iotworm.eyalro.netIoT Goes Nuclear: Creating a ZigBee Chain Reaction | Eyal Ronen

iotworm.eyalro.net Profile

Iotworm.eyalro.net is a subdomain of eyalro.net, which was created on 2016-10-30,making it 8 years ago. It has several subdomains, such as cat.eyalro.net , among others.

Description:Eyal Ronen, Colin O’Flynn, Adi Shamir and Achi-Or Weingarten Creating an IoT worm Within the next few years, billions of IoT devices will densely populate our cities. In this paper we describe a new...

Discover iotworm.eyalro.net website stats, rating, details and status online.Use our online tools to find owner and admin contact info. Find out where is server located.Read and write reviews or vote to improve it ranking. Check alliedvsaxis duplicates with related css, domain relations, most used words, social networks references. Go to regular site

iotworm.eyalro.net Information

HomePage size: 32.683 KB
Page Load Time: 0.841506 Seconds
Website IP Address: 162.255.119.193

iotworm.eyalro.net Similar Website

Advantech Co-Creating the Future of the IoT World
us2.advantech.com
Front Page | IoT Soutions (Platform & Devices) — IoT cloud platform the Internet of Things solutions
iot.aptilabs.com
ASNC Nuclear Cardiology Board Review OnDemand - Nuclear Cardiology Board Review, at your Fingertips
asnc.ondemand.org
Supply Chain Software: The Connected Supply Chain - e2open
pages.e2open.com
The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations | Eyal Ronen
cat.eyalro.net
Supply Chain Planning Blog - Supply Chain Link Blog - Arkieva
blog.arkieva.com
BlueCom Technologies – Intelligent Hybrid Network Solution, IoT, Home IoT, Home Assistant, Home Auto
wp.bluecomtech.com
IoT Solutions | 500+ Networks, 200 Countries | Telenor IoT
iot.telenor.com
Nuclear Power Cables Nuclear Reactor Cables Nuclear
inbound.r-scc.com
Hoist, Hoists, Manual Chain Hoists, Chain Hoists, Electric Chain Hoists, Electric Hoists, Air Hoists
hoists.e-rackonline.com
Electronics Goes Green 2020 | Fraunhofer Electronics Goes Green 2020 Online
online.electronicsgoesgreen.org
Best IoT Service Provider | IoT Data Plans |
stallion.symphonybilling.com
IoT Development - Enterprise IoT Solutions | Intellectsoft IoT
iot.intellectsoft.net

iotworm.eyalro.net PopUrls

IoT Goes Nuclear: Creating a ZigBee Chain Reaction | Eyal Ronen
http://iotworm.eyalro.net/

iotworm.eyalro.net Httpheader

Connection: keep-alive
Content-Length: 35110
Cache-Control: max-age=3600
Content-Type: text/html; charset=utf-8
Etag: "1ab08b8eb9a7fa27d806303fc50698f0abb64ecebe7fd5a803418da321600401"
Last-Modified: Tue, 19 Sep 2023 07:01:56 GMT
Strict-Transport-Security: max-age=31556926
Accept-Ranges: bytes
Date: Tue, 14 May 2024 13:29:17 GMT
X-Served-By: cache-sjc10072-SJC
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1715693357.411625,VS0,VE155
Vary: x-fh-requested-host, accept-encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400

iotworm.eyalro.net Meta Info

charset="utf-8"/
content="width=device-width, initial-scale=1" name="viewport"/
content="IE=edge" http-equiv="X-UA-Compatible"/
content="Source Themes Academic 4.4.0" name="generator"/
content="Eyal Ronen" name="author"/
content="Eyal Ronen, Colin O’Flynn, Adi Shamir and Achi-Or Weingarten Creating an IoT worm Within the next few years, billions of IoT devices will densely populate our cities. In this paper we describe a new type of threat in which adjacent IoT devices will infect each other with a worm that will spread explosively over large areas in a kind of nuclear chain reaction, provided that the density of compatible IoT devices exceeds a certain critical mass." name="description"/
content="#2962ff" name="theme-color"/
content="summary_large_image" property="twitter:card"/
content="@eyalr0" property="twitter:site"/
content="@eyalr0" property="twitter:creator"/
content="Eyal Ronen" property="og:site_name"/
content="http://www.eyalro.net/project/iotworm.html" property="og:url"/
content="IoT Goes Nuclear: Creating a ZigBee Chain Reaction | Eyal Ronen" property="og:title"/
content="Eyal Ronen, Colin O’Flynn, Adi Shamir and Achi-Or Weingarten Creating an IoT worm Within the next few years, billions of IoT devices will densely populate our cities. In this paper we describe a new type of threat in which adjacent IoT devices will infect each other with a worm that will spread explosively over large areas in a kind of nuclear chain reaction, provided that the density of compatible IoT devices exceeds a certain critical mass." property="og:description"/
content="http://www.eyalro.net/project/iotworm/featured.jpg" property="og:image"/
content="http://www.eyalro.net/project/iotworm/featured.jpg" property="twitter:image"/
content="en-us" property="og:locale"/
content="2018-11-21T11:27:11+02:00" property="article:published_time"/
content="2018-11-21T11:27:11+02:00" property="article:modified_time"/

iotworm.eyalro.net Ip Information

Ip Country: United States
Latitude: 37.751
Longitude: -97.822

iotworm.eyalro.net Html To Plain Text

Eyal Ronen Home Publications Talks Projects Contact IoT Goes Nuclear: Creating a ZigBee Chain Reaction Nov 21, 2018 PDF Slides Video Eyal Ronen , Colin O’Flynn , Adi Shamir and Achi-Or Weingarten Creating an IoT worm Within the next few years, billions of IoT devices will densely populate our cities. In this paper we describe a new type of threat in which adjacent IoT devices will infect each other with a worm that will spread explosively over large areas in a kind of nuclear chain reaction, provided that the density of compatible IoT devices exceeds a certain critical mass. In particular, we developed and verified such an infection using the popular Philips Hue smart lamps as a platform. The worm spreads by jumping directly from one lamp to its neighbors, using only their built-in ZigBee wireless connectivity and their physical proximity. The attack can start by plugging in a single infected bulb anywhere in the city, and then catastrophically spread everywhere within minutes, enabling the attacker to turn all the city lights on or off, permanently brick them, or exploit them in a massive DDOS attack. To demonstrate the risks involved, we use results from percolation theory to estimate the critical mass of installed devices for a typical city such as Paris whose area is about 105 square kilometers: The chain reaction will fizzle if there are fewer than about 15,000 randomly located smart lights in the whole city, but will spread everywhere when the number exceeds this critical mass (which had almost certainly been surpassed already). To make such an attack possible, we had to find a way to remotely yank already installed lamps from their current networks, and to perform over-the-air firmware updates. We overcame the first problem by discovering and exploiting a major bug in the implementation of the Touchlink part of the ZigBee Light Link protocol, which is supposed to stop such attempts with a proximity test. To solve the second problem, we developed a new version of a side channel attack to extract the global AES-CCM key that Philips uses to encrypt and authenticate new firmware. We used only readily available equipment costing a few hundred dollars, and managed to find this key without seeing any actual updates. This demonstrates once again how difficult it is to get security right even for a large company that uses standard cryptographic techniques to protect a major product. Possible Worm applications Bricking attack An attacker can use the worm for a city-wide bricking attack. The malicious firmware can disable additional firmware downloads, and thus any effect caused by the worm (blackout, constant flickering, etc.) will be permanent. There is no other method of reprogramming these devices without full disassemble (which is not feasible). Any old stock would also need to be recalled, as any devices with vulnerable firmware can be infected as soon as power is applied. Wireless network jamming The IEEE 802.15.4 standard which ZigBee runs over uses the 2.4GHz ISM (Industrial, Scientific, Medical) license-free band. This band is widely used by many standards, including IEEE 802.11b/g (n mode supports both 2.4GHz and 5GHz bands). These 802.15.4 SoC devices have a special `test mode’ which transmits a continuous wave signal that is used during the FCC/CE emission certification process. This test signal can be tuned to overlap on any of the 2.4 GHz 802.11 channels (or sweep between them), and can be used as a very effective jammer. Using many infected lamps at once, WiFi communication (or any other 2.4 GHz transmissions) could be disrupted in the whole city. Attacking the electric grid All the city’s smart lamps can be scheduled to simultaneously turn on and off multiple times. The sudden changes in power consumption can have a detrimental effect on the electric grid. Causing epileptic seizures By repeatedly flashing the lights at the right frequency, it is possible to induce epileptic seizures in photosensitive people on a large scale. Philips Hue Malicious software update By extracting the global keys Philips uses to encrypt and authenticate new firmwares, we were able to load a malicious over-the-air firmware update. In this image from the official Hue app, you can see the infected light software version: IrradiateHue” Takeover attack demonstration To be able to load the malicious update, we must first make the lamps join our own network. We accomplish this by using a novel takeover attack against installed lamps. To test our attack we have built a fully autonomous attack kit. We have tested our attack in two scenarios: War-driving and War-flying against ZigBee networks. ZigBee Light Link War-driving We have tested our attack kit against lights installed in our faculty in the Weizmann Institute of Science. We can cause lights to flicker at range of over 70 meters while driving, as you can see in this video: ZigBee Light Link War-flying For our war-flying we found a more interesting target. An office building in the city of Beer Sheva hosting some well-known security companies and also the Israeli CERT. Several Philips Hue lights were installed in one floor to test our attack. We have mounted our attack kit on a drone and started our attack from a range of 350 meters The video starts with an external footage of the drone taking off at a range of 350 meters. The evaluation board of the attack kit can be seen hanging on a one meter USB cable beneath the drone. After the takeoff we switch to the drone’s high quality camera. Right after liftoff it is already possible to see the light effects starting in the distance. As the drone gets closer to the building, the ZigBee channel gets more reliable, and we are able to affect more lights, and the flickering becomes more regular. When the drone hovers in front of the building, the second phase of our attack can be seen. The lights have been kidnaped” from their controller and are crying for help, signaling S O S repeatedly in Morse code. Full Disclosure Status We have made full disclosure to Philips Lighting, including all the technical details and suggestions for a fix. They have already confirmed and fixed the takeover vulnerability. OTA updates are available. Eyal Ronen Publications Eyal Ronen , Colin O’Flynn , Adi Shamir , Achi-Or Weingarten February 2018 IEEE Security & Privacy IoT Goes Nuclear: Creating a Zigbee Chain Reaction Project Eyal Ronen , Colin O’Flynn , Adi Shamir , Achi-Or Weingarten January 2017 IEEE Symposium on Security and Privacy IoT Goes Nuclear: Creating a ZigBee Chain Reaction PDF Project Slides Video Talks Aug 13, 2018 1:00 PM Stanford, US Iot Goes Nuclear: Creating a Zigbee Chain Reaction Project Apr 29, 2018 1:00 PM Tel Aviv, Israel Iot Goes Nuclear: Creating a Zigbee Chain Reaction Project Slides Mar 13, 2018 1:00 PM Canterbury, UK Iot Goes Nuclear: Creating a Zigbee Chain Reaction Project Mar 7, 2018 1:00 PM Tel Aviv, Israel Iot Goes Nuclear: Creating a Zigbee Chain Reaction Project Dec 6, 2017 1:00 PM IBM Research, Haifa Iot Goes Nuclear: Creating a Zigbee Chain Reaction Project Oct 24, 2017 1:00 PM Warswa, Poland Iot Goes Nuclear: Creating a Zigbee Chain Reaction Project May 22, 2017 1:00 PM San Jose, United States Iot Goes Nuclear: Creating a Zigbee Chain Reaction Project Slides Video Dec 8, 2016 1:00 PM Tel Aviv University Iot Goes Nuclear: Creating a Zigbee Chain Reaction Project Aug 4, 2016 1:00 PM Las Vegas, United States A Lightbulb Worm? (with Colin O`flyin) Project Video © 2019 Eyal Ronen · Powered by the Academic theme for Hugo . Cite × Copy...

iotworm.eyalro.net Whois

Domain Name: EYALRO.NET Registry Domain ID: 2070126287_DOMAIN_NET-VRSN Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 2023-10-29T09:51:28Z Creation Date: 2016-10-30T09:46:15Z Registry Expiry Date: 2026-10-30T09:46:15Z Registrar: NameCheap, Inc. Registrar IANA ID: 1068 Registrar Abuse Contact Email: abuse@namecheap.com Registrar Abuse Contact Phone: +1.6613102107 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: DNS1.REGISTRAR-SERVERS.COM Name Server: DNS2.REGISTRAR-SERVERS.COM DNSSEC: unsigned >>> Last update of whois database: 2024-05-17T13:55:22Z <<<