TORCHLIGHT: Shedding LIGHT on Real-World Attacks on Cloudless IoT Devices Concealed within the Tor Network
- URL: http://arxiv.org/abs/2501.16784v1
- Date: Tue, 28 Jan 2025 08:13:02 GMT
- Title: TORCHLIGHT: Shedding LIGHT on Real-World Attacks on Cloudless IoT Devices Concealed within the Tor Network
- Authors: Yumingzhi Pan, Zhen Ling, Yue Zhang, Hongze Wang, Guangchi Liu, Junzhou Luo, Xinwen Fu,
- Abstract summary: Research revealed an unexpected pattern of substantial Tor network traffic targeting cloudless IoT devices.
We developed TORCHLIGHT, a tool designed to detect both known and unknown threats targeting cloudless IoT devices by analyzing Tor traffic.
For the first time, we have demonstrated that attackers are indeed using Tor to conceal their identities while targeting cloudless IoT devices.
- Score: 16.6364461552258
- License:
- Abstract: The rapidly expanding Internet of Things (IoT) landscape is shifting toward cloudless architectures, removing reliance on centralized cloud services but exposing devices directly to the internet and increasing their vulnerability to cyberattacks. Our research revealed an unexpected pattern of substantial Tor network traffic targeting cloudless IoT devices. suggesting that attackers are using Tor to anonymously exploit undisclosed vulnerabilities (possibly obtained from underground markets). To delve deeper into this phenomenon, we developed TORCHLIGHT, a tool designed to detect both known and unknown threats targeting cloudless IoT devices by analyzing Tor traffic. TORCHLIGHT filters traffic via specific IP patterns, strategically deploys virtual private server (VPS) nodes for cost-effective detection, and uses a chain-of-thought (CoT) process with large language models (LLMs) for accurate threat identification. Our results are significant: for the first time, we have demonstrated that attackers are indeed using Tor to conceal their identities while targeting cloudless IoT devices. Over a period of 12 months, TORCHLIGHT analyzed 26 TB of traffic, revealing 45 vulnerabilities, including 29 zero-day exploits with 25 CVE-IDs assigned (5 CRITICAL, 3 HIGH, 16 MEDIUM, and 1 LOW) and an estimated value of approximately $312,000. These vulnerabilities affect around 12.71 million devices across 148 countries, exposing them to severe risks such as information disclosure, authentication bypass, and arbitrary command execution. The findings have attracted significant attention, sparking widespread discussion in cybersecurity circles, reaching the top 25 on Hacker News, and generating over 190,000 views.
Related papers
- MASKDROID: Robust Android Malware Detection with Masked Graph Representations [56.09270390096083]
We propose MASKDROID, a powerful detector with a strong discriminative ability to identify malware.
We introduce a masking mechanism into the Graph Neural Network based framework, forcing MASKDROID to recover the whole input graph.
This strategy enables the model to understand the malicious semantics and learn more stable representations, enhancing its robustness against adversarial attacks.
arXiv Detail & Related papers (2024-09-29T07:22:47Z) - An Extended View on Measuring Tor AS-level Adversaries [1.0170676980352482]
We use the Atlas framework to infer the risk of deanonymization for IPv4 clients in Germany and the US.
For clients in Germany and the US, the overall picture, however, has not changed since 2020.
Russian users are able to securely evade censorship using Tor.
arXiv Detail & Related papers (2024-03-13T13:27:02Z) - Penetration Testing of 5G Core Network Web Technologies [53.89039878885825]
We present the first security assessment of the 5G core from a web security perspective.
We use the STRIDE threat modeling approach to define a complete list of possible threat vectors and associated attacks.
Our analysis shows that all these cores are vulnerable to at least two of our identified attack vectors.
arXiv Detail & Related papers (2024-03-04T09:27:11Z) - SunBlock: Cloudless Protection for IoT Systems [7.267200149618047]
Many existing IoT protection solutions are cloud-based, sometimes ineffective, and might share consumer data with unknown third parties.
This paper investigates the potential for effective IoT threat detection locally, on a home router, using AI tools combined with classic rule-based traffic-filtering algorithms.
Our results show that with a slight rise of router hardware resources, a typical home router instrumented with our solution is able to effectively detect risks and protect a typical home IoT network.
arXiv Detail & Related papers (2024-01-25T17:30:08Z) - Is Your Kettle Smarter Than a Hacker? A Scalable Tool for Assessing Replay Attack Vulnerabilities on Consumer IoT Devices [1.5612101323427952]
ENISA and NIST security guidelines emphasize the importance of enabling default local communication for safety and reliability.
We propose a tool, named REPLIOT, able to test whether a replay attack is successful or not, without prior knowledge of the target devices.
We find that 75% of the remaining devices are vulnerable to replay attacks with REPLIOT having a detection accuracy of 0.98-1.
arXiv Detail & Related papers (2024-01-22T18:24:41Z) - Classification of cyber attacks on IoT and ubiquitous computing devices [49.1574468325115]
This paper provides a classification of IoT malware.
Major targets and used exploits for attacks are identified and referred to the specific malware.
The majority of current IoT attacks continue to be of comparably low effort and level of sophistication and could be mitigated by existing technical measures.
arXiv Detail & Related papers (2023-12-01T16:10:43Z) - Dataset: Large-scale Urban IoT Activity Data for DDoS Attack Emulation [7.219077740523682]
Large-scale IoT device networks are susceptible to being hijacked and used as botnets to launch distributed denial of service (DDoS) attacks.
We present a dataset from an urban IoT deployment of 4060 nodes describing their deployment-temporal activity under benign conditions.
We also provide a synthetic DDoS attack generator that injects attack activity into the dataset based on parameters such as number of nodes attacked and duration of attack.
arXiv Detail & Related papers (2021-10-05T06:34:58Z) - TANTRA: Timing-Based Adversarial Network Traffic Reshaping Attack [46.79557381882643]
We present TANTRA, a novel end-to-end Timing-based Adversarial Network Traffic Reshaping Attack.
Our evasion attack utilizes a long short-term memory (LSTM) deep neural network (DNN) which is trained to learn the time differences between the target network's benign packets.
TANTRA achieves an average success rate of 99.99% in network intrusion detection system evasion.
arXiv Detail & Related papers (2021-03-10T19:03:38Z) - Measurement-driven Security Analysis of Imperceptible Impersonation
Attacks [54.727945432381716]
We study the exploitability of Deep Neural Network-based Face Recognition systems.
We show that factors such as skin color, gender, and age, impact the ability to carry out an attack on a specific target victim.
We also study the feasibility of constructing universal attacks that are robust to different poses or views of the attacker's face.
arXiv Detail & Related papers (2020-08-26T19:27:27Z) - Smart Home, security concerns of IoT [91.3755431537592]
The IoT (Internet of Things) has become widely popular in the domestic environments.
People are renewing their homes into smart homes; however, the privacy concerns of owning many Internet connected devices with always-on environmental sensors remain insufficiently addressed.
Default and weak passwords, cheap materials and hardware, and unencrypted communication are identified as the principal threats and vulnerabilities of IoT devices.
arXiv Detail & Related papers (2020-07-06T10:36:11Z) - Timely Detection and Mitigation of Stealthy DDoS Attacks via IoT
Networks [30.68108039722565]
Internet of Things (IoT) devices are susceptible to being compromised and being part of a new type of stealthy Distributed Denial of Service (DDoS) attack, called Mongolian DDoS.
This study proposes a novel anomaly-based Intrusion Detection System (IDS) that is capable of timely detecting and mitigating this emerging type of DDoS attacks.
arXiv Detail & Related papers (2020-06-15T00:54:49Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.