Next Article in Journal
Performance Analysis of Feature Selection Methods in Software Defect Prediction: A Search Method Approach
Next Article in Special Issue
Semantic-Based Representation Binary Clone Detection for Cross-Architectures in the Internet of Things
Previous Article in Journal
Experimental Investigation on Chemical Grouting in a Permeated Fracture Replica with Different Roughness
Previous Article in Special Issue
Identity Management and Access Control Based on Blockchain under Edge Computing for the Industrial Internet of Things
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Applied Sciences
Volume 9
Issue 13
10.3390/app9132763
applsci-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles thumb_up
...
Endorse textsms
...
Comment
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Review

VPNFilter Malware Analysis on Cyber Threat in Smart Home Network

by
Jose Costa Sapalo Sicato
1,
Pradip Kumar Sharma
1,
Vincenzo Loia
2 and
Jong Hyuk Park
1,*
1
Department of Computer Science and Engineering, Seoul National University of Science and Technology, Seoul 01811, Korea
2
Dipartimento di Scienze Aziendali, Management & Innovation Systems, DISA-MIS, Universitá degli Studi di Salerno, 132-84084 Fisciano, Italy
*
Author to whom correspondence should be addressed.
Appl. Sci. 2019, 9(13), 2763; https://doi.org/10.3390/app9132763
Submission received: 8 June 2019 / Revised: 4 July 2019 / Accepted: 4 July 2019 / Published: 9 July 2019
(This article belongs to the Special Issue Intelligent Perception, Application and Security Mechanism in the Internet of Things)
Browse Figures
Versions Notes

Abstract

:
Recently, the development of smart home technologies has played a crucial role in enhancing several real-life smart applications. They help improve the quality of life through systems designed to enhance convenience, comfort, entertainment, health of the householders, and security. Note, however, that malware attacks on smart home devices are increasing in frequency and volume. As people seek to improve and optimize comfort in their home and minimize their daily home responsibilities at the same time, this makes them attractive targets for a malware attack. Thus, attacks on smart home-based devices have emerged. The goals of this paper are to analyze the different aspects of cyber-physical threats on the smart home from a security perspective, discuss the types of attacks including advanced cyber-attacks and cyber-physical system attacks, and evaluate the impact on a smart home system in daily life. We have come up with a taxonomy focusing on cyber threat attacks that can also have potential impact on a smart home system and identify some key issues about VPNFilter malware that constitutes large-scale Internet of Things (IoT)-based botnet malware infection. We also discuss the defense mechanism against this threat and mention the most infected routers. The specific objective of this paper is to provide efficient task management and knowledge related to VPNFilter malware attack.

1. Introduction

In the near future, it is calculated that millions of people around the world will live in smart homes; therefore, home security and comfort should be improved using this technology. A smart home is a home based on the integration of electronic devices connected to each other with internet, wi-fi, or Bluetooth, and so on. For example, we can control many things such as light, temperature, or operation of appliances with an integrated system. Technology has radically changed the way people relate to the environment, thanks to the internet. Nowadays, it is possible to get in touch with friends and families instantly from anywhere in the world, know the route to an unknown destination in a snap, and also facilitate the day-to-day operations inside the home thanks to the smart home based on the internet of things (IoT) technology. With the increasing variety and upgrading of technology, criminal practices have evolved. The human being came to use the internet and various technological tools in a malicious way.
Nowadays, cybercrimes can victimize a large company or an ordinary person. Recently, new malware was implemented in many different routers on the network. Known as VPNfilter malware, it is considered a sophisticated piece of malware variant that mostly targets networking devices from a wide range of manufacturers named Vpnfilter [1]. This malware can collect confidential information that passes through an infected router, allowing attackers to gain control of Wi-Fi routers directly to obtain unexpected sensitive personal data. The malware infects routers to manipulate sites visited by users on the same network because the threat acts as the source of internet signal; it need not directly affect the victim’s smartphone and computer. The main contributions of this survey paper are as follows: show the known and current VPNfilter malware attacks that can be launched on smart home devices such as the wi-fi router, and demonstrate the maximum security risk introduced by VPNfilter, which can affect the operation of multifunction devices such as smart TV, smart locks, and so on.

1.1. Motivation

Living in a smart home environment is known to provide a number of benefits and comforts. A series of IoT technologies adopted in a smart home consist of communication technologies such as automatic control technology and sensor technology. Figure 1 shows the smart home architecture featuring the smart home devices connected with applications, allowing users to communicate directly with home appliances via mobiles. The aim of smart home technology is to make life more convenient and efficient, save energy, and so much more. Therefore, a significant risk to security and privacy can be introduced. Since this malware seemed to be critical, we need to understand how they are being exploited. Smart home devices can be directly compromised by attackers, undermining the privacy and security of the users [2]. Due to the lack of sufficient protection, attackers can easily obtain sensitive information from users. Moreover, many of the developments of the existing framework of smart applications give rise to vulnerabilities that can then be exploited by the attackers to launch various attacks [3,4]. The motivation of this research is the ever-growing and several malware threats to cyber-security; therefore, it is important to understand the different types of malware, their impact, and the detection techniques in the smart home.

1.2. Research Methodology

The IoT is also known as the internet of objects capable of connecting actuators, things, sensors, and many other smart technologies; thus, enabling communication between devices. It is typically connected to cloud services. The IoT system can be a heterogeneous environment that allows the different substantial devices to interact with both users and other devices, be they hardware or services offered. IoT conveys meaning to different people. Therefore, we use a research methodology that evaluates the overall study about malware on the smart home and answers three main questions:
  • Can a smart home be hacked?
    Every device connected to any other network without exceptions can be compromised. For this question, the answer is yes. The smart home system is not totally safe. There are several examples of smart devices affected by malware attacks.
  • How can smart home cyber-security be compromised by an attacker?
    In a smart home, every device or anything with the smallest piece of firmware and networking capability can be compromised. We could be forgiven for having secured strong built-in security and for presuming that any successful attack is only possible with highly determined cybercriminals. It is not just about one hacker trying to target your camera to watch you making lunch. This is far from the truth, however. Vulnerabilities and exploits are much more common than we can imagine.
  • What is the impact of different attacks against smart home occupants?
    As we know, the typical smart home system is configured for energy efficiency, convenience, and security. Therefore, we should keep in mind that cyber-security attacks cause serious disruption, leading to adverse experiences in users’ daily lives, ranging from inconvenience, to loss of time, and intense frustration due to goal blockage.
In this research paper, we discuss how to handle a device that may be infected, as well as techniques on how to defend against malware. Table 1 presents the contribution of this survey in related to existing surveys. The rest of this paper is organized as follows: Section 2 describes the taxonomy of malware in the smart home network; Section 3 discusses VPNFilter malware in the smart home network; Section 4 describes the impact on the smart home network as well as physical, cyber-security, and daily life impacts; Section 5 discusses the open issues, challenges, and proposed solutions; Section 6 presents the conclusions. We expect our discussion to help readers gain an overall understanding of the studies related to these issues.

2. Taxonomy of Malware in the Smart Home Network

Through the emerging growth of the internet and technology, various aspects of our lives are becoming simpler and smart day by day, connected through the internet of things and smart home technology. As a consequence, today’s home task is considered a smart home if it is connected to a communication network using the internet. The resident of the home can monitor, program, and control all smart home appliances, as illustrated in Figure 1, in a smart home architecture from a remote location.
At first glance, every smart home device makes our life easy, and automation can make our routine more comfortable and our home safer. At the same time, however, all these devices may introduce a huge threat if they get hit by cyber-attack like virus, malicious attacks, web attacks, and much more. Many attacks were carried out in the wireless sensor network, such as denial of service, wormhole attack, and sinkhole attack. Security for controlling the smart home area network depends on four main properties: integrity, authentication, confidentiality, and availability [10]. We are constantly generating data, receiving information, and communicating in real time with our devices and each other anytime and from anywhere.
We should regard internet of things security as unique in many aspects and as one giving rise to diverse challenges in the security assurance of other computing devices such as laptops, servers, mobile devices, smart devices, and much more [11,12]. As such, we have developed three taxonomies of security attacks criteria for the smart home mentioned in Figure 2. The first taxonomy introduces a series of four layers in the smart home system wherein each layer can be attacked and is necessary for the protection of the entire network, not only for the specific technology, but for the entire system. Based on this taxonomy, we systematically analyzed the privacy issues and security threats along with all layers of the smart home system. The second taxonomy refers to attacks based on a smart home central hub, and the last taxonomy describes the attacks based on the smart home’s physical security.

2.1. Attacks Based on the Smart Home Architecture

The smart home system is known as a control system that, through the internet, can integrate security protection, automatic control of equipment, domestic communication, and so on. The proposed smart home architecture has 4 layers.

2.1.1. Application Layer

This layer is used in both lower and upper models because of its significance, interacting with the user and user applications. The communication system is involved in this application layer. The application layer should be considered one of the social divisions of IoT, realizing extensive intellectualization and combining with industry demand [13,14]. A set of different applications is implemented by this application layer. The same application layer is used to process and manage data starting in the middleware layer, which can provide quality of service to the last user in the smart home [15]. The main problem of the application layer normally occurs in the operation of sensitive data, i.e., malicious attack to modify data and secure lifetime permission and access to data [16]. Attackers normally exploit vulnerabilities to allow malicious code to attack the systems, gain sensitive data access, and modify the system.
  • Code injection attack: This type of attack depends on the injection of data in web applications wherein it facilitates the interpretation and execution of malicious data in an unexpected way by exploiting program errors [17]. It can be used for various purposes.
  • Buffer overflow attack: A buffer whose memory is allocated by a program is an example of temporary storage to deal with a surplus of data. A buffer overflow attack occurs when a program deliberately tries to occupy more storage space than the buffer can handle, causing all extra data to overflow for the exploitation of program vulnerabilities. As an example, a well in tech king view 6.53 history Svr was threatened by a heap buffer overflow vulnerability in an industrial automation software [18].
  • Data manipulation attack, known as a manipulation code attack, involves gaining illegal access by violating user privacy. The data manipulation attack usually exploits design flaws in the permission model [19].
  • Authentication attack plays an important role in the protection of IoT security and privacy. The process of confirming the identity or truth of an object is known as authentication. This kind of attack is a way of exploiting and discovering security holes in web applications.

2.1.2. Network Layer

A network consists of a set of computers or other interconnected devices sharing resources, information, and services. This layer, which is responsible for connecting the IoT infrastructure [15], collects data from the lower layer as a perception layer and transmits the communication up to the upper layer of the smart home architecture. The communication medium may be wireless or wired, and the different technologies used can be Bluetooth, ZigBee, 3G, WiFi, and others [20,21]. Occurring on the network layer are diverse types of attacks typically affecting the information sharing among network devices. It can be classified as a passive attack, such as traffic analysis, monitor and eavesdropping and others, or as active attack, such as routing attack, denial of service node malfunction, and much more.
  • Denial of service attack: in this type of attack, a hacker denies a service to authorize the user or even creates delays through resources, generating a large amount of data. This classification presents the impact of DoS on the victim’s network or bandwidth resources. In such attacks, the attacker aims to consume the victim’s limited available resources [17].
  • Sybil attack: in this kind of attack, a single attacker can actually take over the networking, and multiple identities in the network are presented to the victim’s node, which allows the victim’s node to perform multiple operations, thus defeating the purpose of redundancy [22,23].
  • In the sinkhole attack, a compound node attracts the flow of data from nearby nodes used by hackers [23,24,25]. The system is tricked into thinking that the data have reached their destination [24]. In a wireless sensor network, the attacker can use the malicious node to attract network traffic, and then the sensor data can be arbitrarily operated.
  • Man-in-the-middle (MITM) attack is also a kind of attack wherein communication occurs between victim nodes when the attacker gains access to it, as well as the trust of the two nodes and obtains information of different nodes [26,27,28].

2.1.3. Middleware Layer

This provides enterprise activation and integration required to connect engagement systems. The middleware layer obtains from the network layer data that links together the system to the database and the cloud and also performs processing and data storage [19]. The security of the database and cloud is considered the main problem in the middleware layer, which greatly affects the quality of service at the application layer.
  • Flooding attack: This type of attack is considered to be a form of denial of service attack wherein a network or a service becomes so weighed down with packets initiating incomplete connection requests that it can no longer process genuine connection requests. Attackers can attack the service to affect the quality of service [29].
  • Cloud malware attack: An attacker launching this type of attack tries to inject a malicious service in the cloud and creates its own malicious service implementation module and tries to add it in the cloud system. Therefore, if the attacker succeeds, the cloud automatically redirects the request of the valid user for the attacker code to start to be executed.
  • SQL injection attack: In this type of attack, many attackers use SQL statements for writing, deleting operations, and reading when the web application is being hacked by SQL injection. Pages show different outcomes compared with the actual information on the network.
  • Signature wrapping attack: Based on the cloud system, this type of attack uses the XML signature to ensure service integrity. Attackers can easily modify the communication between nodes on this layer by eavesdropping without invalidating the signature [30].

2.1.4. Perception Layer

This is considered one of the closest levels for the environment, wherein it is responsible for collecting packets and converting this information into digital signals and identifying objects [31]. The communication between the nodes in this layer and the attacker can directly access the devices-related attributes through physical attacks such as tag cloning and forgery attacks wherein hackers can easily spy on them. This layer has one of the main technologies consisting of various sensor nodes, cameras, and actuators, RFID readers, mobile phones, tablets, GPS, and others to communicate in the smart home. The technologies of the perception layer are usually affected by the energy and the computer [32]. This sensor device can operate in a hostile environment, and it can also be destroyed easily. The malicious attack on the sensor is considered one of the main challenges for the perception layer and the identification technology, which interferes with the data collection [33]. This attack on the perception layer generally aims at destroying communication and data collection. The entire system has a direct effect on efficiency.
  • Spoofing attack: The attacker uses many different fake source addresses by sending packets on the network across. By amplifying the attack, the attacker disguises a tag as a valid tag, which gains the same permission and service as the valid tag [34]. Spoofing attacks may lead to packet loss in the transmission process [35].
  • Sleep deprivation attack: The perception layer is limited by the battery power in the node. To prolong the life of the battery, it is necessary for the device to sleep when not in operation. This type of attack attempts to subvert this process by constantly controlling and sending information to the network devices [36].
  • Radio frequency jamming attack: This attack targets one of the key technologies of this layer, which consists of sensor nodes, cameras, actuators, tags / RFID readers, cell phones, tablets, GPS, and others to communicate in the smart home. The attacker can destroy the data collection process at the perception layer.

2.2. Attacks Based on the Smart Home Central Hub

We know that the internet of things made it easier than ever to set up a smart home that allows easy remote control of lights, thermostats doors, and other devices using a smartphone and an application. It also makes monitoring your smart home from anywhere simple. A smart security system is one that is highly customized and is available as full-blown setups or do-it-yourself kits that can include professional monitoring and installation.
IoT devices within smart homes are vulnerable to a wide range of device attacks. They interact with the internet and the physical world, enabling intelligent interaction between the surroundings and the physical world, but giving rise to cyber-security risks.
  • Threats in a smart home wield negative impacts that exploit security weaknesses in a system [37]. Different active threats, such as man-in-the-middle attack, spoofing attacks, Sybil attack, denial of service and malicious inputs, and passive attacks can affect the internet of things system within the smart home. Since the objective of the system is to allow intruders to access anytime, anywhere, attack vectors or surfaces also become accessible to intruders [38,39]. Therefore, potential threats are becoming more likely, wherein an intruder can have access to these devices. Generally, over the wireless network, smart home devices are usually connected, and an attacker can expose private information from the communication channel by eavesdropping. The secure smart home system is a challenging and complex task.
  • Software attack: The main source of security vulnerabilities in any network system is considered to be software attacks. Such attacks exploit deployment vulnerabilities in the router through its communication interface. This type of malware includes virus, denial of service, worms, and VPNfilter attack that allows injecting malicious code into the system.
  • Denial of service attack is a very common kind of attack used by attackers to disrupt an entire network and the router. The attacker uses multiple series requests to flood the router with message requests using internet control message protocol (ICMP) packets.
  • Packet mistreating attack: This type of attack is similar to a denial of service attack. A packet mistreating injects packets with malicious codes to disrupt and confuse networks; data packets appear to mistreat the router, which brings the positive result of the router starting to mistreat harmful packets within the network, but the routing processes can no longer handle the number of packets occurring on the routing table.
  • The VPNfilter attack is a common malware attack on routers wherein false information about routing is redirected by compromising the smart home system.

2.3. Physical Attack

Physical attacks interfere with the hardware components, and they are usually more inaccurate to run because they require expensive material.
  • Voltage supply attack is a powerful active type of attack that modifies the execution flow of a device by disrupting power supply.
  • Tampering attack: This type of attack is launched when the attacker is much closer to the network device and is forced to break hardware without any permission.

3. VPNFilter Malware in the Smart Home Network

Nowadays, the smart home has become very popular with this technology. Note, however, that owners of smart homes are faced with the high probability of hacking, malware attacks, and intrusion of privacy by people with malicious intent. Many of the smart home platforms rely on the home internet gateway to access the cloud to be able to function. In the event that attackers successfully manage to compromise the internet gateway, they may gain complete control of all household devices connected with the platform. Stamm et al. [40] suggested that an attack can be initiated when the client accesses an infected website, which automatically executes a Java applet on the code of the device. This script will fingerprint the home internet router’s internal IP addresses. The script establishes a reverse socket connection between the client and the attacker wherein the client’s IP address provides insight into the internal addressing schema.
Having complete information related to the router, the attacker takes advantage of the situation wherein most homeowners do not change the manufacturer-set default password and attempt a login query using the default vendor credentials. Upon successful login, the attacker will modify essential configuration settings and gain complete access to the home internet gateway. With the current mode of threat, however, no particular weakness of the home medium is exploited. Relying solely on blocking all unwanted inbound connections creates a false sense of security. A homeowner may accidentally and unknowingly initialize an attack script on internal devices, which in turn provides open access to the entire internal network. The attacker can now control all outbound connections and the home router administration.
Recently, some researchers from Cisco and Talos reported grave security threats to home internet gateways via a large-scale, advanced persistent threat to SOHO routers known as VPNFilter [41]. Specially engineered to attack routers, this malware can intercept the user’s internet traffic and manipulate the pages visited by the user. It can either steal typed passwords, including those on bank sites, or create fake copies of the page so that the victim does not know that they are being hit. This malware has powerful destructive capability that can leave the infected device unusable, and it can be triggered on individual victim machines. It can also switch off internet access for more than thousands of victims connected within the network worldwide [42]. Once installed in the router, this malware can stop the router from working, collect information from the system that runs through the network, and block network traffic.

3.1. VPNFilter Attack Vulnerability

Some analyses of the malware revealed a module- and multi-stage-based malware having the ability to manage data collection activities and the ability to disable devices completely, which allows access for distributed denial of attacks. Router platforms belonging to Linksys, TP-Link, Qnap, Netgear, and MikroTik implement home networks on internet gateways, making them more susceptible to the VPNFilter malware attack. This malware is also regarded as three-stage, since it infects the device responsible for distributing the internet indoors, and it can interfere with the navigation of all connected devices [43]. Figure 3 illustrates the malware penetration stages.
  • Stage 1. Penetration: it attempts to download a picture from either a photobucket or tokonowall, from which it can then extract the IP address of the stage 2 server hidden in image EXIF meta-data. The goal of this stage is simply to survive after the reboot or to determine the IP address of the server once terminated. The core malware code stays in the infected system and does not disappear, even if the device is restarted [27].
  • Stage 2. Filtration: the malware will proceed to download a non-persistent module from the attacker’s server. This module operates through a local working directory and communicates with the command and control (C&C) server to execute the commands. In particular, it communicates with the command and control server capable of collecting data and running command in the infected unit. This is done by overwriting a section of the device’s firmware and rebooting, rendering it unusable.
  • Stage 3. Deployment: the installation of a non-persistent packet sniffing module will extend the functionality of the malware. It will intercept the traffic and try to extract HTTP authentication strings as well as a communication plugin to enable remote communication using a secure network called Tor. It works as stage 2 plug-ins and includes a packet sniffer to spy on traffic routed through the device [16].
Researchers estimate that the VPNFilter malware has infected 500,000 routers across 54 nations since 2016. Common household routers make up a significant portion of these compromised routers [44]. During the initial infection vector, no known vulnerabilities have been identified, but many of the infected routers were either old or were left unpatched with generally known vulnerabilities that can be exploited. They also included open source vulnerabilities and often got dispatched with default login credentials.

3.2. Affected Vendors

Based on the scale of this research, it was initially believed that only Linksys, Netgear, TP-Link, and MikroTik routers were vulnerable, but the number of routers is increasing. Figure 4 illustrates most of the devices that are already affected by this new malware attack. Table 2 summarizes the specific routers’ features and their comparison.

4. Impact on the Smart Home Network

Everyday objects, wearables, houses, and entire cities are increasingly integrated with smart home technology. These connected, ubiquitous systems are not always recognizable, however. Such ubiquity leads to increasingly complex systems, but this complexity is difficult to protect because even the most diligent developers make mistakes. Many of these vulnerabilities or weaknesses in the systems are only found through communication. In relation to the cyber impact on smart homes, Coppolino et al. [53] proposed that a cyber-physical attack be characterized as a security breach in cyberspace that negatively influences the physical space. As illustrated in Figure 5, this results in breach of physical privacy and prevented, delayed, and unauthorized actuation.

4.1. Physical Impact

  • Delayed actuation: the research of Isaac et al. [54] demonstrated the smart home ZigBee sinkhole attack, as well as how it advertises itself as a favorable route via a rogue node to the ZigBee controller. This results in delayed actuation wherein a rogue node alters or drops the data carried forward from Zigbee sensors.
  • Breach of physical privacy: the privacy of an individual in a household for a given point in time or for long and extended periods can be invaded during the transmission of data via an eavesdropping attack [55]. Veracode, a security solutions provider, described the attack as seizing the wink relay touch controller to switch on the microphone to record background audio covertly. Using audio as a means of breaching physical privacy, a privacy violation that takes advantage of a software vulnerability found in the android debug bridge (ADB), which was subsequently patched in an update [56], is demonstrated. Many of the smart home devices are shipped with poor security solutions in place from their manufacturers. The lack of security exposes many areas of exploitation for violation of physical privacy. On the web are search engines that allow users to search for vulnerable devices connected to the internet, such as shodan.io. An attacker using these search engines may locate an insecure open port and record the header or banner information of any device. The data may include the type and model of the device used, its manufacturer, and the installed software version. According to Lin et al. [2], searching on shodan.io using a search query such as “has_screenshot: true port:554” resulted in an exhaustive list of camera devices along with their IP addresses, the screenshots captured by them, and their exact geographic location. With the help of such search engines, an attacker can gain access to surveillance cameras installed both in a home and outside, giving them complete visibility and knowledge of the victim’s daily routine in a smart home environment. There have even been concerns of an attacker gaining access to baby monitoring systems and covertly spying on children [57,58,59].
  • Prevented actuation was suggested by disabling the vacation mode on devices [60]. Users use this mode when they are away for an extended period to give any criminal the impression that the home is occupied. The user’s smartphone can interfere with this mode and disable the actuation expected by the users when they are away from home.

4.2. Cyber Impact

Some modern research shows that cyber threats have evolved and grown considerably, with traditional threats expanding to new forums—mobile devices, cloud computing, and social media [61,62]. This territory is also being expanded inevitably to smart home technologies.
  • Confidentiality: to ensure the confidentiality of user data, the most common techniques deployed are data encryption and access control. An event was described wherein an attacker orchestrated a snooping attack to obtain the pin code of a door lock by employing battery monitor smart applications [63]. The applications exploited an over-privilege weakness found in Samsung’s smart home environment to view the pin code in plain text format and send it across via SMS messaging service. Unlawful access to this data can result in unauthorized physical actuation. Access control is another method of safeguarding user data by defining the control access of specific users to system resources. Due to the limited resources available in smart home devices and embedded devices, however, complex data encryption cannot be implemented on them. As such, access control will provide inadequate protection.
  • Integrity: since smart devices are vulnerable, they require a security system in place to protect them in the event the data is modified and stolen, which may result in the server malfunctioning during data transmission [64]. Data is especially vulnerable when being accessed over a wireless network. The objective of maintaining the integrity of data is to ensure its trustworthiness and consistency across the lifecycle. Maintaining data integrity means that the data should not be altered or modified in any way between the source and the destination by any unauthorized entity. To execute a cyber-physical actuation attack, tampering with data integrity is often the route chosen by the attackers. As such, security in many smart homes may have likely been breached, causing the unauthorized manipulation of data. There have been reported incidents wherein digital photo frames caused malware infections. Another large-scale phishing attack was discovered in 2014 [65,66] wherein the phishing messages included the source addresses of household appliances such as interconnected refrigerators, which were used as messaging proxies to reroute the phishing emails. It is a fairly common practice among attackers in the cyber world to spoof the IP address in order to evade detection.
  • Availability: quality of service (QoS) is ensured with the security of information resources to maintain continuity of services. To deny services and make resources unavailable, attackers initiate jamming attacks and distributed denial of service (DDoS) attacks against their victims. In smart homes that operate wirelessly via wi-fi, a DDoS attack is first launched to gain access to home networks. After a successful DDoS attack, the attacker floods the network traffic, targeting its smart devices such as surveillance cameras to ensure that they can no longer transmit any data or receive any commands [67]. The research of Loukas et al. [68] described an attack for Zigbee on IEEE 802.15.4, which consisted of wideband and pulse denial and jamming.

4.3. Daily Life Impact

Intrusion in smart home security has grave implications on the household’s domestic life. A successful attack on a smart home will have a profound impact on domestic life with direct consequences that lead to damages in terms of health, financial loss, and safety. It will also result in an emotional cascading impact severely impacting the occupant’s physical and psychological well-being. After understanding how different kinds of cyber-attacks and physical attacks impact smart home technology, we know that cyber-attacks affect daily life. As such, there is a need for the development of processes and systems in support of such victims. Keeping in mind the presence of the internet of things, the network beyond the computer or the cell phone is a trend that has come to stay and change our lives. Connectivity has gone beyond its usual limits to be installed physically in our homes. Among aging societies in developed countries, e-health/telehealth will most likely be the most important feature of smart homes and the factor that will drive their development and market demand.

5. Open Issues, Challenges, and Solutions

5.1. Open Issues and Challenges

The growth of IoT devices used within smart home environments has led to higher security risks, and threats linked to the smart home’s inhabitants have been seen to increase. To explain these risks, we consider a scenario consisting of the taxonomy of malware in the smart home network. We have discussed threat detection and mitigation of VPNFilter malware. The scale of cyber-attacks is steadily growing. We should keep in mind that, if the entire smart home system is compromised, attackers will be able to steal personal or sensitive information and invade the privacy of the smart home’s inhabitants. They will be able to control the smart home system and even monitor residents inside the smart home environment. When referring to devices in a smart home, we consider several issues and challenges that arise in a smart home system. In particular, the rapid increase of its technologies gives rise to a lot of challenges in the local environment:
  • Privacy in smart home devices is one of the biggest challenges. In the case of unauthorized manipulation of software and hardware in smart home appliances, confidential information may leak. As an example, in the case of VPNfilter malware, the intruder will reprogram the router wherein it sends data in the form of packets not only to the servers but also for the attacker. This raises major societal concerns and issues related to privacy and data storage. It becomes a target for attackers who see it as a way to capture sensitive information about individuals, making them easy targets for attacks such as identity theft, phishing, or fraud [69].
  • Vulnerability: Various vulnerabilities as a weakness in the system allow an attacker to access unauthorized data and execute the command VPN filter. This was described as DOS attacks [70]. The smart home system based on two main components, software and hardware, quite often had design flaws. Software vulnerabilities based on malware can be found in the application software and the operating system of the devices. For example, in the router, it is hard to identify and fix hardware vulnerabilities [71]. Several technical vulnerabilities are found to have been caused by human weaknesses.
  • Software exploitation: Based on the smart home system and the devices therein, we should consider the possibility of infection by malicious software such as VPNfilter malware, DDoS, DOS, and others. Smart home devices are known to work autonomously, which leads the operating adversaries of systems to search for software vulnerabilities to exploit and gain access where the private information of the system is stored [72]. Nowadays, it is becoming the target of many attacks whose resulting traffic in the devices would serve to run VPNfilter and DOS attack. For example, DDoS attacks were launched using IoT devices against DNS servers to paralyze internet access [73].
  • Cost of a smart home: The cost is one of the biggest challenges that should be considered in a smart home environment under a cyber-security attack. The attack increases the cost for the users in terms of their well-being being affected and the devices being compromised. The psychological impact on the user’s health and the cost of replacing the infected devices also increase. The manufacturers suffer a cost impact in terms of providing increased security to assure their customers that their products are safe and secure to use. They are required to invest in developing devices that offer robust security measures [74,75].

5.2. Proposed Solution

The proposed Intrusion Detection System (IDS) by Abhiroop et al. analyzes packets and detects DDoS attacks in SDN switches using machine learning to predict the incoming traffic on the network [76]. The proposed IDS categorizes the network traffic, and it can be integrated into the IoT network. For anomaly detection using deep learning [77], none of them focus on Intrusion Detection aand Prevention System (IDPS) for protecting the edge router on smart home devices. Therefore, we propose a solution that will help handle not only VNPfilter, but also other different types of malware attacks such as DOS and DDoS on the edge router. Specifically, we design a framework for IDPS for a secure smart home system-based machine learning environment, which is presented in this section.
Considering the malware attack challenges, in addition to the abovementioned cyber threats, we believe that, in future smart homes, threats related to the VPNfilter can pose dangers on the life of the inhabitants. If the devices are infected, it is important to defend against this malware attack through the following: first, reset the router to its original factory settings, and it is also important to upgrade the router’s firmware, which can be found on the manufacturer’s website and is also known as one of the critical weak points on smart home devices; disable remote management and change the router login and password data for security because many devices come shipped with a default set password.
Smart home technology is applied in many fields. Therefore, we propose a strong framework, illustrated in Figure 6, which can help handle this VPNfilter malware for security system using network-based intrusion detection system (IDS) that allows monitoring traffic for attacks and intrusion prevention system (IPS) for securing the smart home using a machine learning algorithm to detect abnormal behaviors and attacks as early as possible and mitigate them as appropriate.
Our proposed idea involves securing many core aspects of the smart home architecture by avoiding anomalies; therefore, we propose an IDPS-based machine learning algorithm to predict and detect the anomaly.
  • The intrusion detection system is known as a device or a software application that automates the process of monitoring the event over the network or activities system for malicious activities. It helps analyze them for security problems. In case of a network attack, security has to be increased [78]. IDS will help detect possible intrusions, especially malware attacks on the network, such as VPNfilter, DOS, DDoS, and others. IDS is helpful for network operators in taking appropriate actions before an attack is launched on the system.
  • Intrusion prevention system is a passive system that scans incoming traffic. Once IDS identifies suspicious traffic, it can send an alert to IPS because it has the ability to block or prevent intrusions actively. IPS uses a preexisting database for signature recognition, and it can be programmed to detect attacks based on traffic and behavioral anomalies.
IDPS is a combination of two system forms, intrusion detection and intrusion prevention, for a more robust mechanism. Below are the key components of the IDPS framework:
  • Data collection is one of the important tools for designing machine learning and is considered to be the process of gathering information and measuring from countless different sources over the network. Data gathering within the network system will allow capturing a record of a past event if a hacker sends a malware packet and using data analysis to find recurring patterns by using machine learning algorithms organized in the form of dataset. As an example, we can use knowledge discovery databases (KDD), CSV, and others.
  • Data processing is a data mining technique that involves transforming raw data into an understandable format before feeding it to the algorithm. The preprocessing phase starts as soon as data is collected over the network.
  • Machine learning algorithm consists of three different types: (a) supervised learning, wherein all data are labeled and the algorithms learn how to predict the output from the input; (b) unsupervised learning, wherein all data are unlabeled and the algorithm learns the inherent structure of the input data; and (c) semi-supervised learning, which is the combination of supervised and unsupervised techniques and wherein most of the data are unlabeled.
The machine learning algorithm will be useful for predicting malicious host potentials and malicious connections, as illustrated in Figure 7. A prediction is known as a subset of machine learning application wherein these prediction results are used for the IDPS controller since it would allow setting security rules in order to protect the potentially vulnerable host and restrict access by possible intruders, blocking the entire subnet network if it is under attack or operating normally if not.
In data intake, considered to be the data generation phase, the data set is loaded from files and saved in the memory of the device. Second data transformation, which collects packets from the data intake, is the process of putting together data to normalize and transform them into a suitable algorithm. Third is feature extraction, which is the process of extracting data; it also represents important and relevant information related to the dataset. The fourth is model deployment using the ML technique, the stage that defines the number of iterations and wherein the results reveal whether the situation is normal or the device is under attack. Last is the model training dataset, wherein the model is trained to select the algorithm. Machine learning techniques are used in the anomaly IDPS by training a specific model that will improve the effectiveness of identifying intrusions and normal activities.

6. Conclusions

In this paper, we have described cyber-attacks on smart home devices, for which the number of reported instances of malicious attacks tends to increase; experts in cyber-security and researchers routinely uncover vulnerabilities used by cyber threats that could compromise consumer privacy, safety, and security. The smart home device can be compromised by malware attacks, so we have discussed different types of malware attack. A survey on cyber threats in a smart home environment was conducted, and a taxonomy that categorizes threats in the system was presented. We also discussed smart home technologies that present both opportunities and security risks. We then discussed, in detail, VPNfilter malware in a smart home. Internet of things-based smart homes are considered highly vulnerable to different cyber security threats; if a smart home is compromised, personal information and privacy will be at risk. Therefore, appropriate measures should be taken to make smart homes more secure and suitable to live in. We also described the impact on a smart home network and, finally, discussed in detail open issues and challenges and proposed solutions.

Author Contributions

All authors equally contributed.

Funding

This study was supported by the Advanced Research Project funded by the SeoulTech (Seoul National University of Science and Technology).

Conflicts of Interest

The authors declare no conflict of interest.

References

  1. Gavin Phillips Senior Writer. Available online: https://www.makeuseof.com/tag/spot-vpnfilter-malware-destroys-router/ (accessed on 18 September 2018).
  2. Denning, T.; Kohno, T.; Levy, H.M. Computer security and the modern home. Commun. ACM 2013, 56, 94–103. [Google Scholar] [CrossRef]
  3. Arias, O.; Ly, K.; Jin, Y. Security and privacy in the IoT era. In Smart Sensors at the IoT Frontier; Springer: Heidelberg, Germany, 2017; pp. 351–378. [Google Scholar]
  4. Fernandes, E.; Jung, J.; Prakash, A. Security analysis of emerging smart home applications. In Proceedings of the 2016 IEEE Symposium on Security and Privacy (SP), San Jose, CA, USA, 22–26 May 2016; pp. 636–654. [Google Scholar]
  5. Kirkham, T.; Armstrong, D.; Djemame, K.; Jiang, M. Risk-driven Smart Home resource management using cloud services. Future Gener. Comput. Syst. 2014, 38, 13–22. [Google Scholar] [CrossRef]
  6. Babar, S.; Stango, A.; Prasad, N.; Sen, J.; Prasad, R. Proposed embedded security framework for internet of things (IoT). In Proceedings of the 2nd International Conference on Wireless Communication, Vehicular Technology, Information Theory and Aerospace & Electronic Systems Technology (Wireless VITAE), Chennai, Indiam, 28 February–3 March 2011; pp. 1–5. [Google Scholar]
  7. Lee, C.; Zappaterra, L.; Choi, K.; Choi, H. Securing smart home: Technologies, security challenges, and security requirements. In Proceedings of the 2014 IEEE Conference on Communications and Network Security, San Francisco, CA, USA, 29–31 October 2014; pp. 67–72. [Google Scholar]
  8. Notra, S.; Siddiqi, M.; Gharakheili, H.; Sivaraman, V.; Boreli, R. An experimental study of security and privacy risks with emerging household appliances. In Proceedings of the 2014 IEEE Conference on Communications and Network Security, San Francisco, CA, USA, 29–31 October 2014; pp. 79–84. [Google Scholar]
  9. Arabo, A.; Brown, I.; El-Moussa, F. Privacy in the age of mobility and smart devices in smart homes. In Proceedings of the 2012 International Conference on Privacy, Security, Risk and Trust and 2012 International Conference on Social Computing, Amsterdam, The Netherlands, 3–5 September 2012; pp. 819–826. [Google Scholar]
  10. Sharma, K.; Ghose, M. Wireless sensor networks: An overview of its security threats. IJCA Spec. Issue Mob. Ad-Hoc Netw. MANETs 2010, 1, 42–45. [Google Scholar]
  11. Ray, S.; Peeters, E.; Tehranipoor, M.; Bhunia, S. System-on-chip platform security assurance: Architecture and validation. Proc. IEEE 2018, 106, 21–37. [Google Scholar] [CrossRef]
  12. Ray, S. System-on-chip security assurance for IoT devices: Cooperations and conflicts. In Proceedings of the 2017 IEEE Custom Integrated Circuits Conference (CICC), Austin, TX, USA, 30 April–3 May 2017; pp. 1–4. [Google Scholar]
  13. Farooq, M.; Waseem, M.; Khairi, A.; Mazhar, S. A critical analysis of the security concerns of the internet of things (IoT). Int. J. Comput. Appl. 2015, 111, 7. [Google Scholar]
  14. Khan, R.; Khan, S.U.; Zaheer, R.; Khan, S. Future internet: The internet of things architecture, possible applications, and key challenges. In Proceedings of the 10th International Conference on Frontiers of Information Technology, Islamabad, India, 17–19 December 2012; pp. 257–260. [Google Scholar]
  15. Wu, M.; Lu, T.J.; Ling, F.Y.; Sun, J.; Du, H. Research on the architecture of Internet of Things. In Proceedings of the 3rd International Conference on Advanced Computer Theory and Engineering (ICACTE), Chengdu, China, 20–22 August 2010; Volume 5, p. 484. [Google Scholar]
  16. Pateriya, R.; Sharma, S. The evolution of RFID security and privacy: A research survey. In Proceedings of the 2011 International Conference on Communication Systems and Network Technologies, Katra, Jammu, India, 3–5 June 2011; pp. 115–119. [Google Scholar]
  17. Mendez Mena, D.; Papapanagiotou, I.; Yang, B. Internet of things: Survey on security. Inf. Secur. J. A Glob. Perspect. 2018, 27, 162–182. [Google Scholar] [CrossRef]
  18. Zhu, B.; Joseph, A.; Sastry, S. A taxonomy of cyber attacks on SCADA systems. In Proceedings of the 2011 International conference on Internet of Things and 4th International Conference on Cyber, Physical and Social Computing, Washington, DC, USA, 19–22 October 2011; pp. 380–388. [Google Scholar]
  19. Cui, A.; Stolfo, S.J. A quantitative analysis of the insecurity of embedded network devices: Results of a wide-area scan. In Proceedings of the 26th Annual Computer Security Applications Conference, Austin, TX, USA, 6–10 December 2010; pp. 97–106. [Google Scholar]
  20. Mattern, F.; Floerkemeier, C. From the Internet of Computers to the Internet of Things. In From Active Data Management to Event-Based Systems and More; Springer: Berlin/Heidelberg, Germany, 2010; pp. 242–259. [Google Scholar]
  21. Sastry, A.S.; Sulthana, S.; Vagdevi, S. Security threats in wireless sensor networks in each layer. Int. J. Adv. Netw. Appl. 2013, 4, 1657–1661. [Google Scholar]
  22. Jan, M.A.; Nanda, P.; He, X.; Liu, R.P. A sybil attack detection scheme for a centralized clustering-based hierarchical network. In Proceedings of the 2015 IEEE Trustcom/BigDataSE/ISPA, Washington, DC, USA, 20–22 August 2015; Volume 1, pp. 318–325. [Google Scholar]
  23. Chelli, K. Security issues in wireless sensor networks: Attacks and countermeasures. In Proceedings of the World Congress on Engineering, London, UK, 1–3 July 2015; Volume 1. [Google Scholar]
  24. Das, S.; DebBarma, M.K. Hole Detection in Wireless Sensor Network: A Review. In Recent Findings in Intelligent Computing Techniques; Springer: Singapore, 2018; pp. 87–96. [Google Scholar]
  25. Chen, K.; Zhang, S.; Li, Z.; Zhang, Y.; Deng, Q.; Ray, S.; Jin, Y. Internet-of-Things Security and Vulnerabilities: Taxonomy, Challenges, and Practice. J. Hardw. Syst. Secur. 2018, 2, 97–110. [Google Scholar] [CrossRef]
  26. Srivastava, K.; Awasthi, A.K.; Kaul, S.D.; Mittal, R.C. A hash based mutual RFID tag authentication protocol in telecare medicine information system. J. Med. Syst. 2015, 39, 153. [Google Scholar] [CrossRef]
  27. Hossain, M.M.; Fotouhi, M.; Hasan, R. Towards an analysis of security issues, challenges, and open problems in the Internet of Things. In Proceedings of the 2015 IEEEWorld Congress on Services (SERVICES), New York, NY, USA, 27 June–2 July 2015; pp. 21–28. [Google Scholar]
  28. Padhy, R.P.; Patra, M.R.; Satapathy, S.C. Cloud computing: Security issues and research challenges. Int. J. Comput. Sci. Inf. Technol. Secur. IJCSITS 2011, 1, 136–146. [Google Scholar]
  29. Jensen, M.; Schwenk, J.; Gruschka, N.; Iacono, L.L. On technical security issues in cloud computing. In Proceedings of the 2009 IEEE International Conference on Cloud Computing (CLOUD’09), Washington, DC, USA, 21–25 September 2009; pp. 109–116. [Google Scholar]
  30. Zhang, W.; Qu, B. Security architecture of the Internet of Things oriented to perceptual layer. Int. J. Comput. Consum. Control IJ3C 2013, 2, 37–45. [Google Scholar]
  31. Li, L. Study on security architecture in the Internet of Things. In Proceedings of the 2012 International Conference on Measurement, Information and Control, Harbin, China, 18–20 May 2012; Volume 1, pp. 374–377. [Google Scholar]
  32. Kouicem, D.E.; Bouabdallah, A.; Lakhlef, H. Internet of things security: A top-down survey. Comput. Netw. 2018, 141, 199–221. [Google Scholar] [Green Version]
  33. Jia, X.; Feng, Q.; Fan, T.; Lei, Q. RFID technology and its applications in the Internet of Things (IoT). In Proceedings of the 2nd international conference on consumer electronics, communications, and networks (CECNet), Yichang, China, 21–23 April 2012; pp. 1282–1285. [Google Scholar]
  34. Deep, S.; Zheng, X.; Hamey, L. A survey of security and privacy issues in the Internet of Things from the layered context. arXiv 2019, arXiv:1903.00846. [Google Scholar]
  35. Borgohain, T.; Kumar, U.; Sanyal, S. Survey of security and privacy issues of internet of things. arXiv 2015, arXiv:1501.02211. [Google Scholar]
  36. Abomhara, M. Cybersecurity and the internet of things: Vulnerabilities, threats, intruders and attacks. J. Cyber Secur. Mobil. 2015, 4, 65–88. [Google Scholar] [CrossRef]
  37. Roman, R.; Zhou, J.; Lopez, J. On the features and challenges of security and privacy in distributed internet of things. Comput. Netw. 2013, 57, 2266–2279. [Google Scholar] [CrossRef]
  38. Babar, S.; Mahalle, P.; Stango, A.; Prasad, N.; Prasad, R. Proposed security model and threat taxonomy for the Internet of Things (IoT). In Proceedings of the International Conference on Network Security and Applications, Chennai, India, 23–25 July 2010; pp. 420–429. [Google Scholar]
  39. Stamm, S.; Ramzan, Z.; Jakobsson, M. Drive-by pharming. In Proceedings of the International Conference on Information and Communications Security, Zhengzou, China, 12–15 December 2007; pp. 495–506. [Google Scholar]
  40. William, L. Security Researcher for Cisco Talos. Available online: https://blog.talosintelligence.com/2018/05/ (accessed on 23 May 2018).
  41. MounirHahad Head of Threat Research at Juniper Networks, Threat Research. VPNFilter: A Global Threat beyond Routers. Available online: https://forums.juniper.net/t5/Threat-Research/VPNFilter-a-global-threat-beyond-routers/ba-p/327897 (accessed on 6 June 2018).
  42. DanGoodin. Available online: https://arstechnica.com/information-technology/2018/06/vpnfilter-malware-infecting-50000-devices-is-worse-than-we-thought/ (accessed on 6 June 2018).
  43. Mansfield-Devine, S. Nation-state hacking–a threat to everyone. Comput. Fraud Secur. 2018, 2018, 17–20. [Google Scholar] [CrossRef]
  44. Jokar, P.; Nicanfar, H.; Leung, V.C. Specification-based intrusion detection for home area networks in smart grids. In Proceedings of the 2011 IEEE International Conference on Smart Grid Communications (SmartGridComm), Brussels, Belgium, 17–20 October 2011; pp. 208–213. [Google Scholar]
  45. Suzanne Humphries. Available online: https://www.toptenreviews.com/wireless-routers-asus-rt-ac66u-review (accessed on 24 May 2017).
  46. Available online: https://eu.dlink.com/uk/en/products/dsr-500n-wireless-n-unified-services-router (accessed on 12 June 2019).
  47. Available online: https://adminportal.frontline.ca/App_Files/Hardware/Huawei-HG8245H-Manual.pdf (accessed on 12 June 2019).
  48. Available online: https://mikrotik.com/product/RB952Ui-5ac2nD (accessed on 12 June 2019).
  49. Available online: https://www.netgear.com/images/NG_WirelessRouterComparisonGuide24Sept1318-44305.pdf (accessed on 12 June 2019).
  50. Available online: https://help.ubnt.com/hc/en-us/articles/205142890-airMAX-How-to-Configure-a-Point-to-Point-Link-Layer-2-Transparent-Bridge- (accessed on 12 June 2019).
  51. Available online: https://www.tp-link.com/au/home-networking/wifi-router/tl-wr741nd/ (accessed on 12 June 2019).
  52. Available online: https://www.nivo.co.za/buy~zte.zxhn.h108n.wireless.n300.adsl2.router~p53277 (accessed on 12 June 2019).
  53. Coppolino, L.; DAlessandro, V.; Dantonio, S.; Levy, L.; Romano, L. My smart home is under attack. In Proceedings of the 2015 IEEE 18th International Conference on Computational Science and Engineering, Porto, Portugal, 21–23 October 2015; pp. 145–151. [Google Scholar]
  54. Ghansah, I. Smart Grid Cybersecurity Potential Threats, Vulnerabilities, and Risks; PIER Energy-Related Environmental Research Program, CEC-500-2012-047; California Energy Commission: Sacramento, CA, USA, 2009.
  55. Singh, S.; Singh, N. Internet of Things (IoT): Security challenges, business opportunities & reference architecture for E-commerce. In Proceedings of the 2015 International Conference on Green Computing and Internet of Things (ICGCIoT), Noida, India, 8–10 October 2015; pp. 1577–1581. [Google Scholar]
  56. The Mirror. Wake up Baby: Man Hacks into 10-Month-Old’s Baby Monitor to Watch Sleeping Infant. 2014. Available online: http://www.mirror.co.uk/news/world-news/man-hacks-10-month-olds-baby-monitor-3468827 (accessed on 30 June 2019).
  57. Albrecht, K.; Mcintyre, L. Privacy nightmare: When baby monitors go bad [opinion]. IEEE Technol. Soc. Mag. 2015, 34, 14–19. [Google Scholar] [CrossRef]
  58. The Independent. Baby Monitors ‘hacked’: Parents Warned to Be Vigilant after Voices Heard Coming from Speakers. 2016. Available online: http://www.independent.co.uk/life-style/gadgets and-tech/news/baby-monitors-hacked-parents-warned to be-vigilant-after-voices-heard-coming-from-speakers a6843346.html (accessed on 30 June 2019).
  59. Panwar, N.; Sharma, S.; Mehrotra, S.; Krzywiecki, Ł.; Venkatasubramanian, N. Smart Home Survey on Security and Privacy. arXiv preprint 2019, arXiv:1904.05476. [Google Scholar]
  60. Symantec Corp. Internet Security Threat Report. 2013, Volume 18. Available online: http://www.symantec.com/content/en/us/enterprise/other_resources/b-istr_main_report_v18_2012_21291018.en-us.pdf (accessed on 30 June 2019).
  61. Sophos, Security Threat Report. 2013. Available online: http://www.sophos.com/en-us/medialibrary/PDFs/other/sophossecuritythreatreport2013.pdf (accessed on 30 June 2019).
  62. Wongvises, C.; Khurat, A.; Fall, D.; Kashihara, S. Fault tree analysis-based risk quantification of smart homes. In Proceedings of the 2nd International Conference on Information Technology (INCIT), Nakhonpathom, Thailand, 2–3 November 2017; pp. 1–6. [Google Scholar]
  63. Guanciale, R.; Nemati, H.; Baumann, C.; Dam, M. Cache storage channels: Alias-driven attacks and verified countermeasures. In Proceedings of the 2016 IEEE Symposium on Security and Privacy (SP), San Jose, CA, USA, 22–26 May 2016; pp. 38–55. [Google Scholar]
  64. Kang, W.; Moon, S.; Park, J.H. An enhanced security framework for home appliances in smart home. Hum.-Centric Comput. Inf. Sci. 2017, 7, 6. [Google Scholar] [CrossRef] [Green Version]
  65. Tarala; Kelli, K. Dangers of Digital Photo Frames. 2009. Available online: http://www.enclavesecurity.com/dangers-of-digital-photo-frames/ (accessed on 30 June 2019).
  66. Huang, Q.; Zhang, Y.; Ge, Z.; Lu, C. Refining Wi-Fi-based indoor localization with Li-Fi assisted model calibration are smart buildings. In Proceedings of the 2016 International Conference on Computing in Civil and Building Engineering, Osaka, Japan, 6–8 July 2016; pp. 1–8. [Google Scholar]
  67. Khatoun, R.; Zeadally, S. Smart cities: Concepts, architectures, research opportunities. Commun. ACM 2016, 59, 46–57. [Google Scholar] [CrossRef]
  68. Heartfield, R.; Loukas, G.; Budimir, S.; Bezemskij, A.; Fontaine, J.R.; Filippoupolitis, A.; Roesch, E. A taxonomy of cyber-physical threats and impact in the smart home. Comput. Secur. 2018, 78, 398–428. [Google Scholar] [CrossRef] [Green Version]
  69. Bertino, E.; Martino, L.D.; Paci, F.; Squicciarini, A.C. Web services threats, vulnerabilities, and countermeasures. In Security for Web Services and Service-Oriented Architectures; Springer: Berlin/Heidelberg, Germany, 2009; pp. 25–44. [Google Scholar]
  70. Souri, A.; Hosseini, R. A state-of-the-art survey of malware detection approaches using data mining techniques. Hum. Centric Comput. Inf. Sci. 2018, 8, 3. [Google Scholar] [CrossRef]
  71. Choi, S.Y.; Lim, C.G.; Kim, Y.M. Automated Link Tracing for Classification of Malicious Websites in Malware Distribution Networks. J. Inf. Process. Syst. 2019, 15, 100–115. [Google Scholar]
  72. Geneiatakis, D.; Kounelis, I.; Neisse, R.; Nai-Fovino, I.; Steri, G.; Baldini, G. Security and privacy issues for an IoT based smart home. In Proceedings of the 40th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), Opatija, Croatia, 22–26 May 2017; pp. 1292–1297. [Google Scholar]
  73. Chronopoulos, M.; Panaousis, E.; Grossklags, J. An options approach to cybersecurity investment. IEEE Access. 2018, 6, 12175–12186. [Google Scholar] [CrossRef]
  74. Gordon, L.A.; Loeb, M.P.; Lucyshyn, W.; Zhou, L. The impact of information sharing on cybersecurity underinvestment: A real options perspective. J. Account. Public Policy 2015, 34, 509–519. [Google Scholar] [CrossRef]
  75. Xie, J.; Yu, F.R.; Huang, T.; Xie, R.; Liu, J.; Wang, C.; Liu, Y. A survey of machine learning techniques applied to software defined networking (SDN): Research issues and challenges. IEEE Commun. Surv. Tutor. 2018, 21, 393–430. [Google Scholar] [CrossRef]
  76. Abhiroop, T.; Babu, S.; Manoj, B.S. A Machine Learning Approach for Detecting DoS Attacks in SDN Switches. In Proceedings of the 2018 Twenty Fourth National Conference on Communications (NCC), Hyderabad, India, 25–28 February 2018; pp. 1–6. [Google Scholar]
  77. Thamilarasu, G.; Chawla, S. Towards Deep-Learning-Driven Intrusion Detection for the Internet of Things. Sensors 2019, 19, 1977. [Google Scholar] [CrossRef]
  78. Jokar, P.; Leung, V.C. Intrusion detection and prevention for zigbee-based home area networks in smart grids. IEEE Trans. Smart Grid 2016, 9, 1800–1811. [Google Scholar] [CrossRef]
Applsci 09 02763 g001 550
Figure 1. Smart home architecture.
Figure 1. Smart home architecture.
Applsci 09 02763 g001
Applsci 09 02763 g002 550
Figure 2. Taxonomy of malware attacks in the smart home.
Figure 2. Taxonomy of malware attacks in the smart home.
Applsci 09 02763 g002
Applsci 09 02763 g003 550
Figure 3. Malware penetration stages.
Figure 3. Malware penetration stages.
Applsci 09 02763 g003
Applsci 09 02763 g004 550
Figure 4. Infected router.
Figure 4. Infected router.
Applsci 09 02763 g004
Applsci 09 02763 g005 550
Figure 5. Impact of the smart home system.
Figure 5. Impact of the smart home system.
Applsci 09 02763 g005
Applsci 09 02763 g006 550
Figure 6. Smart home architecture with IDPS-based machine learning.
Figure 6. Smart home architecture with IDPS-based machine learning.
Applsci 09 02763 g006
Applsci 09 02763 g007 550
Figure 7. Schematic workflow of the proposed IDPS.
Figure 7. Schematic workflow of the proposed IDPS.
Applsci 09 02763 g007
Table
Table 1. Contribution of our survey in related to existing surveys.
Table 1. Contribution of our survey in related to existing surveys.
Research WorkSecurity IssuesRisk AnalysisSecurity SolutionsPrivacy IssuePrivacy Solutions
Denning et al. [2]
Kirkham et al. [5]
Babar et al. [6]
Lee et al. [7]
Notra et al. [8]
Arabo et al. [9]
This paper
Table
Table 2. Comparison of router features.
Table 2. Comparison of router features.
RoutersAsus RT-AC66U [45]D-link DSR-[44,46] 500N(2)Huawei HG8245 [47]Mikroik RB952 [48]Netgear WNR2000 [49]Ubiquiti PBE M5 [50]Tp-link TL-WR741ND [51]ZTE ZXHN [44,52] H108N
Features
Wifi speed130 Mbps 300 Mbps54 Mbps10/100 Mbps300 Mbps200 Mbps150 Mbps300 Mbps
Wi-fi standard802.11 ac802.11 b/g/n802.11 b/g/n802.11 b/g/n 802.11 b/g802.11 g/n 802.11 b/g/n802.11 b/g/n
Network mapping✓ 0
Easy QoS management✓ 0
VPN support✓ 0
Security vulnerabilities✓ 0
SecurityWEP, WPA, WPA2, WPS, Radious serverWEP, WPA, WPA2WPA-psk, WPA2-psk
WPA, WPA2		WEP, WPA, WPA2WEP, WPA, WPA2-enterpiseWPA2-AESWPA/WPA2WEP, WPA/WPA2
LAN port44454444

Share and Cite

MDPI and ACS Style

Sapalo Sicato, J.C.; Sharma, P.K.; Loia, V.; Park, J.H. VPNFilter Malware Analysis on Cyber Threat in Smart Home Network. Appl. Sci. 2019, 9, 2763. https://doi.org/10.3390/app9132763

AMA Style

Sapalo Sicato JC, Sharma PK, Loia V, Park JH. VPNFilter Malware Analysis on Cyber Threat in Smart Home Network. Applied Sciences. 2019; 9(13):2763. https://doi.org/10.3390/app9132763

Chicago/Turabian Style

Sapalo Sicato, Jose Costa, Pradip Kumar Sharma, Vincenzo Loia, and Jong Hyuk Park. 2019. "VPNFilter Malware Analysis on Cyber Threat in Smart Home Network" Applied Sciences 9, no. 13: 2763. https://doi.org/10.3390/app9132763

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop