Not logged in : Login
(Sponging disallowed)

About: Industrialising Blackmail: Privacy Invasion Based IoT Ransomware     Goto   Sponge   NotDistinct   Permalink

An Entity of Type : bibo:AcademicArticle, within Data Space : demo.openlinksw.com associated with source document(s)

AttributesValues
type
seeAlso
sameAs
http://www.loc.gov...erms/relators/EDT
http://eprints.org/ontology/hasAccepted
http://eprints.org/ontology/hasDocument
http://eprints.org/ontology/hasPublished
dc:hasVersion
Title
  • Industrialising Blackmail: Privacy Invasion Based IoT Ransomware
described by
Date
  • 2021-11
Creator
status
Publisher
abstract
  • Ransomware (malware that threatens to lock or publish victims’ assets unless a ransom is paid) has become a serious security threat, targeting individual users, companies and even governments, causing significant damage, disruption and cost. Instances of ransomware have also been observed stealing private data and blackmailing their victims. Worryingly, the prevalence of Internet of Things (IoT) devices and the massive amount of personal data that they collect have opened up another avenue of attack. The main aim of this paper is to determine whether privacy invasion based ransomware would be a viable vector for attackers to use on IoT devices. The secondary aim is to identify countermeasures that can be implemented to prevent such attacks from being used. To accomplish these aims, we examined how private data accessible via IoT devices could be obtained, processed and managed by a ransomware attacker. We identified a number of data sources on IoT devices that can be used to access private data, such as audio and video feeds. We then investigated methods to interpret such data in order to blackmail the device’s owner. We then produced proof of concept malware for multiple IoT devices, including an external “collator” that manages the valuable data collected, demonstrating that an attack could be performed at scale. This research shows that attackers can use the functionality of an infected device to invade the privacy of the device’s owner, as part of a ransomware attack. We have demonstrated that, given suitable infrastructure, attackers would be able to ransom users for values higher than the cost of the compromised device, as well as heavily damage the trust in the device itself, which would cause further negative impact on the device manufacturer. Finally, we highlight the need for proactive measures to deter this style of attack by applying the suggested countermeasures.
Is Part Of
Subject
list of authors
list of editors
presented at
volume
  • 13115
is topic of
is primary topic of
Faceted Search & Find service v1.17_git144 as of Jul 26 2024


Alternative Linked Data Documents: iSPARQL | ODE     Content Formats:   [cxml] [csv]     RDF   [text] [turtle] [ld+json] [rdf+json] [rdf+xml]     ODATA   [atom+xml] [odata+json]     Microdata   [microdata+json] [html]    About   
This material is Open Knowledge   W3C Semantic Web Technology [RDF Data] Valid XHTML + RDFa
OpenLink Virtuoso version 08.03.3331 as of Aug 25 2024, on Linux (x86_64-ubuntu_noble-linux-glibc2.38-64), Single-Server Edition (378 GB total memory, 23 GB memory in use)
Data on this page belongs to its respective rights holders.
Virtuoso Faceted Browser Copyright © 2009-2024 OpenLink Software