Question

In: Computer Science

In April 2019, Paul Marrapese, an independent security researcher from San Jose, California, has published research...

In April 2019, Paul Marrapese, an independent security researcher from San Jose,
California, has published research warning that peer-to-peer software developed by
Shenzhen Yunni Technology firm, that's used in millions of IoT devices around the world,
has a vulnerability that could allow an attacker to eavesdrop on conversations or press
household items into service as nodes in a botnet.
The software, called iLnkP2P, is designed to enable a user to connect to IoT devices from
anywhere by using a smartphone app. The iLnkP2P functionality is built into a range of
products from companies that include HiChip, TENVIS, SV3C, VStarcam, Wanscam, NEO
Coolcam, Sricam, Eye Sight, and HVCAM.
What Marrapese found is that as many as 2 million devices, and possibly more, using
iLnkP2P software for P2P communication do not have authentication or encryption
controls built-in, meaning that an attacker could directly connect to a device and bypass
the firewall. Marrapese discovered the iLinkP2P flaw after buying an inexpensive IoT-
connected camera on Amazon.
"I found that I was able to connect to it externally without any sort of port forwarding,
which both intrigued and concerned me," Marrapese told Information Security Media
Group. "I found that the camera used P2P to achieve this, and started digging into how
it worked. From there, I quickly learned how ubiquitous and dangerous it was."
While the flaws with the iLnkP2P peer-to-peer software apparently have not yet been
exploited in the wild, Marrapses believes it's better for consumers to know now before
an attacker decides to start taking advantage of this particular vulnerability.
"There have been plenty of stories in the past about IP cameras and baby monitors being
hacked, but I believe iLnkP2P is a brand new vector not currently being exploited in the
wild," Marrapese says. "With that being said, the biggest motivation behind this
disclosure is to inform consumers before it's too late - because I believe it's only a matter
of time."
As part of his research, Marrapese says he attempted to contact not only Shenzhen
Yunni Technology but also several of the IoT manufacturers that use the company's P2P

software. As of Monday, even after publishing results, he had not heard back from
anyone.
Users of IoT devices that make use of the iLnkP2P software scan a barcode or copy a six-
digit number that is included in the product. From there, the owner can access the
device from a smartphone app.
It's through these unique identifier numbers that Marrapese was able to discover that
each device manufacturer used a specific alphabetic prefix to identify their particular
product. For instance, HiChip uses "FFFF" as a prefix for the identification number for its
devices. Once Marrapese was able to identify these devices through the unique number
systems, he created several proof-of-concept attacks that took advantage of the flaws
in the software.
[Source: https://www.databreachtoday.com/2-million-iot-devices-have-p2p-software-
flaw-researcher-a-12428 Accessed July 2020]

a) In this case study, it is mentioned that vulnerable IoT devices can service as nodes
in a botnet. Explain the working mechanism of a Botnet. Discuss any two attacks
carried out by a botnet.

b) Report the importance of security in IoT devices. How does encryption help improve
security for these devices?

c) Discuss the importance of lightweight cryptography in IoT enabled low-power
devices. List the potential lightweight cryptographic algorithms for low-power IoT
devices.

Solutions

Expert Solution

THANK YOU!! PLEASE VOTE


Related Solutions

In April 2019, Paul Marrapese, an independent security researcher from San Jose, California, has published research...
In April 2019, Paul Marrapese, an independent security researcher from San Jose, California, has published research warning that peer-to-peer software developed by Shenzhen Yunni Technology firm, that's used in millions of IoT devices around the world, has a vulnerability that could allow an attacker to eavesdrop on conversations or press household items into service as nodes in a botnet. The software, called iLnkP2P, is designed to enable a user to connect to IoT devices from anywhere by using a smartphone...
Case study In April 2019, Paul Marrapese, an independent security researcher from San Jose, California, has...
Case study In April 2019, Paul Marrapese, an independent security researcher from San Jose, California, has published research warning that peer-to-peer software developed by Shenzhen Yunni Technology firm, that's used in millions of IoT devices around the world, has a vulnerability that could allow an attacker to eavesdrop on conversations or press household items into service as nodes in a botnet. The software, called iLnkP2P, is designed to enable a user to connect to IoT devices from anywhere by using...
An article in the San Jose Mercury News stated that students in the California state university...
An article in the San Jose Mercury News stated that students in the California state university system take 5 years, on average, to finish their undergraduate degrees. A freshman student believes that the mean time is less and conducts a survey of 38 students. The student obtains a sample mean of 6.1 with a sample standard deviation of 1.5. Is there sufficient evidence to support the student's claim at an α=0.01α=0.01 significance level? Determine the null and alternative hypotheses. Enter...
An article in the San Jose Mercury News stated that students in the California state university...
An article in the San Jose Mercury News stated that students in the California state university system take 4 years, on average, to finish their undergraduate degrees. A freshman student believes that the mean time is less and conducts a survey of 68 students. The student obtains a sample mean of 5.7 with a sample standard deviation of 0.6. Is there sufficient evidence to support the student's claim at an α=0.01α=0.01 significance level? Preliminary: Is it safe to assume that...
An article in the San Jose Mercury News stated that students in the California state university...
An article in the San Jose Mercury News stated that students in the California state university system take 4.5 years, on average, to finish their undergraduate degrees. Suppose you believe that the mean time is longer. You conduct a survey of 46 students and obtain a sample mean of 5.1 with a sample standard deviation of 1.2. Do the data support your claim at the 1% level? Note: If you are using a Student's t-distribution for the problem, you may...
GeoPetro is independent oil and natural gas Company with headquarters in San Francisco, California. It recently...
GeoPetro is independent oil and natural gas Company with headquarters in San Francisco, California. It recently received an audit opinion that expressed a going concern paragraph. The following is an excerpt from GeoPetro’s 2012 report: The accompanying consolidated financial statements have been prepared assuming that the Company will continue as a going concern. As discussed in Note 2 to the consolidated financial statements, the Company has incurred recurring net losses that have resulted in an accumulated deficit of $49.7 million...
GeoPetro is independent oil and natural gas Company with headquarters in San Francisco, California. It recently...
GeoPetro is independent oil and natural gas Company with headquarters in San Francisco, California. It recently received an audit opinion that expressed a going concern paragraph. The following is an excerpt from GeoPetro’s 2012 report: The accompanying consolidated financial statements have been prepared assuming that the Company will continue as a going concern. As discussed in Note 2 to the consolidated financial statements, the Company has incurred recurring net losses that have resulted in an accumulated deficit of $49.7 million...
GeoPetro is independent oil and natural gas Company with headquarters in San Francisco, California. It recently...
GeoPetro is independent oil and natural gas Company with headquarters in San Francisco, California. It recently received an audit opinion that expressed a going concern paragraph. The following is an excerpt from GeoPetro’s 2012 report: The accompanying consolidated financial statements have been prepared assuming that the Company will continue as a going concern. As discussed in Note 2 to the consolidated financial statements, the Company has incurred recurring net losses that have resulted in an accumulated deficit of $49.7 million...
A major coffee supplier has warehouses in Seattle and San Jose. The coffee supplier receives orders...
A major coffee supplier has warehouses in Seattle and San Jose. The coffee supplier receives orders from coffee retailers in Salt Lake City and Reno. The retailer in Salt Lake City needs 550 pounds of coffee, and the retailer in Reno needs 300 pounds of coffee. The Seattle warehouse has 800 pounds available, and the warehouse in San Jose has 650 pounds available. The cost of shipping from Seattle to Salt Lake City is $2.50 per pound, from Seattle to...
1. Bonds at Par – On April 1st 2019, Paul Jones issued at par $180,000 7%,...
1. Bonds at Par – On April 1st 2019, Paul Jones issued at par $180,000 7%, four-year bond. Interest is to be paid quarterly beginning July 1st, 2019. Paul Jones year-end is September 30th. Record the entry for: • the issuance of the bond on April 1st 2019 • the first payment of interest • the year-end adjustment 2. Bonds Issued Between Interest Dates – Bonds with a par value of $250,000 dated 31st May, and which pay 9% annual...
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT