{"title":"揭开隐藏的危险:智能灯泡的安全风险和取证分析","authors":"Pankaj Sharma , Lalit Kumar Awasthi","doi":"10.1016/j.fsidi.2024.301794","DOIUrl":null,"url":null,"abstract":"<div><p>People often dispose of their useless smart digital gadgets without realizing the potential presence of useful information inside these devices. This is also true for faulty smart bulbs, which cybercriminals might exploit to gain unauthorized access to a smart home and manipulate or steal private information. This research delves into the potential security risks associated with smart bulbs and provides recommendations for mitigating such risks. Through a comprehensive analysis of the functionality of smart bulbs, this study introduced the data extraction framework DEF-IoTF for collecting both hardware and application-level digital artifacts from smart bulbs. This paper presents the FIvM-IoT model for collecting and analyzing evidence from companion app data on mobile phones and Wifi modules at the hardware level. We conduct examinations on the smart bulb's Wifi module and extract its firmware using the developed Wifi_Cred tool. These include evidence related to user credentials, log time stamps, Wifi details, potential forensic information, and investigation procedures for IoT devices. Finally, this study provides prominent IoT forensic use cases along with the key requirements for hardware-level forensic investigation of Wifi modules.</p></div>","PeriodicalId":48481,"journal":{"name":"Forensic Science International-Digital Investigation","volume":null,"pages":null},"PeriodicalIF":2.0000,"publicationDate":"2024-06-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Unveiling the hidden dangers: Security risks and forensic analysis of smart bulbs\",\"authors\":\"Pankaj Sharma , Lalit Kumar Awasthi\",\"doi\":\"10.1016/j.fsidi.2024.301794\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p>People often dispose of their useless smart digital gadgets without realizing the potential presence of useful information inside these devices. This is also true for faulty smart bulbs, which cybercriminals might exploit to gain unauthorized access to a smart home and manipulate or steal private information. This research delves into the potential security risks associated with smart bulbs and provides recommendations for mitigating such risks. Through a comprehensive analysis of the functionality of smart bulbs, this study introduced the data extraction framework DEF-IoTF for collecting both hardware and application-level digital artifacts from smart bulbs. This paper presents the FIvM-IoT model for collecting and analyzing evidence from companion app data on mobile phones and Wifi modules at the hardware level. We conduct examinations on the smart bulb's Wifi module and extract its firmware using the developed Wifi_Cred tool. These include evidence related to user credentials, log time stamps, Wifi details, potential forensic information, and investigation procedures for IoT devices. Finally, this study provides prominent IoT forensic use cases along with the key requirements for hardware-level forensic investigation of Wifi modules.</p></div>\",\"PeriodicalId\":48481,\"journal\":{\"name\":\"Forensic Science International-Digital Investigation\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":2.0000,\"publicationDate\":\"2024-06-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Forensic Science International-Digital Investigation\",\"FirstCategoryId\":\"3\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S2666281724001185\",\"RegionNum\":4,\"RegionCategory\":\"医学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Forensic Science International-Digital Investigation","FirstCategoryId":"3","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2666281724001185","RegionNum":4,"RegionCategory":"医学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
Unveiling the hidden dangers: Security risks and forensic analysis of smart bulbs
People often dispose of their useless smart digital gadgets without realizing the potential presence of useful information inside these devices. This is also true for faulty smart bulbs, which cybercriminals might exploit to gain unauthorized access to a smart home and manipulate or steal private information. This research delves into the potential security risks associated with smart bulbs and provides recommendations for mitigating such risks. Through a comprehensive analysis of the functionality of smart bulbs, this study introduced the data extraction framework DEF-IoTF for collecting both hardware and application-level digital artifacts from smart bulbs. This paper presents the FIvM-IoT model for collecting and analyzing evidence from companion app data on mobile phones and Wifi modules at the hardware level. We conduct examinations on the smart bulb's Wifi module and extract its firmware using the developed Wifi_Cred tool. These include evidence related to user credentials, log time stamps, Wifi details, potential forensic information, and investigation procedures for IoT devices. Finally, this study provides prominent IoT forensic use cases along with the key requirements for hardware-level forensic investigation of Wifi modules.