Model-Based Framework for exploiting sensors of IoT devices using a Botnet: A case study with Android

by   Zubair Khaliq, et al.

Botnets have become a serious security threat not only to the Internet but also to the devices connected to it. Factors like the exponential growth of IoT, the COVID-19 pandemic that's sweeping the planet, and the ever-larger number of cyber-criminals who now have access to or have developed increasingly more sophisticated tools are incentivizing the growth of botnets in this domain. The recent outbreak of botnets like Dark Nexus (derived from Qbot and Mirai), Mukashi, LeetHozer, Hoaxcalls, etc. shows the alarming rate at which this threat is converging. The botnets have attributes that make them an excellent platform for malicious activities in IoT devices. These IoT devices are used by organizations that need to both innovate and safeguard the personal and confidential data of their customers, employees, and business partners. The IoT devices have built-in sensors or actuators which can be exploited to monitor or control the physical environment of the entities connected to them thereby violating the fundamental concept of privacy-by-design of these devices. In this paper, we design and describe a modular botnet framework for IoT. Our framework is communication channel independent because it utilizes various available communication channels for command and control of an IoT device. The framework uses an enhanced centralized architecture associated with a novel Domain Fluxing Technique. The proposed framework will provide insights into how privacy in IoT devices can be incorporated at design time to check the sensors and actuators in these devices against malicious exploitation consequently preserving privacy. This paper includes design considerations, command and control structures, characteristics, capabilities, intrusion, and other related work. Furthermore, proof of concept Botnet is implemented and explained using the developed framework.


page 1

page 2

page 3

page 4


A Survey on Sensor-based Threats to Internet-of-Things (IoT) Devices and Applications

The concept of Internet of Things (IoT) has become more popular in the m...

IoT Device Identification Using Deep Learning

The growing use of IoT devices in organizations has increased the number...

Performance Evaluation for Privacy-preserving Control of Domestic IoT Devices

Most of the existing models for deploying IoT ecosystem involves the ven...

PrivacyCube: A Tangible Device for Improving Privacy Awareness in IoT

Consumers increasingly bring IoT devices into their living spaces withou...

An Analysis of Home IoT Network Traffic and Behaviour

Internet-connected devices are increasingly present in our homes, and pr...

Caveat (IoT) Emptor: Towards Transparency of IoT Device Presence (Full Version)

As many types of IoT devices worm their way into numerous settings and m...

Intelligent Slicing of Radio Resource Control Layer for Cellular IoT: Design and Implementation

The cellular internet of things (CIoT) has become an important branch to...

Please sign up or login with your details

Forgot password? Click here to reset