|Yizhen Jia||The George Washington University, USA|
|Yinhao Xiao||The George Washington University, USA|
|Jiguo Yu||Qufu Normal University, P.R. China|
|Xiuzhen Cheng||George Washington Univ, USA|
|Zhenkai Liang||National University of Singapore, Singapore|
|Zhiguo Wan||Shandong University, P.R. China|
Smart home IoT devices have been more prevalent than ever before but the relevant security considerations fail to keep up with due to device and technology heterogeneity and resource constraints, making IoT systems susceptible to various attacks. In this paper, we propose a novel graph-based mechanism to identify the vulnerabilities in communication of IoT devices for smart home systems. Our approach takes one or more packet capture files as inputs to construct a traffic graph by passing the captured messages, identify the correlated subgraphs by examining the attribute-value pairs associated with each message, and then quantify their vulnerabilities based on the sensitivity levels of different keywords. To test the effectiveness of our approach, we setup a smart home system that can control a smart bulb LB100 via either the smartphone APP for LB100 or the Google Home speaker. We collected and analyzed 58,714 messages and exploited 6 vulnerable correlated subgraphs, based on which we implemented 6 attack cases that can be easily reproduced by attackers with little knowledge of IoT. This study is novel as our approach takes only the collected traffic files as inputs without requiring the knowledge of the device firmware while being able to identify new vulnerabilities. With this approach, we won the third prize out of 20 teams in a hacking competition.