Embed Size (px)
Citation preview
Security Analysis of Emerging Smart Home
Applications
Rayan Nouh
72141396
Dankook University
Nov.2016
SmartThingsSamsung
2016-11-07
Agenda
• Background
• System Architecture
• SmartThings ecosystem
• Communicate Model
• Programming Framework
• Security Analysis
• Key Finding
• Challenges & Opportunities
• Recommendation & Conclusion
SmartThingsSamsung
2016-11-07
SmartHome
Background
smart homeWhat is ?
2016-11-07
1
Smart Home
Controlled via
a mobile device
or remotely
through the cloud
Connected
devices and
home automa-
tion services
Background
Smart home global study trend ; sources google
2016-11-07
2
Mobile as interface remote control to motion sensors, lights, security and fire alarm door locks, internet gateway etc..
Background
Sm
art
hom
e;
sourc
es
2016-11-07
3
Consumers
believe smart
home technology
will have an impact
on their life over
the next few
years…
75%
China
Brazil
South
Korea
US
UK
Germany
Japan
57%
55%
51%
47%
43%
19%
Global
50%
Background
Smart home global study trend 2015; sources google
2016-11-07
4
This paper, discuss security issues of smart home application selected analyses Samsun-Smart Things platform on multiple subject;
Background
• Smart Home Programming Framework.
• Key Components of Security Issues.
• Depth Analysed of Samsung SmartThings.
• Evolution Risk & Security of Smart App platform.
• Recommendation Part for Early Adopters & Framework Designers
qjl5q011F2Fm%2https://www.google.com/trends/explore?q=%Others Smart Thing Samsung- SmartThings
2016-11-07
5
Samsung’s SmartThings
• Smart Home technology enabling many devices (SmartThings) in home connected to the Internet and controlled by SmartPhone.
• Recently, different companies introduced new systems that are easier for users to setup, based on cloud-backed.
• SmartThings provide program framework to third-party developers to build apps that realize smart home application.
- Samsung’s SmartThings
- Apple’s HomeKit
- Google’s Weave/Brillo
- AllSeen Alliance’s
Company Example
2016-11-07
6
• Home Monitoring
• Access Control
• Lighting Control
• Fire detection - Leak detection
• Energy Efficiency
• Temperature monitoring and HVAC control
• Automated meter reading
• Family Care
(SmartThings)
SmartThings Applications 2016-11-07
7
IP-enabled cameras, motion sensors, and connected door locks offer better control of home security.
Smart Home System Architecture
Smart Home system architecture
2016-11-07
8
Most challenges of Smart Home device sensors can be attacked to reason physical, financial, and psychological harm.
Smart Home How Safe !!
Smart home security ; sources google Smart home security ; sources google
Is It Safe To Be Smart?
Security Privacy
“We believe a connected home will provide users [with] more information, more piece of mind and , more control in their lives – but privacy is fundamental’’
” said Andy Griffiths, the president of Samsung in UK and Ireland 2015.
2016-11-07
9
Why Paper Aanalysed
• Samsung-SmartThings, which has the largest number of apps among currently available smart home platforms.
• Samsung-SmartThings supports diffrent devices including motion sensors, fire alarms, and door lock.
• SmartThings hosts the application runtime on a proprietary, closed-source cloud backend.. making scrutiny challenging.
• Smart home application framework support by third party development, theses kind of framework have benefits to user but also significant security risks.
Samsung-SmartThings; sources google
2016-11-07
10
Analysing security-oriented aspect of SmartThings programming framework.
security analysis was challenging because the SmartThings platform is a closed-source system.
Security Analysis
Paper Analysis Scope
To overcome these challenges, team was builted static analysis tools to;
• Runtime testing.
• Manual analysis on a dataset of 499 SmartApps and 132 device.
• Downloaded in source form.
iotsecurity.eecs.umich.edu://httpsare available at Analysis tools
Paper Contributions
① Backdoor Pin Code Injection Attack.
② Door Lock Pin Code Snooping Attack.
③ Home Automation Vacation Mode Attack.
④ Fake Alarm Attacks.
• The SmartThings Capability Model.
• The SmartThings Subsystem.
Four Concept of Attacks SmartThings
2016-11-07
11
SmartThings ecosystem
The SmartThings ecosystem consists of three major components such as ;
1. Hubs, switches and networks.
2. SmartThings cloud backend.
3. Smartphone companion app.
Samson ARTIK
Open-Cloud complements the of IoT modules, which include SDKs for SAMI connectivity
Samson Hubs, switches and networks
Smartphone companion app
docs.smartthings.comhttp://
2016-11-07
12
SmartApps via SmartDevices
How Hubs works ?
Each hub, supports multiple radio protocols ZWave,ZigBee, and WiFi to interact with physical devices around the user’s home.
Users manage their hubs, by install SmartAppsfrom app store (called SmartThings Mobile).
Cloud backen runs SmartDevices, for physical devices in a user’s home.
*SSL
*SSL
SmartThings Mobile
Samson Hubs
docs.smartthings.comhttp://*SSL Secure Sockets Layer
2016-11-07
13
Communicate Architecture Model
Smart App and Smart device are communicate in two ways based on Groovy Transformer Sandbox;
Smart-Devices communicate with the hub over a proprietary protocol
SmartApps /SmartDevices, written in, object-oriented programming language Groovy programming language
for the Java platform, in addition SmartThings provides a Web-based environment, hosted on the cloud backend, for
software development.
Programming Framework
SmartThings architecture overview
* OAuth : open standard authorization.
2016-11-07
14
Programming Framework
Below shows an example SmartApp that locks and unlocks a physical door lock based on the on/off state of switch;
Smart-App structure programming pseudocode
Capabilities & Authorization
user interface example “user must choose one or more devices that the app can access”
2016-11-07
15
SmartApps vs. SmartDevices vs. Physical Devices
When a user installs this SmartApp, then SmartThings will show the lock and the motion sensor since both the similar device handlers (SmartDevice1 / SmartDevice2) expose the requested capability.
Hubs
2016-11-07
16
SmartThings Security Analysis
A. Least-Privilege Principle in SmartApps
B. Sensitive Event Data Protection
C. Third-Party Integration Safety
D. Dynamic Method Invocation
E. APIs Access Control
On paper methodology involved creating a list of potential security issues based on SmartThings architecture and extensively testing each potential security issue with prototype SmartApps.
Five General Subjects
2016-11-07
17
A. Over privilege in Smart-Apps
On this section founded significate issues with over privilege in the SmartThings framework.
Result;
• Associated commands : lock /unlock
• Associated attribute: lock
The lock attribute has same name as command, but the attribute refers to the locked or unlocked device status.
After analysed found that 68 out of 499 (13.6%) SmartApps used commands and attributes from capabilities other than explicitly asked in preferences section.
SmartThings Security Analysis 2016-11-07
18
B. Sensitive Event Data Protection
• SmartDevice assigned a 128-bit device integers addresses help connect to hub.
• SmartThings supports a callback pattern that allowed SmartApps to register for those events.
• Un-authorized SmartApps can detective on sensitive events.
• Once SmartApp is approved for access to SmartDevice, then SmartApp can monitor any event data published by SmartDevice.
• SmartThings framework has no special mechanism to selectively send event data .
SmartThings Security Analysis
Result ;
2016-11-07
19
C. External, Third-Party Integration Safety
SmartThings Security Analysis
SmartApps provide HTTP end-points for third-party to interface with SmartThings.
• Developer bugs in external platforms can effect directly of system security of SmartThings.
• Most mobile apps incorrectly implement *OAuth protocol due to developer misunderstanding, confusing on * OAuth documentation.
• SmartApp on Android at Googel Play dese’t flow the SmartThings recommendation.
* OAuth is an open standard for authorization.
Result ;
2016-11-07
20
D. External Input Sanitization
SmartThings Security Analysis
• Unsafe use of Groovy dynamic method invocation.
• Apps use dynamic method “mapping file”, could be more fair attacks, similar to SQL-injection attacks.
• *OAuth token scoped to particular only SmartApp, not web services.
• Developer free to decide the set of end-points, what kind of data take as input.
• WebService SmartApps expose HTTP end-points protected via *OAuth.
* OAuth ; open standard authorization.
Result ;
2016-11-07
21
E. Access control of external communication APIs
SmartThings Security Analysis
• SmartThings framework uses OAuth to authenticate incoming, internet requests to SmartAppsfrom external parties.
• Internet access and SMS are open to any SmartApps without any means to control their use.
*SmartThings framework based on *OAuth ; open standard for authorization.
Approach of API access control in two steps:
1. Installation SmartThings Web Services “SmartApp” on user’s SmartThings Account/Location.
2. Typical *OAuth login flow grants the external system authorization access token.
Result ;
2016-11-07
22
Backdoor Pin Code Injection Attack • Easy to stealing an OAuth token .• Android app found that third-party can using client ID and secret.• Attacker can replace the redirect part of Oauth authorization.• SmartThings provides OAuth bearer tokens, so anyone with token can access the function of SmartThings deployment.• Attacker can adopt Android app to directly unlock the door lock. • Attacker can enter the home even if the Android app is patched or the user’s hub goes offline.
Paper show four concrete ways of SmartThinks attacks concept as below ;
Door Lock Pin Code Snooping Attack• This attack uses a battery monitor SmartApp that hiding at source code level.
• battery monitor SmartApp uses the unrestricted communication that SmartThings provides to leak the pin-code to the attacker via SMS.
• the battery monitor app can either read battery levels and send them to a remote service, via SMS to the attacker• Leaking events from any device, web services smart app can exploiting another SmartApp remotely for all devices is
authorized.
Home Automation Mode Attack Popular home automation turning off and on lights and other devices..• SmartThings does not have any security controls around the send Location Event API.• attack required only one line of attack code and can be launched from any SmartApp without requiring specific capabilities.
Fake Alarm Attack• Unprivileged SmartApp can use fake physical device events to escalate its privileges and control devices it is not
authorized to access.
Key finding summary of attack SmartApp (Pin Code, Home Automation Mode, Fake Alarm) require that users can be satisfied to install an attack SmartApp.
Key Finding 2016-11-07
23
Analysis & Key Finding
• 22 participants, most of them would be interested in installing the battery monitor app and would like to give it the access to door locks.
• Only 14% seemed to be aware that the battery monitor app can spy on door lock codes.
User Survey
Most users have limited understanding of security and privacy risks of installing Android apps of SmartThings
2016-11-07
24
Challenges & Opportunities
Paper introduce some challenges & opportunities learned from analysis of SmartThings platform
1. Asymmetric Device Operations & Risk-based Capabilities.
• There is no standard set of interfaces yet.
• User must configure IP access lists ACLs upon app installation.
• Must thinking to establish good trade-off between usability and security.
2. Subsystem Events & Identity Mechanisms.
• Subsystem secure design is crucial for smart home platforms.
• SmartApps can’t verify the identity of source event.
• SmartThings does’t supported selectively distributing sensitive event data.
• Any app with access to device’s ID can monitor all the events of that device.
2016-11-07
25
• SmartThing devices & their Application will continue increase and keep attractive consumers
because they provide powerful functionality.
• SmartThing Application must be more consideration in warranted security part on early adopters,
and framework designers.
• SmartThing App their risks are significant, so not possible to be easily addressed via simple security
patches alone.
• SmartThings platform must be taken into account to improved *OAuth in future releases of others
SmartThing App.
Recommendation & Conclusion
*OAuth open standard authorization
2016-11-07
26
Thanks …Rayan Nouh
72141396
Dankook University
Nov.2016
SmartThingsSamsung
2016-11-07
