Abstract
In the rapidly expanding landscape of Internet of Things (IoT) device manufacturing and deployment, concerns about security have become prominent. This demonstration involves practical attacks on a thread-mesh network within a controlled environment, exploiting vulnerabilities in various components of the Thread network stack. Our attack vectors successfully identified nearby Thread networks and devices by gathering 2-byte Personal Area Network ID (PAN ID) and device frequency information, serving as reconnaissance for potential additional attacks. The focus was on investigating susceptibility to replay attacks and packet injection into thread-mesh networks. Although the experiment attempted to capture thread packets to emulate an authorised sender, the cryptographic encryption and sequence numbers employed for integrity checks resulted in packet rejection by the network. Despite this, our successful injection of packets highlights the potential for battery depletion attacks.
Original language | English |
---|---|
Title of host publication | 2024 16th International Conference on COMmunication Systems and NETworkS, COMSNETS 2024 |
Pages | 318-320 |
Number of pages | 3 |
ISBN (Electronic) | 979-8-3503-8311-9 |
DOIs | |
Publication status | Published - 16 Feb 2024 |
Keywords
- IEEE 802.15.4
- Internet of Things (IoT)
- Interoperability
- Matter Protocol
- Thread
- Thread Protocol
- Zigbee