基於網路攝影機與路由器之物聯網裝置惡意攻擊研究

 

A Study on Penetration Testing of IoT Devices Based on Webcam and Router

 

王建凱

國立屏東大學資訊科學系

屏東市民生路4-18

dabledark@gmail.com

 

楊政興

國立屏東大學資訊科學系

屏東市民生路4-18

chyang@mail.nptu.edu.tw

 

翁麒耀

國立屏東大學資訊科學系

屏東市民生路4-18

cyweng@mail.nptu.edu.tw

 

摘要

近年來,通訊及網路的相關技術進步使得許多設備都開始具備連網功能,這些數以萬計的物聯網設備已經逐漸融入我們的生活之中成為不可或缺的一環,雖然物聯網設備的處理效能或是訊息傳遞速度比起個人電腦或是智慧手機都遜色不少,但其數量龐大且使用者購買後通常不會再去監控設備狀況,因此駭客也將目標轉向數以萬計的物聯網設備。

物聯網裝置本身由於硬體效能受到成本或是耗電功率等等考量,而無法擁有完善的保護機制,例如:強健的編碼系統、完整的驗證機制、威脅即時通報機制,所以攻擊者也逐漸將攻擊目標從難以攻破的企業主機轉向保護較弱且數量龐大的物聯網裝置,常見的攻擊有阻斷式攻擊、勒索軟體、植入惡意挖礦軟體及竊取隱私或有利資訊等,因此本研究將針對目前常見的物聯網裝置攻擊手法與植入惡意程式之滲透測試過程加以探討,並提出改善之建議藉此提醒社會大眾對於物聯網裝置之安全重要性。

 

關鍵詞: 物聯網、惡意軟體、滲透測試。

 

Abstract

In recent years, communication and network technology makes many devices have networking functions. Tens of thousands of Internet equipment has gradually come into our life and become a necessity. Even though the Internet of things (IoT) devices have far lower processing efficiency or message transmission speed than that of a personal computer or smart phone, the hackers target to the IoT devices for the reason that the users usually won't monitor the equipment status after the equipment is set up

The IoT device itself is subject to cost or power consumption due to hardware efficiency, so it cannot have a complete protection mechanism, such as a robust coding system, a complete verification mechanism, or a immediate threat notification mechanism. Therefore, the attacker also gradually targets from the hard-to-break hosts of the enterprise to weak-protected and  numerous IoT devices. The common attacks to IoT devices are denial of service, ransomware, malicious software, mining program, illegal steals of privacy or favorable information, and so on. In this study, we focus on the common attack techniques against to IoT devices and give some penetration tests for the embedded malicious programs. Finally, we provide some improving suggestions and remind the common users the importance for the IoT security.

 

Keywords: IOT, Malware, Penetration Testing