On the Impact of Kernel Code Vulnerabilities in IoT Devices

Abstract

During the lifetime of an advanced persistent threat (APT) attackers compromise a potentially large number of computers to accomplish their ultimate objective. Very often these infected machines are used as a stepping stone towards obtaining control over the network and its resources. Stealth malware is left behind on these intermediate machines to disguise such propagation and takeover actions. With the Internet of things (IoT) gaining prominence, more and more devices appear on local networks, which significantly increase the overall attack surface. This new category of devices brings up new challenges and sees the return of many known attacks. Because of their rapidly growing numbers, IoT devices are being increasingly focused by APT actors during the initial installation phase. This paper focuses on one such a foothold attack, called Direct Kernel Object Manipulation (DKOM), and brings it into the context of the Internet of things.