IEICE Technical Committee Submission System
Conference Paper's Information
Online Proceedings
[Sign in]
Tech. Rep. Archives
 Go Top Page Go Previous   [Japanese] / [English] 

Paper Abstract and Keywords
Presentation 2024-03-21 16:10
One Million Routers Under Control: Vulnerabilities in DDNS of IoT Devices
Kanta Okugawa (Ritsumei/NICT), Yoshiki Mori, Masaki Kubo, Takahiro Kasama (NICT), Koichi Mouri (Ritsumei), Daisuke Inoue (NICT) ICSS2023-78
Abstract (in Japanese) (See Japanese page) 
(in English) IoT devices such as routers and webcams have dynamic DNS (DDNS) functions as one of the methods to remotely manage devices. While DDNS enhances the convenience of remote management, it also poses risks of making it easier for attackers to access to the IoT devices. Therefore, it is necessary to be careful about the secure implementation and use of DDNS functions. However, to our knowledge, there has been to no research on the use of DDNS functions in IoT devices. In this study, we conducted a survey of DDNS functions in IoT devices sold in Japan in order to clarify the usage status and risks of DDNS functions in IoT devices. As a result, we found a vulnerability in the implementation of the DDNS function in a specific vendor's router, which is used in more than one million units worldwide, and an attack method that allows a malicious third party to steal the router's authentication information. In this paper, in addition to the results of these investigations, we discuss the actual situation of vulnerability exploitation based on long-term tracking of DDNS domains, and present a policy for the secure implementation and use of DDNS functions in IoT devices.
Keyword (in Japanese) (See Japanese page) 
(in English) IoT Device / DDNS / MITM Attack / Authentication Information Theft / / / /  
Reference Info. IEICE Tech. Rep., vol. 123, no. 448, ICSS2023-78, pp. 63-70, March 2024.
Paper # ICSS2023-78 
Date of Issue 2024-03-14 (ICSS) 
ISSN Online edition: ISSN 2432-6380
All rights are reserved and no part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system, without permission in writing from the publisher. Notwithstanding, instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. (License No.: 10GA0019/12GB0052/13GB0056/17GB0034/18GB0034)
Download PDF ICSS2023-78

Conference Information
Committee ICSS IPSJ-SPT  
Conference Date 2024-03-21 - 2024-03-22 
Place (in Japanese) (See Japanese page) 
Place (in English) OIST 
Topics (in Japanese) (See Japanese page) 
Topics (in English) Security, Trust, etc. 
Paper Information
Registration To ICSS 
Conference Code 2024-03-ICSS-SPT 
Language Japanese 
Title (in Japanese) (See Japanese page) 
Sub Title (in Japanese) (See Japanese page) 
Title (in English) One Million Routers Under Control: Vulnerabilities in DDNS of IoT Devices 
Sub Title (in English)  
Keyword(1) IoT Device  
Keyword(2) DDNS  
Keyword(3) MITM Attack  
Keyword(4) Authentication Information Theft  
1st Author's Name Kanta Okugawa  
1st Author's Affiliation Ritsumeikan University/NICT (Ritsumei/NICT)
2nd Author's Name Yoshiki Mori  
2nd Author's Affiliation NICT (NICT)
3rd Author's Name Masaki Kubo  
3rd Author's Affiliation NICT (NICT)
4th Author's Name Takahiro Kasama  
4th Author's Affiliation NICT (NICT)
5th Author's Name Koichi Mouri  
5th Author's Affiliation Ritsumeikan University (Ritsumei)
6th Author's Name Daisuke Inoue  
6th Author's Affiliation NICT (NICT)
7th Author's Name  
7th Author's Affiliation ()
8th Author's Name  
8th Author's Affiliation ()
9th Author's Name  
9th Author's Affiliation ()
10th Author's Name  
10th Author's Affiliation ()
11th Author's Name  
11th Author's Affiliation ()
12th Author's Name  
12th Author's Affiliation ()
13th Author's Name  
13th Author's Affiliation ()
14th Author's Name  
14th Author's Affiliation ()
15th Author's Name  
15th Author's Affiliation ()
16th Author's Name  
16th Author's Affiliation ()
17th Author's Name  
17th Author's Affiliation ()
18th Author's Name  
18th Author's Affiliation ()
19th Author's Name  
19th Author's Affiliation ()
20th Author's Name  
20th Author's Affiliation ()
Speaker Author-1 
Date Time 2024-03-21 16:10:00 
Presentation Time 25 minutes 
Registration for ICSS 
Paper # ICSS2023-78 
Volume (vol) vol.123 
Number (no) no.448 
Page pp.63-70 
Date of Issue 2024-03-14 (ICSS) 

[Return to Top Page]

[Return to IEICE Web Page]

The Institute of Electronics, Information and Communication Engineers (IEICE), Japan