"The very nature of rented IoT services means they have a unique security problem: Anyone can access devices and examine them for vulnerabilities. Some rentable devices include either a debugging port or a UART connector that makes examining their operations an uncomplicated task for an educated attacker."
"Shi found weak security that allowed him to create phantom clients that rentable IoT services could not distinguish from actual customers. Using phantom clients makes it possible for an attacker to charge cars or rent scooters at zero cost."
"The techniques he's developed can also compromise personal information by exposing rentable IoT services' back ends. He created a tool called 'IDScope' that makes it possible to exploit many of the flaws he found."
Rented IoT services, such as public EV chargers and shared e-bikes, face significant security challenges due to their accessibility. Researchers found vulnerabilities like shared authentication keys and weak user authentication in device firmware. Apps for these services also exhibited security flaws, allowing attackers to create phantom clients, enabling unauthorized access to services. A tool named 'IDScope' was developed to exploit these vulnerabilities, demonstrating the ease of compromising personal information and services. The findings highlight the urgent need for improved security measures in rented IoT infrastructure.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]