact IoT Goes Nuclear: Creating a ZigBee Chain Reaction Nov 21, 2018 PDF Slides Video Eyal Ronen , Colin O’Flynn , Adi Shamir and Achi-Or Weingarten Creating an IoT worm Within the next few years, billions of IoT devices will densely populate our cities. In this paper we describe a new type of threat in which adjacent IoT devices will infect each other with a worm that will spread explosively over large areas in a kind of nuclear chain reaction, provided that the density of compatible IoT devices exceeds a certain critical mass. In particular, we developed and verified such an infection using the popular Philips Hue smart lamps as a platform. The worm spreads by jumping directly from one lamp to its neighbors, using only their built-in ZigBee wireless connectivity and their physical proximity. The attack can start by plugging in a single infected bulb anywhere in the city, and then catastrophically spread everywhere within minutes, enabling the attacker to turn all the city lights on or off, permanently brick them, or exploit them in a massive DDOS attack. To demonstrate the risks involved, we use results from percolation theory to estimate the critical mass of installed devices for a typical city such as Paris whose area is about 105 square kilometers: The chain reaction will fizzle if there are fewer than about 15,000 randomly located smart lights in the whole city, but will spread everywhere when the number exceeds this critical mass (which had almost certainly been surpassed already). To make such an attack possible, we had to find a way to remotely yank already installed lamps from their current networks, and to perform over-the-air firmware updates. We overcame the first problem by discovering and exploiting a major bug in the implementation of the Touchlink part of the ZigBee Light Link protocol, which is supposed to stop such attempts with a proximity test. To solve the second problem, we developed a new version of a side channel attack to extract the global AES-CCM key that Philips uses to encrypt and authenticate new firmware. We used only readily available equipment costing a few hundred dollars, and managed to find this key without seeing any actual updates. This demonstrates once again how difficult it is to get security right even for a large company that uses standard cryptographic techniques to protect a major product. Possible Worm applications Bricking attack An attacker can use the worm for a city-wide bricking attack. The malicious firmware can disable additional firmware downloads, and thus any effect caused by the worm (blackout, constant flickering, etc.) will be permanent. There is no other method of reprogramming these devices without full disassemble (which is not feasible). Any old stock would also need to be recalled, as any devices with vulnerable firmware can be infected as soon as power is applied. Wireless network jamming The IEEE 802.15.4 standard which ZigBee runs over uses the 2.4GHz ISM (Industrial, Scientific, Medical) license-free band. This band is widely used by many standards, including IEEE 802.11b/g (n mode supports both 2.4GHz and 5GHz bands). These 802.15.4 SoC devices have a special `test mode’ which transmits a continuous wave signal that is used during the FCC/CE emission certification process. This test signal can be tuned to overlap on any of the 2.4 GHz 802.11 channels (or sweep between them), and can be used as a very effective jammer. Using many infected lamps at once, WiFi communication (or any other 2.4 GHz transmissions) could be disrupted in the whole city. Attacking the electric grid All the city’s smart lamps can be scheduled to simultaneously turn on and off multiple times. The sudden changes in power consumption can have a detrimental effect on the electric grid. Causing epileptic seizures By repeatedly flashing the lights at the right frequency, it is possible to induce epileptic seizures in photosensitive people on a large scale. Philips Hue Malicious software update By extracting the global keys Philips uses to encrypt and authenticate new firmwares, we were able to load a malicious over-the-air firmware update. In this image from the official Hue app, you can see the infected light software version: “IrradiateHue” Takeover attack demonstration To be able to load the malicious update, we must first make the lamps join our own network. We accomplish this by using a novel takeover attack against installed lamps. To test our attack we have built a fully autonomous attack kit. We have tested our attack in two scenarios: War-driving and War-flying against ZigBee networks. ZigBee Light Link War-driving We have tested our attack kit against lights installed in our faculty in the Weizmann Institute of Science. We can cause lights to flicker at range of over 70 meters while driving, as you can see in this video: ZigBee Light Link War-flying For our war-flying we found a more interesting target. An office building in the city of Beer Sheva hosting some well-known security companies and also the Israeli CERT. Several Philips Hue lights were installed in one floor to test our attack. We have mounted our attack kit on a drone and started our attack from a range of 350 meters The video starts with an external footage of the drone taking off at a range of 350 meters. The evaluation board of the attack kit can be seen hanging on a one meter USB cable beneath the drone. After the takeoff we switch to the drone’s high quality camera. Right after liftoff it is already possible to see the light effects starting in the distance. As the drone gets closer to the building, the ZigBee channel gets more reliable, and we are able to affect more lights, and the flickering becomes more regular. When the drone hovers in front of the building, the second phase of our attack can be seen. The lights have been “kidnaped” from their controller and are crying for help, signaling S O S repeatedly in Morse code. Full Disclosure Status We have made full disclosure to Philips Lighting, including all the technical details and suggestions for a fix. They have already confirmed and fixed the takeover vulnerability. OTA updates are available. Eyal Ronen Postdoctoral Researcher Publications Eyal Ronen , Colin O’Flynn , Adi Shamir , Achi-Or Weingarten February 2018 IEEE Security & Privacy IoT Goes Nuclear: Creating a Zigbee Chain Reaction Project Eyal Ronen , Colin O’Flynn , Adi Shamir , Achi-Or Weingarten January 2017 IEEE Symposium on Security and Privacy IoT Goes Nuclear: Creating a ZigBee Chain Reaction PDF Project Slides Video Talks Aug 13, 2018 1:00 PM Stanford, US Iot Goes Nuclear: Creating a Zigbee Chain Reaction Project Apr 29, 2018 1:00 PM Tel Aviv, Israel Iot Goes Nuclear: Creating a Zigbee Chain Reaction Project Slides Mar 13, 2018 1:00 PM Canterbury, UK Iot Goes Nuclear: Creating a Zigbee Chain Reaction Project Mar 7, 2018 1:00 PM Tel Aviv, Israel Iot Goes Nuclear: Creating a Zigbee Chain Reaction Project Dec 6, 2017 1:00 PM IBM Research, Haifa Iot Goes Nuclear: Creating a Zigbee Chain Reaction Project Oct 24, 2017 1:00 PM Warswa, Poland Iot Goes Nuclear: Creating a Zigbee Chain Reaction Project May 22, 2017 1:00 PM San Jose, United States Iot Goes Nuclear: Creating a Zigbee Chain Reaction Project Slides Video Dec 8, 2016 1:00 PM Tel Aviv University Iot Goes Nuclear: Creating a Zigbee Chain Reaction Project Aug 4, 2016 1:00 PM Las Vegas, United States A Lightbulb Worm? (with Colin O`flyin) Project Video © 2019 Eyal Ronen · Powered by the Academic theme for Hugo . Cite × Copy Download...

iotworm.eyalro.net Whois

"domain_name": [ "EYALRO.NET", "eyalro.net" ], "registrar": "NAMECHEAP INC", "whois_server": "whois.namecheap.com", "referral_url": null, "updated_date": [ "2019-09-23 17:06:49", "2019-09-23 17:06:49.760000" ], "creation_date": "2016-10-30 09:46:15", "expiration_date": "2020-10-30 09:46:15", "name_servers": [ "DNS1.REGISTRAR-SERVERS.COM", "DNS2.REGISTRAR-SERVERS.COM", "dns1.registrar-servers.com", "dns2.registrar-servers.com" ], "status": "clientTransferProhibited https://icann.org/epp#clientTransferProhibited", "emails": [ "abuse@namecheap.com", "ea2663c5385c4167b0d55b4169274160.protect@whoisguard.com" ], "dnssec": "unsigned", "name": "WhoisGuard Protected", "org": "WhoisGuard, Inc.", "address": "P.O. Box 0823-03411", "city": "Panama", "state": "Panama", "zipcode": "0", "country": "PA"