We tell you what IoT Inspector is and how it works.
/ photo PD
About the security of the Internet of Things
At the consulting firm Bain & Company () say that from 2017 to 2021 the volume of the IoT market will double: from 235 to 520 billion dollars. For smart home gadgets . Information security experts are concerned about such growth rates.
On , in 40% of cases at least one smart device has a critical vulnerability that endangers the entire home network. At Kaspersky Lab that in the first quarter of last year, smart gadgets were hit by three times more attacks than in the whole of 2017.
To protect smart devices, employees of IT companies and universities are developing new software tools. from Princeton University open platform Princeton IoT Inspector. This is a desktop application that monitors the behavior and operation of IoT devices in real time.
How the system works
IoT Inspector monitors the activity of IoT devices on the network using technology . It can be used to analyze device traffic. The system collects anonymous information about network traffic to detect suspicious activity. However, data such as IP and MAC addresses are not taken into account.
When sending ARP packets :
class ArpScan(object):
def __init__(self, host_state):
assert isinstance(host_state, HostState)
self._lock = threading.Lock()
self._active = True
self._thread = threading.Thread(target=self._arp_scan_thread)
self._thread.daemon = True
def start(self):
with self._lock:
self._active = True
utils.log('[ARP Scanning] Starting.')
self._thread.start()
def _arp_scan_thread(self):
utils.restart_upon_crash(self._arp_scan_thread_helper)
def _arp_scan_thread_helper(self):
while True:
for ip in utils.get_network_ip_range():
time.sleep(0.05)
arp_pkt = sc.Ether(dst="ff:ff:ff:ff:ff:ff") /
sc.ARP(pdst=ip, hwdst="ff:ff:ff:ff:ff:ff")
sc.sendp(arp_pkt, verbose=0)
with self._lock:
if not self._active:
return
def stop(self):
utils.log('[ARP Scanning] Stopping.')
with self._lock:
self._active = False
self._thread.join()
utils.log('[ARP Scanning] Stopped.')
After analyzing the network, the IoT Inspector server determines which sites the IoT gadgets communicate with, how often they do it, and in what volumes they transmit and receive packets. As a result, the system helps to identify suspicious resources to which PD can be sent without the user's knowledge.
For now, the app only works on macOS. You can download the zip archive at . To install, you need macOS High Sierra or Mojave, Firefox or Chrome browser. The app doesn't work in Safari. Installation and configuration guide .
This year, the developers promised to add a version for Linux, and in May - an application for Windows. The project source code is .
Potential and disadvantages
The developers say the system will help IT companies look for vulnerabilities in IoT device software and create more secure smart devices. Even now, the tool can detect security and performance-related vulnerabilities.
IoT Inspector finds devices that communicate too often, even when no one is using them. The tool also helps detect smart devices that slow down the network, such as downloading updates too often.
IoT Inspector still has some drawbacks. Since the application is experimental, it has not yet been tested on all IoT devices with different configurations. Therefore, the tool itself can have a negative impact on the performance of smart gadgets. For this reason, the authors do not recommend connecting the application to medical gadgets.
Right now, the developers are focusing on fixing bugs, but in the future, the Princeton University team plans to expand the functionality of their application and introduce machine learning algorithms into it. They will help increase the probability of detecting DDoS attacks up to 99%. You can get acquainted with all the ideas of researchers in .
Other IoT projects
A group of American developers who are collaborating with Danny Goodman, author of books on JavaScript and HTML, are creating a tool to monitor the Internet of Things ecosystem - .
The goal of the project is to combine smart home IoT gadgets into a single network and centralize management. The developers say that devices from different manufacturers often cannot communicate with each other and work in isolation. To solve the problem, the authors of the initiative created software that can work with different network protocols, gadgets and client applications.
List of supported devices . You can also find there ΠΈ .
Another open project - . The authors of the initiative share software solutions and source code for creating a personalized IoT network based on the Raspberry Pi. The site has a large number of guides with which you can build network of sensors , and also set up .
/ photo PD
The future of such solutions
Open source projects, libraries and frameworks are increasingly appearing on the IoT market. The Linux Foundation, which also works in the field of IoT (they created the operating system ) say that open source tools are considered more secure. This opinion is due to the fact that the "collective mind" of the community of information security experts is involved in their development. From all this, we can conclude that projects like the IoT Inspector will appear more and more often and will help make this segment of devices more secure.
Posts from the First Enterprise IaaS Blog:
Source: habr.com