Your IP Camera Can Be Abused for Payments: A Study of IoT Exploitation for Financial Services Leveraging Shodan and Criminal Infrastructures

IF 4.3 2区计算机科学 Q1 ENGINEERING, ELECTRICAL & ELECTRONIC

IEEE Transactions on Consumer Electronics Pub Date : 2024-10-17 DOI:10.1109/TCE.2024.3482708

Yuba R. Siwakoti;Manish Bhurtel;Danda B. Rawat;Adam Oest;RC Johnson

{"title":"Your IP Camera Can Be Abused for Payments: A Study of IoT Exploitation for Financial Services Leveraging Shodan and Criminal Infrastructures","authors":"Yuba R. Siwakoti;Manish Bhurtel;Danda B. Rawat;Adam Oest;RC Johnson","doi":"10.1109/TCE.2024.3482708","DOIUrl":null,"url":null,"abstract":"The Internet of Things (IoT) devices are being abused by exploiting their vulnerabilities. Despite the significant efforts to improve IoT security, IoT devices are still at higher risk of exploitation than computer systems. First, this paper identifies vulnerable IoT devices by applying a sampling strategy incorporating Common Vulnerabilities and Exposures (CVE) entries, Shodan’s exposure, and public research documents. Then, we investigated IoT abuses in financial crimes for 17 months (October 2021 to February 2023) by mapping IoT devices exposed by Shodan with proxies found in the darknet, underground forums, and Telegram channels. After investigation, we conclude with reasonable confidence that exposed IoT devices are taken over and abused as proxies in criminal activities such as credential stuffing attacks and financial crimes like illegal money transfers, cryptocurrency trading and stealing, and credit card fraud. Our study reveals that cameras (IP, network, security) are mostly abused IoT devices as proxies, followed by NAS storage.","PeriodicalId":13208,"journal":{"name":"IEEE Transactions on Consumer Electronics","volume":"70 4","pages":"7562-7573"},"PeriodicalIF":4.3000,"publicationDate":"2024-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Consumer Electronics","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10720848/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"ENGINEERING, ELECTRICAL & ELECTRONIC","Score":null,"Total":0}

引用次数: 0

Abstract

The Internet of Things (IoT) devices are being abused by exploiting their vulnerabilities. Despite the significant efforts to improve IoT security, IoT devices are still at higher risk of exploitation than computer systems. First, this paper identifies vulnerable IoT devices by applying a sampling strategy incorporating Common Vulnerabilities and Exposures (CVE) entries, Shodan’s exposure, and public research documents. Then, we investigated IoT abuses in financial crimes for 17 months (October 2021 to February 2023) by mapping IoT devices exposed by Shodan with proxies found in the darknet, underground forums, and Telegram channels. After investigation, we conclude with reasonable confidence that exposed IoT devices are taken over and abused as proxies in criminal activities such as credential stuffing attacks and financial crimes like illegal money transfers, cryptocurrency trading and stealing, and credit card fraud. Our study reveals that cameras (IP, network, security) are mostly abused IoT devices as proxies, followed by NAS storage.

查看原文本刊更多论文

你的IP摄像头可能被滥用于支付：利用Shodan和犯罪基础设施的金融服务物联网开发研究

物联网（IoT）设备正被利用其漏洞而被滥用。尽管在提高物联网安全性方面做出了重大努力，但物联网设备仍然比计算机系统面临更高的被利用风险。首先，本文通过采用包含常见漏洞和暴露（CVE）条目、Shodan暴露和公共研究文件的抽样策略来识别易受攻击的物联网设备。然后，我们用17个月（2021年10月至2023年2月）的时间，通过将Shodan暴露的物联网设备与暗网、地下论坛和Telegram频道中发现的代理进行映射，调查了物联网在金融犯罪中的滥用行为。经过调查，我们有理由相信，暴露的物联网设备被接管并被滥用为犯罪活动的代理，例如凭证填充攻击和非法汇款、加密货币交易和盗窃以及信用卡欺诈等金融犯罪。我们的研究表明，摄像头（IP、网络、安全）大多被滥用为物联网设备的代理，其次是NAS存储。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Transactions on Consumer Electronics 工程技术-电信学

CiteScore

7.70

自引率

9.30%

发文量

审稿时长

3.3 months

期刊介绍： The main focus for the IEEE Transactions on Consumer Electronics is the engineering and research aspects of the theory, design, construction, manufacture or end use of mass market electronics, systems, software and services for consumers.