Inferring Software Composition and Credentials of Embedded Devices from Partial Knowledge - Archive ouverte HAL Access content directly
Conference Papers Year :

Inferring Software Composition and Credentials of Embedded Devices from Partial Knowledge

(1) , (1) , (1)
1

Abstract

Internet-of-Things (IoT) devices or more generally embedded devices are nowadays commonly deployed in public, personal or work spaces despite suffering from security issues often related to their bad design and/or configuration. For instance, IoT botnets such as Mirai successfully compromised thousands of devices using a bruteforce method on a set of known credentials. Although brute-force attacks against a particular service (e.g. SSH, telnet) generate many packets which can be easily detected and mitigated, attackers can easily rely on TCP scans to assess the services present on a device while maintaining a high level of stealthiness. In this paper, we present a method to reconstruct precise information about an IoT device configuration (brand name, usernames, passwords, software components) from partial knowledge such as open ports revealed by a TCP scan. It relies on constituting a knowledge base from a large dataset of publicly accessible firmware serving as training multiple Random Forest (RF) classifiers. Using a dataset of 6935 embedded devices, the HTTP, SSH or DNS software names can be predicted with a precision higher than 80% with a limited knowledge. The correct HTTP, SSH or DNS versions can be inferred in more than 95% of cases after 1.4 trials on average. Similarly, our technique also predicts the password of at least one valid user in more than 97% of the cases after 1.15 trials on average.
Fichier principal
Vignette du fichier
cnsm.pdf (482.18 Ko) Télécharger le fichier
Origin : Files produced by the author(s)

Dates and versions

hal-03470012 , version 1 (08-12-2021)

Identifiers

  • HAL Id : hal-03470012 , version 1

Cite

Pierre-Marie Junges, Jérome François, Olivier Festor. Inferring Software Composition and Credentials of Embedded Devices from Partial Knowledge. CNSM 2021 - 17th International Conference on Network and Service Management, Oct 2021, Izmir/virtual, Turkey. ⟨hal-03470012⟩
57 View
59 Download

Share

Gmail Facebook Twitter LinkedIn More