An open network monitoring tool with IoT devices

We tell you what IoT Inspector is and how it works.

/ photo PxHere PD

About the safety of the Internet of things

The consulting firm Bain & Company ( PDF, p.1 ) says that from 2017 to 2021 the volume of the IoT market will double: from $ 235 to $ 520 billion. The share of gadgets for a smart home will have $ 47 billion . Security experts are worried about this growth rate.

According to Avast , in 40% of cases, at least one smart device has a critical vulnerability that endangers the entire home network. The Kaspersky Lab found that in the first quarter of last year, three times more attacks were launched against smart gadgets than in the whole of 2017.

To protect smart devices, employees of IT companies and universities are developing new software tools. A team of engineers from Princeton University has created the Princeton IoT Inspector open platform. This is a desktop application that monitors the behavior and operation of IoT devices in real time.
')

How the system works

IoT Inspector monitors the activity of IoT-devices in the network using the ARP-spoofing technique. It can be used to analyze device traffic. The system collects anonymous information about network traffic to detect suspicious activity. However, data such as IP and MAC addresses are not taken into account.

When sending ARP packets , the following code is used :

class ArpScan(object): def __init__(self, host_state): assert isinstance(host_state, HostState) self._lock = threading.Lock() self._active = True self._thread = threading.Thread(target=self._arp_scan_thread) self._thread.daemon = True def start(self): with self._lock: self._active = True utils.log('[ARP Scanning] Starting.') self._thread.start() def _arp_scan_thread(self): utils.restart_upon_crash(self._arp_scan_thread_helper) def _arp_scan_thread_helper(self): while True: for ip in utils.get_network_ip_range(): time.sleep(0.05) arp_pkt = sc.Ether(dst="ff:ff:ff:ff:ff:ff") / \ sc.ARP(pdst=ip, hwdst="ff:ff:ff:ff:ff:ff") sc.sendp(arp_pkt, verbose=0) with self._lock: if not self._active: return def stop(self): utils.log('[ARP Scanning] Stopping.') with self._lock: self._active = False self._thread.join() utils.log('[ARP Scanning] Stopped.')

After analyzing the network, the IoT Inspector server establishes with which sites IoT gadgets communicate, how often they do it and how much they send and receive packets. As a result, the system helps to identify suspicious resources to which PDs can be sent without the user's knowledge.

While the application works only under macOS. Download the zip-archive on the project website . You will need macOS High Sierra or Mojave, Firefox or Chrome browser for installation. Safari doesn’t work. Installation and configuration guide is on YouTube .

This year, the developers promised to add a version for Linux, and in May - an application under Windows. The source code of the project is on GitHub .

Potential and disadvantages

The developers say that the system will help IT companies look for vulnerabilities in IoT device software and create more secure smart devices. Already, the tool can detect security and performance related vulnerabilities.

IoT Inspector finds devices that too often exchange data, even when nobody uses them. The tool also helps to detect smart devices that slow down the network, for example, downloading updates too often.

IoT Inspector still has flaws. Since the application is experimental, it has not yet been tested on all IoT devices with different configurations. Therefore, the tool itself can have a negative impact on the performance of smart gadgets. For this reason, the authors do not recommend connecting the application to medical gadgets.

Now the developers have focused on eliminating bugs, but in the future the team at Princeton University plans to expand the functionality of its application and implement machine learning algorithms in it. They will help increase the probability of detecting DDoS attacks by up to 99%. You can get acquainted with all the ideas of researchers in this PDF report .

Other IoT projects

A group of American developers that collaborates with Danny Goodman, the author of books on JavaScript and HTML, creates a tool for monitoring the ecosystem of the Internet of things - The Thing System .

The goal of the project is to integrate the smart home IoT gadgets into a single network and centralize management. Developers say that devices from different manufacturers often cannot interact with each other and work separately. To solve the problem, the authors of the initiative created software that can work with different network protocols, gadgets and client applications.

The list of supported devices is on the project website . You can also find the source code and quick start guide there .

Another open project is PrivateEyePi . Initiative authors share software solutions and source code to create a personalized IoT network based on Raspberry Pi. The site has a large number of manuals, with which you can build a wireless network of temperature sensors, humidity , as well as set up a security system for the home .

/ photo PxHere PD

Future of such decisions

On the IoT market, open source projects, libraries and frameworks are increasingly appearing. The Linux Foundation, which also works in the IoT realm (they created the Zephyr operating system), says that open source tools are considered more secure. This opinion is related to the fact that the “collective intelligence” of the expert community on information security is involved in their development. From all this, we can conclude that projects like IoT Inspector will appear more and more often and will help make this segment of devices more secure.

Posts from the First Corporate IaaS Blog:

Source: https://habr.com/ru/post/449750/

All Articles