Back To The Basics: Security of Software Downloads for Smart Objects
Pages 71 - 76
Abstract
Smart objects will soon pervade our homes, cities, factories, plants, and hospitals and this fact will introduce widespread important risks for the society as a whole, due to unavoidable security vulnerabilities of those objects. The problem of updating the software of smart objects in order to fix vulnerabilities will thus become of crucial importance. In this work we investigate the security of current software download environments for smart objects. This investigation allows gaining important insights into the security awareness of organizations that distribute software across the web and, more broadly, on their readiness to take control of our everyday life.
References
[1]
{n. d.}. Google Safe Browsing. https://safebrowsing.google.com/. Accessed: 2018-8-18.
[2]
Nate Anderson. 2013. How a banner ad for H&R Block appeared on apple.com---without Apple's OK. https://arstechnica.com/tech-policy/2013/04/how-a-banner-ad-for-hs-ok/. Accessed: 2018-8-18.
[3]
Ross Anderson. 2018. Making Security Sustainable. Commun. ACM 61, 3 (Feb. 2018), 24--26.
[4]
Alberto Bartoli, Giorgio Davanzo, and Eric Medvet. 2009. The reaction time to web site defacements. IEEE Internet Computing 13, 4 (2009).
[5]
Kevin Borgolte, Christopher Kruegel, and Giovanni Vigna. 2015. Meerkat: Detecting Website Defacements through Image-based Object Recognition. In USENIX Security Symposium. 595--610.
[6]
Russell Brandom. 2015. New vulnerability lets attackers hijack Chrysler vehicles remotely. https://www.theverge.com/2015/7/21/9009213/chrysler-uconnect-vulnerability-car-hijack. Accessed: 2018-8-18.
[7]
Matt Burgess. {n. d.}. Smart dildos and vibrators keep getting hacked -- but Tor could be the answer to safer connected sex. https://www.wired.co.uk/article/sex-toy-bluetooth-hacks-security-fix. Accessed: 2018-8-18.
[8]
Kate Conger. 2016. Apple will require HTTPS connections for iOS apps by the end of 2016. TechCrunch (June 2016).
[9]
Giorgio Davanzo, Eric Medvet, and Alberto Bartoli. 2011. Anomaly detection techniques for a web defacement monitoring service. Expert Systems with Applications 38, 10 (2011), 12521--12530.
[10]
Lorenzo Franceschi-Bicchierai. 2017. A Hackable Dishwasher Is Connecting Hospitals to the Internet of Shit. https://motherboard.vice.com/en_us/article/pg9qkv/a-hackable-dishwasher-is-connecting-hospitals-to-the-internet-of-shit. Accessed: 2018-8-19.
[11]
Nakibly Gabi, Schcolnik Jaime, and Rubin Yossi. 2016. Website-Targeted False Content Injection by Network Operators. In USENIX Security Symposium.
[12]
Ryan Gallagher and Glenn Greenwald. 2014. How the NSA Plans to Infect 'Millions' of Computers with Malware. https://theintercept.com/2014/03/12/nsa-plans-infect-millions-computers-malware/. Accessed: 2018-8-18.
[13]
Sujata Garera, Niels Provos, Monica Chew, and Aviel D Rubin. 2007. A framework for detection and measurement of phishing attacks. In Proceedings of the 2007 ACM workshop on Recurring malcode. ACM, 1--8.
[14]
Google. 2018. Protecting users with TLS by default in Android P. https://android-developers.googleblog.com/2018/04/protecting-users-with-tls-by-default-in.html. Accessed: 2018-4-12.
[15]
Andy Greenberg, Emily Dreyfuss, Brian Barrett, Danny Gold, Issie Lapowsky, and Lily Hay Newman. 2018. How Hacked Water Heaters Could Trigger Mass Blackouts. Wired (Aug. 2018).
[16]
Andy Greenberg, Lily Hay Newman, Emily Dreyfuss, Brian Barrett, Danny Gold, and Issie Lapowsky. 2014. Hacker Redirects Traffic From 19 Internet Providers to Steal Bitcoins. Wired (Aug. 2014).
[17]
Mikko Hypponen and Linus Nyman. 2017. The Internet of (Vulnerable) Things: On Hypponen's Law, Security Engineering, and IoT Legislation. Technology Innovation Management Review (April 2017).
[18]
Doowon Kim, Bum Jun Kwon, and Tudor Dumitraş. 2017. Certified Malware: Measuring Breaches of Trust in the Windows Code-Signing PKI. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM, 1435--1448.
[19]
Justin Ma, Lawrence K Saul, Stefan Savage, and Geoffrey M Voelker. 2011. Learning to detect malicious urls. ACM Transactions on Intelligent Systems and Technology (TIST) 2, 3 (2011), 30.
[20]
John Markoff. 2016. Why Light Bulbs May Be the Next Hacker Target. The New York Times (Nov. 2016).
[21]
Eric Medvet, Alberto Bartoli, Giorgio Davanzo, and Andrea De Lorenzo. 2011. Automatic face annotation in news images by mining the web. In Proceedings of the 2011 IEEE/WIC/ACM International Conferences on Web Intelligence and Intelligent Agent Technology-Volume 01. IEEE Computer Society, 47--54.
[22]
Eric Medvet, Alberto Bartoli, and Giulio Piccinin. 2014. Publication venue recommendation based on paper abstract. In Tools with Artificial Intelligence (ICTAI), 2014 IEEE 26th International Conference on. IEEE, 1004--1010.
[23]
Youssef Meguebli, Mouna Kacimi, Bich-Liên Doan, and Fabrice Popineau. 2014. Unsupervised Approach for Identifying Users' Political Orientations. In ECIR.
[24]
Shaun Nichols. 2018. AWS DNS network hijack turns MyEtherWallet into ThievesEtherWallet. https://www.theregister.co.uk/2018/04/24/myetherwallet_dns_hijack/. Accessed: 2018-8-18.
[25]
Charlie Osborne. 2018. Over a dozen vulnerabilities uncovered in BMW vehicles | ZDNet. https://www.zdnet.com/article/over-a-dozen-vulnerabilities-uncovered-in-bmw-vehicles/. Accessed: 2018-8-18.
[26]
Marco Prandini, Marco Ramilli, Walter Cerroni, and Franco Callegati. 2010. Splitting the HTTPS Stream to Attack Secure Web Connections. IEEE Security and Privacy 8, 6 (Nov. 2010), 80--84.
[27]
Emily Schechter. 2018. A milestone for Chrome security: marking HTTP as "not secure". https://www.blog.google/products/chrome/milestone-chrome-security-marking-http-not-secure/. Accessed: 2018-8-18.
[28]
Fred B Schneider. 2018. Impediments with Policy Interventions to Foster Cybersecurity. Commun. ACM 61, 3 (Feb. 2018), 36--38.
[29]
Ms Smith. 2017. 465,000 Abbott pacemakers vulnerable to hacking, need a firmware fix. https://www.csoonline.com/article/3222068/hacking/465000-abbott-pacemakers-vulnerable-to-hacking-need-a-firmware-fix.html. Accessed: 2018-8-18.
[30]
Monica Chiarini Tremblay, Carlos Parra, and Arturo Castellanos. 2015. Analyzing Corporate Social Responsibility Reports Using Unsupervised and Supervised Text Data Mining. In International Conference on Design Science Research in Information Systems. Springer, 439--446.
[31]
Steven Van Acker, Daniel Hausknecht, and Andrei Sabelfeld. 2017. Measuring Login Webpage Security. In Proceedings of the Symposium on Applied Computing (SAC '17). ACM, New York, NY, USA, 1753--1760.
[32]
Josephine Wolff. 2017. The Ransomware Attack That Locked Hotel Guests Out of Their Rooms. http://www.slate.com/articles/technology/future_tense/2017/02/the_ransomware_attack_that_locked_hotel_guests_out_of_their_rooms.html. Accessed: 2018-8-18.
Index Terms
- Back To The Basics: Security of Software Downloads for Smart Objects
Recommendations
Blockchain Based Owner-Controlled Secure Software Updates for Resource-Constrained IoT
Network and System SecurityAbstractWith a large number of connected Internet of Things (IoT) devices deployed across the world, they have become popular targets of malicious attacks raising great security challenges. Many manufacturers are making great efforts to keep the software ...
Smart Objects as Building Blocks for the Internet of Things
The combination of the Internet and emerging technologies such as near-field communications, real-time localization, and embedded sensors lets us transform everyday objects into smart objects that can understand and react to their environment. Such ...
Internet of Things: Possibilities and Challenges
Internet of Things IoT is a novel approach of connecting things/objects and thus transmitting information between various entities of the physical world or to the control centers where this information can be interpreted. IoT has been poised as the next ...
Comments
Information & Contributors
Information
Published In
November 2018
316 pages
ISBN:9781450365819
DOI:10.1145/3284869
- General Chairs:
- Marco Furini,
- Silvia Mirri,
- Kevin Bouchard,
- Publications Chair:
- Barbara Guidi
Copyright © 2018 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
In-Cooperation
- EAI: The European Alliance for Innovation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 28 November 2018
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
Goodtechs '18
Goodtechs '18: International Conference on Smart Objects and Technologies for Social Good
November 28 - 30, 2018
Bologna, Italy
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 62Total Downloads
- Downloads (Last 12 months)1
- Downloads (Last 6 weeks)0
Reflects downloads up to 05 Mar 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in