A Versatile Emulator of MitM for the identification of vulnerabilities of IoT devices, a case of study: smartphones

Abstract

With the emergence of Internet of Things (IoT) and the proliferation of communicating objects, new security issues appear. These devices store a significant amount of personal and sensitive data that must be strongly protected. In most of the case, they are more protected against communication attacks than hardware attacks. Smartphones, as the most popular connected object, represent the perfect example of study for a hardware attack on PCIe data bus. In this paper, we present an emulator of Man-in-the-Middle (MitM) attack for vulnerabilities identification in IoT devices. The proposed architecture performs a real-time data analysis, extraction and fault injection. The invisibility of MitM attack represent the main challenge of the implementation, that could be done by respecting the highly constraining requirements of the PCIe protocol such as response time, frequency and throughput.