IEEE Consumer Electronics Magazine - March/April 2020 - 22

Privacy and Security by Design

Figure 5. (a) Attack on the network (by eavesdropping the
traffic) or on the drone (via insecure network services like FTP). (b)
Attacker gains root access to the device via telnet using
anonymous FTP login as a backdoor.

regularly updated and patched with fixes for
known security vulnerabilities either via secure
over-the-air (OTA) updates or via another alternate mechanism. The secure tokens meant for
firmware integrity check may be stored insecurely as plaintext (e.g., in the above Tesla's
code), which can be exploited by an attacker to
modify the firmware and take control of the
ECUs. Instead of using a static secure token that
can be easily obtained by reverse engineering,
true random number generators can be
employed for generating session keys; thus,
restricting unauthorized accesses to any IoT
device's firmware.

Social Engineering Attack
By extracting users' private information, the
attacker can profile the users in the home network.
A case study on Chamberlain MyQ, a garage door
opener prone to such an attack is presented here.
Attack and Consequences: It has been shown
that vulnerabilities in smart home appliances
can be exploited to enable attackers to access
sensitive data and to take over the control of
door locks and sensors, etc.10 After gaining
access to the users account, the attacker is not
only able to read the state of the door (open,
closed, or in motion) by monitoring the network
traffic, but also open or close it.11 Moreover, the
attacker can also add rules notifying him/her of
the door state changes via email. The attacker

22

can also profile the house occupants by studying
the historical data of the garage door usage.
Vulnerabilities and Countermeasures: For the
front-end connections, the MyQ devices did not
enforce strong passwords. Furthermore, the
HTTPS service running in the MyQ device
revealed basic connectivity information. The
MyQ system did not require the user to follow
password-strength guidelines, making the system
easy target for brute-force attacks. Having strong
passwords reduces the success rate of dictionary
attacks against live services. Also, in the scenario
leading to the theft of the hashed-password database, it increases the efforts to crack the password successfully. As the MyQ system used
unencrypted user datagram protocol for communication, the packets traveling between the
server and the device could be easily spoofed;
thus, triggering the doors to open/close. Also,
critical information including authentication credentials and session tokens could be stolen.
Strong password protection is the first step
towards securing the IoT device, and the personal data of individual users accessing the
device. To strengthen the security, a two-factor
authentication mechanism can be employed,
including those with password protection as the
primary factor.

Device Hardware Exploitation
Open ports/unprotected hardware interfaces
left open by the manufacturers of the IoT devices
and are easy targets for the attackers to gain
control over these devices. We will use Parrot AR
2.0 Quadcopter as a case study to explain such
attacks.
Attack and Consequences: In a recent experiment by researchers Astaburuaga et al.,12 port
scanning using an open-source Linux Network
Mapper utility revealed open ports in the quadcopter system (e.g., port 21-file transfer protocol
(FTP) and port 23-Telnet). Such information can
be leveraged to launch various attacks on the
device (also see Figure 5). Using a compatible
mobile app, one can connect to the target device
through its open access point (AP). Via FTP, malicious files can then be loaded into its file system
or a harmful firmware update can be performed,
making the drone inoperable. Using an anonymous FTP login, the attacker can download the

IEEE Consumer Electronics Magazine



IEEE Consumer Electronics Magazine - March/April 2020

Table of Contents for the Digital Edition of IEEE Consumer Electronics Magazine - March/April 2020

Contents
IEEE Consumer Electronics Magazine - March/April 2020 - Cover1
IEEE Consumer Electronics Magazine - March/April 2020 - Cover2
IEEE Consumer Electronics Magazine - March/April 2020 - Contents
IEEE Consumer Electronics Magazine - March/April 2020 - 2
IEEE Consumer Electronics Magazine - March/April 2020 - 3
IEEE Consumer Electronics Magazine - March/April 2020 - 4
IEEE Consumer Electronics Magazine - March/April 2020 - 5
IEEE Consumer Electronics Magazine - March/April 2020 - 6
IEEE Consumer Electronics Magazine - March/April 2020 - 7
IEEE Consumer Electronics Magazine - March/April 2020 - 8
IEEE Consumer Electronics Magazine - March/April 2020 - 9
IEEE Consumer Electronics Magazine - March/April 2020 - 10
IEEE Consumer Electronics Magazine - March/April 2020 - 11
IEEE Consumer Electronics Magazine - March/April 2020 - 12
IEEE Consumer Electronics Magazine - March/April 2020 - 13
IEEE Consumer Electronics Magazine - March/April 2020 - 14
IEEE Consumer Electronics Magazine - March/April 2020 - 15
IEEE Consumer Electronics Magazine - March/April 2020 - 16
IEEE Consumer Electronics Magazine - March/April 2020 - 17
IEEE Consumer Electronics Magazine - March/April 2020 - 18
IEEE Consumer Electronics Magazine - March/April 2020 - 19
IEEE Consumer Electronics Magazine - March/April 2020 - 20
IEEE Consumer Electronics Magazine - March/April 2020 - 21
IEEE Consumer Electronics Magazine - March/April 2020 - 22
IEEE Consumer Electronics Magazine - March/April 2020 - 23
IEEE Consumer Electronics Magazine - March/April 2020 - 24
IEEE Consumer Electronics Magazine - March/April 2020 - 25
IEEE Consumer Electronics Magazine - March/April 2020 - 26
IEEE Consumer Electronics Magazine - March/April 2020 - 27
IEEE Consumer Electronics Magazine - March/April 2020 - 28
IEEE Consumer Electronics Magazine - March/April 2020 - 29
IEEE Consumer Electronics Magazine - March/April 2020 - 30
IEEE Consumer Electronics Magazine - March/April 2020 - 31
IEEE Consumer Electronics Magazine - March/April 2020 - 32
IEEE Consumer Electronics Magazine - March/April 2020 - 33
IEEE Consumer Electronics Magazine - March/April 2020 - 34
IEEE Consumer Electronics Magazine - March/April 2020 - 35
IEEE Consumer Electronics Magazine - March/April 2020 - 36
IEEE Consumer Electronics Magazine - March/April 2020 - 37
IEEE Consumer Electronics Magazine - March/April 2020 - 38
IEEE Consumer Electronics Magazine - March/April 2020 - 39
IEEE Consumer Electronics Magazine - March/April 2020 - 40
IEEE Consumer Electronics Magazine - March/April 2020 - 41
IEEE Consumer Electronics Magazine - March/April 2020 - 42
IEEE Consumer Electronics Magazine - March/April 2020 - 43
IEEE Consumer Electronics Magazine - March/April 2020 - 44
IEEE Consumer Electronics Magazine - March/April 2020 - 45
IEEE Consumer Electronics Magazine - March/April 2020 - 46
IEEE Consumer Electronics Magazine - March/April 2020 - 47
IEEE Consumer Electronics Magazine - March/April 2020 - 48
IEEE Consumer Electronics Magazine - March/April 2020 - 49
IEEE Consumer Electronics Magazine - March/April 2020 - 50
IEEE Consumer Electronics Magazine - March/April 2020 - 51
IEEE Consumer Electronics Magazine - March/April 2020 - 52
IEEE Consumer Electronics Magazine - March/April 2020 - 53
IEEE Consumer Electronics Magazine - March/April 2020 - 54
IEEE Consumer Electronics Magazine - March/April 2020 - 55
IEEE Consumer Electronics Magazine - March/April 2020 - 56
IEEE Consumer Electronics Magazine - March/April 2020 - 57
IEEE Consumer Electronics Magazine - March/April 2020 - 58
IEEE Consumer Electronics Magazine - March/April 2020 - 59
IEEE Consumer Electronics Magazine - March/April 2020 - 60
IEEE Consumer Electronics Magazine - March/April 2020 - 61
IEEE Consumer Electronics Magazine - March/April 2020 - 62
IEEE Consumer Electronics Magazine - March/April 2020 - 63
IEEE Consumer Electronics Magazine - March/April 2020 - 64
IEEE Consumer Electronics Magazine - March/April 2020 - 65
IEEE Consumer Electronics Magazine - March/April 2020 - 66
IEEE Consumer Electronics Magazine - March/April 2020 - 67
IEEE Consumer Electronics Magazine - March/April 2020 - 68
IEEE Consumer Electronics Magazine - March/April 2020 - 69
IEEE Consumer Electronics Magazine - March/April 2020 - 70
IEEE Consumer Electronics Magazine - March/April 2020 - 71
IEEE Consumer Electronics Magazine - March/April 2020 - 72
IEEE Consumer Electronics Magazine - March/April 2020 - 73
IEEE Consumer Electronics Magazine - March/April 2020 - 74
IEEE Consumer Electronics Magazine - March/April 2020 - 75
IEEE Consumer Electronics Magazine - March/April 2020 - 76
IEEE Consumer Electronics Magazine - March/April 2020 - 77
IEEE Consumer Electronics Magazine - March/April 2020 - 78
IEEE Consumer Electronics Magazine - March/April 2020 - 79
IEEE Consumer Electronics Magazine - March/April 2020 - 80
IEEE Consumer Electronics Magazine - March/April 2020 - 81
IEEE Consumer Electronics Magazine - March/April 2020 - 82
IEEE Consumer Electronics Magazine - March/April 2020 - 83
IEEE Consumer Electronics Magazine - March/April 2020 - 84
IEEE Consumer Electronics Magazine - March/April 2020 - 85
IEEE Consumer Electronics Magazine - March/April 2020 - 86
IEEE Consumer Electronics Magazine - March/April 2020 - 87
IEEE Consumer Electronics Magazine - March/April 2020 - 88
IEEE Consumer Electronics Magazine - March/April 2020 - 89
IEEE Consumer Electronics Magazine - March/April 2020 - 90
IEEE Consumer Electronics Magazine - March/April 2020 - 91
IEEE Consumer Electronics Magazine - March/April 2020 - 92
IEEE Consumer Electronics Magazine - March/April 2020 - 93
IEEE Consumer Electronics Magazine - March/April 2020 - 94
IEEE Consumer Electronics Magazine - March/April 2020 - 95
IEEE Consumer Electronics Magazine - March/April 2020 - 96
IEEE Consumer Electronics Magazine - March/April 2020 - 97
IEEE Consumer Electronics Magazine - March/April 2020 - 98
IEEE Consumer Electronics Magazine - March/April 2020 - 99
IEEE Consumer Electronics Magazine - March/April 2020 - 100
IEEE Consumer Electronics Magazine - March/April 2020 - 101
IEEE Consumer Electronics Magazine - March/April 2020 - 102
IEEE Consumer Electronics Magazine - March/April 2020 - 103
IEEE Consumer Electronics Magazine - March/April 2020 - 104
IEEE Consumer Electronics Magazine - March/April 2020 - 105
IEEE Consumer Electronics Magazine - March/April 2020 - 106
IEEE Consumer Electronics Magazine - March/April 2020 - 107
IEEE Consumer Electronics Magazine - March/April 2020 - 108
IEEE Consumer Electronics Magazine - March/April 2020 - 109
IEEE Consumer Electronics Magazine - March/April 2020 - 110
IEEE Consumer Electronics Magazine - March/April 2020 - 111
IEEE Consumer Electronics Magazine - March/April 2020 - 112
IEEE Consumer Electronics Magazine - March/April 2020 - 113
IEEE Consumer Electronics Magazine - March/April 2020 - 114
IEEE Consumer Electronics Magazine - March/April 2020 - 115
IEEE Consumer Electronics Magazine - March/April 2020 - 116
IEEE Consumer Electronics Magazine - March/April 2020 - Cover3
IEEE Consumer Electronics Magazine - March/April 2020 - Cover4
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20240102
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20231112
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20230910
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20230708
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20230506
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20230304
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20230102
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20221112
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20220910
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20220708
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20220506
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20220304
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20220102
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20211112
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20210910
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20210708
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20210506
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_20210304
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_202010
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_202009
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_202007
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_202004
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_202003
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_202001
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201910
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201909
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201907
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201905
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201903
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201901
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201811
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201809
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201807
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201805
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_201803
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_july2017
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_april2017
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_january2017
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_october2016
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_july2016
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_april2016
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_january2016
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_october2015
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_july2015
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_april2015
https://www.nxtbook.com/nxtbooks/ieee/consumerelectronics_january2015
https://www.nxtbookmedia.com