{"title":"让派远离孩子:树莓派攻击工具","authors":"A. Michalas, R. Murray","doi":"10.1145/3139937.3139953","DOIUrl":null,"url":null,"abstract":"The focus of this short paper has been to use a Raspberry Pi device to perform certain network attacks and exploit vulnerabilities in existing systems. To this end, we developed a new attack tool that can be installed on a Raspberry Pi and allows novice users to perform a Man-in-the-Middle attack and a small-scale Denial-of-Service attack. The first attack has been designed in such a way so that the attacker can gather credentials of legitimate users even when they try to visit websites that are running under SSL/TLS and they have enabled the HSTS protocol. Regarding the second attack, the attacker has the ability to control a set of malicious Raspberry Pi's and intentionally attempt to stop legitimate users from accessing services. The attacker can select a specific target in the network and overload the corresponding device by sending several fake requests. Throughout this work, we discovered that although security protocols have become more effective over the years it is still considerably easy to launch certain attacks with the main aim to breach users' privacy or restrict service to certain users.","PeriodicalId":129651,"journal":{"name":"Proceedings of the 2017 Workshop on Internet of Things Security and Privacy","volume":"24 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-11-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":"{\"title\":\"Keep Pies Away from Kids: A Raspberry Pi Attacking Tool\",\"authors\":\"A. Michalas, R. Murray\",\"doi\":\"10.1145/3139937.3139953\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The focus of this short paper has been to use a Raspberry Pi device to perform certain network attacks and exploit vulnerabilities in existing systems. To this end, we developed a new attack tool that can be installed on a Raspberry Pi and allows novice users to perform a Man-in-the-Middle attack and a small-scale Denial-of-Service attack. The first attack has been designed in such a way so that the attacker can gather credentials of legitimate users even when they try to visit websites that are running under SSL/TLS and they have enabled the HSTS protocol. Regarding the second attack, the attacker has the ability to control a set of malicious Raspberry Pi's and intentionally attempt to stop legitimate users from accessing services. The attacker can select a specific target in the network and overload the corresponding device by sending several fake requests. Throughout this work, we discovered that although security protocols have become more effective over the years it is still considerably easy to launch certain attacks with the main aim to breach users' privacy or restrict service to certain users.\",\"PeriodicalId\":129651,\"journal\":{\"name\":\"Proceedings of the 2017 Workshop on Internet of Things Security and Privacy\",\"volume\":\"24 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-11-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"8\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 2017 Workshop on Internet of Things Security and Privacy\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3139937.3139953\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2017 Workshop on Internet of Things Security and Privacy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3139937.3139953","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Keep Pies Away from Kids: A Raspberry Pi Attacking Tool
The focus of this short paper has been to use a Raspberry Pi device to perform certain network attacks and exploit vulnerabilities in existing systems. To this end, we developed a new attack tool that can be installed on a Raspberry Pi and allows novice users to perform a Man-in-the-Middle attack and a small-scale Denial-of-Service attack. The first attack has been designed in such a way so that the attacker can gather credentials of legitimate users even when they try to visit websites that are running under SSL/TLS and they have enabled the HSTS protocol. Regarding the second attack, the attacker has the ability to control a set of malicious Raspberry Pi's and intentionally attempt to stop legitimate users from accessing services. The attacker can select a specific target in the network and overload the corresponding device by sending several fake requests. Throughout this work, we discovered that although security protocols have become more effective over the years it is still considerably easy to launch certain attacks with the main aim to breach users' privacy or restrict service to certain users.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
