Paper Abstract and Keywords |
Presentation |
2024-03-21 16:10
One Million Routers Under Control: Vulnerabilities in IoT Devices with DDNS Service Kanta Okugawa (Ritsumei/NICT), Yoshiki Mori, Masaki Kubo, Takahiro Kasama (NICT), Koichi Mouri (Ritsumei), Daisuke Inoue (NICT) ICSS2023-78 |
Abstract |
(in Japanese) |
(See Japanese page) |
(in English) |
IoT devices such as routers and webcams have dynamic DNS (DDNS) functions as one of the methods to remotely manage devices. While DDNS enhances the convenience of remote management, it also poses risks of making it easier for attackers to access to the IoT devices. Therefore, it is necessary to be careful about the secure implementation and use of DDNS functions. However, to our knowledge, there has been to no research on the use of DDNS functions in IoT devices. In this study, we conducted a survey of DDNS functions in IoT devices sold in Japan in order to clarify the usage status and risks of DDNS functions in IoT devices. As a result, we found a vulnerability in the implementation of the DDNS function in a specific vendor's router, which is used in more than one million units worldwide, and an attack method that allows a malicious third party to steal the router's authentication information. In this paper, in addition to the results of these investigations, we discuss the actual situation of vulnerability exploitation based on long-term tracking of DDNS domains, and present a policy for the secure implementation and use of DDNS functions in IoT devices. |
Keyword |
(in Japanese) |
(See Japanese page) |
(in English) |
IoT Device / DDNS / MITM Attack / Authentication Information Theft / / / / |
Reference Info. |
IEICE Tech. Rep., vol. 123, no. 448, ICSS2023-78, pp. 63-70, March 2024. |
Paper # |
ICSS2023-78 |
Date of Issue |
2024-03-14 (ICSS) |
ISSN |
Online edition: ISSN 2432-6380 |
Copyright and reproduction |
All rights are reserved and no part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system, without permission in writing from the publisher. Notwithstanding, instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. (License No.: 10GA0019/12GB0052/13GB0056/17GB0034/18GB0034) |
Download PDF |
ICSS2023-78 |
Conference Information |
Committee |
ICSS IPSJ-SPT |
Conference Date |
2024-03-21 - 2024-03-22 |
Place (in Japanese) |
(See Japanese page) |
Place (in English) |
OIST |
Topics (in Japanese) |
(See Japanese page) |
Topics (in English) |
Security, Trust, etc. |
Paper Information |
Registration To |
ICSS |
Conference Code |
2024-03-ICSS-SPT |
Language |
Japanese |
Title (in Japanese) |
(See Japanese page) |
Sub Title (in Japanese) |
(See Japanese page) |
Title (in English) |
One Million Routers Under Control: Vulnerabilities in IoT Devices with DDNS Service |
Sub Title (in English) |
|
Keyword(1) |
IoT Device |
Keyword(2) |
DDNS |
Keyword(3) |
MITM Attack |
Keyword(4) |
Authentication Information Theft |
Keyword(5) |
|
Keyword(6) |
|
Keyword(7) |
|
Keyword(8) |
|
1st Author's Name |
Kanta Okugawa |
1st Author's Affiliation |
Ritsumeikan University/NICT (Ritsumei/NICT) |
2nd Author's Name |
Yoshiki Mori |
2nd Author's Affiliation |
NICT (NICT) |
3rd Author's Name |
Masaki Kubo |
3rd Author's Affiliation |
NICT (NICT) |
4th Author's Name |
Takahiro Kasama |
4th Author's Affiliation |
NICT (NICT) |
5th Author's Name |
Koichi Mouri |
5th Author's Affiliation |
Ritsumeikan University (Ritsumei) |
6th Author's Name |
Daisuke Inoue |
6th Author's Affiliation |
NICT (NICT) |
7th Author's Name |
|
7th Author's Affiliation |
() |
8th Author's Name |
|
8th Author's Affiliation |
() |
9th Author's Name |
|
9th Author's Affiliation |
() |
10th Author's Name |
|
10th Author's Affiliation |
() |
11th Author's Name |
|
11th Author's Affiliation |
() |
12th Author's Name |
|
12th Author's Affiliation |
() |
13th Author's Name |
|
13th Author's Affiliation |
() |
14th Author's Name |
|
14th Author's Affiliation |
() |
15th Author's Name |
|
15th Author's Affiliation |
() |
16th Author's Name |
|
16th Author's Affiliation |
() |
17th Author's Name |
|
17th Author's Affiliation |
() |
18th Author's Name |
|
18th Author's Affiliation |
() |
19th Author's Name |
|
19th Author's Affiliation |
() |
20th Author's Name |
|
20th Author's Affiliation |
() |
Speaker |
Author-1 |
Date Time |
2024-03-21 16:10:00 |
Presentation Time |
25 minutes |
Registration for |
ICSS |
Paper # |
ICSS2023-78 |
Volume (vol) |
vol.123 |
Number (no) |
no.448 |
Page |
pp.63-70 |
#Pages |
8 |
Date of Issue |
2024-03-14 (ICSS) |
|