When the Price Is Your Privacy: A Security Analysis of Two Cheap IoT Devices

Margherita Favaretto, Tu Tran Anh, Juxhino Kavaja, Michele De Donno, Nicola Dragoni*

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

Abstract

The Internet of Things (IoT) is shaping a world where devices are increasingly interconnected, cheaper, and ubiquitous. The more we move toward this world, the more cybersecurity becomes paramount. Nevertheless, we argue that there exists a category of IoT devices which commonly overlooks security, despite dealing with sensitive information. In order to demonstrate this, in this work, we present the results of the security assessments we performed on two IoT devices that we consider emblematic of such category: the Rohs K88h smartwatch and the Sricam SP009 IP camera. The results demonstrate the existence of critical vulnerabilities that could be easily exploited, even by non-expert attackers, for extracting sensitive information and severely impacting on user’s privacy.

Original languageEnglish
Title of host publicationProceedings of 6th International Conference in Software Engineering for Defence Applications - SEDA 2018
EditorsManuel Mazzara, Angelo Messina, Alberto Sillitti, Giancarlo Succi, Paolo Ciancarini
PublisherSpringer
Publication date1 Jan 2020
Pages55-75
ISBN (Print)9783030146863
DOIs
Publication statusPublished - 1 Jan 2020
Event6th International Conference in Software Engineering for Defence Applications, SEDA 2018 - Rome, Italy
Duration: 7 Jun 20188 Jun 2018

Conference

Conference6th International Conference in Software Engineering for Defence Applications, SEDA 2018
CountryItaly
CityRome
Period07/06/201808/06/2018
SeriesAdvances in Intelligent Systems and Computing
Volume925
ISSN2194-5357

Cite this

Favaretto, M., Tran Anh, T., Kavaja, J., De Donno, M., & Dragoni, N. (2020). When the Price Is Your Privacy: A Security Analysis of Two Cheap IoT Devices. In M. Mazzara, A. Messina, A. Sillitti, G. Succi, & P. Ciancarini (Eds.), Proceedings of 6th International Conference in Software Engineering for Defence Applications - SEDA 2018 (pp. 55-75). Springer. Advances in Intelligent Systems and Computing, Vol.. 925 https://doi.org/10.1007/978-3-030-14687-0_6
Favaretto, Margherita ; Tran Anh, Tu ; Kavaja, Juxhino ; De Donno, Michele ; Dragoni, Nicola. / When the Price Is Your Privacy : A Security Analysis of Two Cheap IoT Devices. Proceedings of 6th International Conference in Software Engineering for Defence Applications - SEDA 2018. editor / Manuel Mazzara ; Angelo Messina ; Alberto Sillitti ; Giancarlo Succi ; Paolo Ciancarini. Springer, 2020. pp. 55-75 (Advances in Intelligent Systems and Computing, Vol. 925).
@inproceedings{af82d7f8285a4716bb5cca5a3f87cdcd,
title = "When the Price Is Your Privacy: A Security Analysis of Two Cheap IoT Devices",
abstract = "The Internet of Things (IoT) is shaping a world where devices are increasingly interconnected, cheaper, and ubiquitous. The more we move toward this world, the more cybersecurity becomes paramount. Nevertheless, we argue that there exists a category of IoT devices which commonly overlooks security, despite dealing with sensitive information. In order to demonstrate this, in this work, we present the results of the security assessments we performed on two IoT devices that we consider emblematic of such category: the Rohs K88h smartwatch and the Sricam SP009 IP camera. The results demonstrate the existence of critical vulnerabilities that could be easily exploited, even by non-expert attackers, for extracting sensitive information and severely impacting on user’s privacy.",
author = "Margherita Favaretto and {Tran Anh}, Tu and Juxhino Kavaja and {De Donno}, Michele and Nicola Dragoni",
year = "2020",
month = "1",
day = "1",
doi = "10.1007/978-3-030-14687-0_6",
language = "English",
isbn = "9783030146863",
series = "Advances in Intelligent Systems and Computing",
publisher = "Springer",
pages = "55--75",
editor = "Manuel Mazzara and Angelo Messina and Alberto Sillitti and Giancarlo Succi and Paolo Ciancarini",
booktitle = "Proceedings of 6th International Conference in Software Engineering for Defence Applications - SEDA 2018",

}

Favaretto, M, Tran Anh, T, Kavaja, J, De Donno, M & Dragoni, N 2020, When the Price Is Your Privacy: A Security Analysis of Two Cheap IoT Devices. in M Mazzara, A Messina, A Sillitti, G Succi & P Ciancarini (eds), Proceedings of 6th International Conference in Software Engineering for Defence Applications - SEDA 2018. Springer, Advances in Intelligent Systems and Computing, vol. 925, pp. 55-75, 6th International Conference in Software Engineering for Defence Applications, SEDA 2018, Rome, Italy, 07/06/2018. https://doi.org/10.1007/978-3-030-14687-0_6

When the Price Is Your Privacy : A Security Analysis of Two Cheap IoT Devices. / Favaretto, Margherita; Tran Anh, Tu; Kavaja, Juxhino; De Donno, Michele; Dragoni, Nicola.

Proceedings of 6th International Conference in Software Engineering for Defence Applications - SEDA 2018. ed. / Manuel Mazzara; Angelo Messina; Alberto Sillitti; Giancarlo Succi; Paolo Ciancarini. Springer, 2020. p. 55-75 (Advances in Intelligent Systems and Computing, Vol. 925).

Research output: Chapter in Book/Report/Conference proceedingArticle in proceedingsResearchpeer-review

TY - GEN

T1 - When the Price Is Your Privacy

T2 - A Security Analysis of Two Cheap IoT Devices

AU - Favaretto, Margherita

AU - Tran Anh, Tu

AU - Kavaja, Juxhino

AU - De Donno, Michele

AU - Dragoni, Nicola

PY - 2020/1/1

Y1 - 2020/1/1

N2 - The Internet of Things (IoT) is shaping a world where devices are increasingly interconnected, cheaper, and ubiquitous. The more we move toward this world, the more cybersecurity becomes paramount. Nevertheless, we argue that there exists a category of IoT devices which commonly overlooks security, despite dealing with sensitive information. In order to demonstrate this, in this work, we present the results of the security assessments we performed on two IoT devices that we consider emblematic of such category: the Rohs K88h smartwatch and the Sricam SP009 IP camera. The results demonstrate the existence of critical vulnerabilities that could be easily exploited, even by non-expert attackers, for extracting sensitive information and severely impacting on user’s privacy.

AB - The Internet of Things (IoT) is shaping a world where devices are increasingly interconnected, cheaper, and ubiquitous. The more we move toward this world, the more cybersecurity becomes paramount. Nevertheless, we argue that there exists a category of IoT devices which commonly overlooks security, despite dealing with sensitive information. In order to demonstrate this, in this work, we present the results of the security assessments we performed on two IoT devices that we consider emblematic of such category: the Rohs K88h smartwatch and the Sricam SP009 IP camera. The results demonstrate the existence of critical vulnerabilities that could be easily exploited, even by non-expert attackers, for extracting sensitive information and severely impacting on user’s privacy.

U2 - 10.1007/978-3-030-14687-0_6

DO - 10.1007/978-3-030-14687-0_6

M3 - Article in proceedings

AN - SCOPUS:85064156900

SN - 9783030146863

T3 - Advances in Intelligent Systems and Computing

SP - 55

EP - 75

BT - Proceedings of 6th International Conference in Software Engineering for Defence Applications - SEDA 2018

A2 - Mazzara, Manuel

A2 - Messina, Angelo

A2 - Sillitti, Alberto

A2 - Succi, Giancarlo

A2 - Ciancarini, Paolo

PB - Springer

ER -

Favaretto M, Tran Anh T, Kavaja J, De Donno M, Dragoni N. When the Price Is Your Privacy: A Security Analysis of Two Cheap IoT Devices. In Mazzara M, Messina A, Sillitti A, Succi G, Ciancarini P, editors, Proceedings of 6th International Conference in Software Engineering for Defence Applications - SEDA 2018. Springer. 2020. p. 55-75. (Advances in Intelligent Systems and Computing, Vol. 925). https://doi.org/10.1007/978-3-030-14687-0_6