![]() ![]() Through a combination of static and dynamic analysis, the nonce generating algorithm is found to be based on a nonce round key that updates every secure frame transaction. The memory introspection capability is applied to determine how nonces are generated by Z-Wave devices to prevent replay attacks. In all three devices, the firmware image is modified to include the memory introspection capability by hooking an existing data exfiltration mechanism used by the device. In this work, a memory introspection capability is developed for three Z-Wave devices containing a ZW0301, a Z-Wave transceiver system-on-chip. While there are a variety of open source tools for analyzing Z-Wave frames, inspecting non-volatile memory, and disassembling firmware, there are no dynamic analysis tools allowing one to inspect the internal state of a Z-Wave transceiver while it is running. The proprietary nature of Z-Wave devices makes it difficult to determine their security aptitude. ![]() Z-Wave is a proprietary Internet of Things substrate providing distributed home and office automation services. This type of information leak presents a new security concern as it can be used by malicious users as a building block to scan SIP-devices and launch attacks. To demonstrate this, we introduce techniques to fingerprint SIP devices and develop a fingerprinting tool called SIPProbe that collects fingerprints and identifies SIP implementations. In this article we show that even when SIP messages do not explicitly contain software version information, there is sufficient information leak to determine it. For the same reason, the SIP standard does not encourage announcing the software version in SIP messages. One way to protect from exploitations of implementation-specific vulnerabilities is "security-by-obscurity" where a SIP device does not reveal its specific software version. One key security concern is the exploitation of implementation vulnerabilities in the form of unauthorized access, worms, viruses, and denial of service attacks, particularly when combined with explicit targeting of implementations that are known to be vulnerable. However, potential abuse of the technology may hinder its deployment. The use of VoIP as a cheaper communications alternative is growing at an astronomical rate. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |