Anthi, Eirini, Williams, Lowri, Ieropoulos, Vasilis and Spyridopoulos, Theodoros ORCID: https://orcid.org/0000-0001-7575-9909 2024. Investigating radio frequency vulnerabilities in the Internet of Things (IoT). IoT 5 (2) , pp. 356-380. 10.3390/iot5020018 |
Preview |
PDF
- Published Version
Available under License Creative Commons Attribution. Download (1MB) | Preview |
Abstract
With the increase in the adoption of Internet of Things (IoT) devices, the security threat they face has become more pervasive. Recent research has demonstrated that most IoT devices are insecure and vulnerable to a range of cyber attacks. The impact of such attacks can vary significantly, from affecting the service of the device itself to putting their owners and their personal information at risk. As a response to improving their security, the focus has been on attacks, specifically on the network layer. However, the importance and impact of other vulnerabilities, such as low-level Radio Frequency (RF) attacks, have been neglected. Such attacks are challenging to detect, and they can be deployed using non-expensive equipment and can cause significant damage. This paper explores security vulnerabilities that target RF communications on popular commercial IoT devices such as Wi-Fi, Zigbee, and 433 Mz. Using software-defined radio, a range of attacks were deployed against the devices, including jamming, replay attacks, packet manipulation, protocol reverse engineering, and harmonic frequency attacks. The results demonstrated that all devices used were susceptible to jamming attacks, and in some cases, they were rendered inoperable and required a hard reset to function correctly again. This finding highlights the lack of protection against both intentional and unintentional jamming. In addition, all devices demonstrated that they were susceptible to replay attacks, which highlights the need for more hardened security measures. Finally, this paper discusses proposals for defence mechanisms for enhancing the security of IoT devices against the aforementioned attacks.
Item Type: | Article |
---|---|
Date Type: | Publication |
Status: | Published |
Schools: | Computer Science & Informatics |
Publisher: | MDPI |
ISSN: | 2624-831X |
Date of First Compliant Deposit: | 6 June 2024 |
Date of Acceptance: | 5 June 2024 |
Last Modified: | 12 Jun 2024 13:37 |
URI: | https://orca.cardiff.ac.uk/id/eprint/169518 |
Actions (repository staff only)
Edit Item |