Intercepting the web traffic from an IoT device

24

2

If you can plug a device into the wall, or use it in Wi-Fi, it's easy to see the traffic with software like WireShark.

But it seems more tricky to do it with a device that uses LTE/3G or other cellular networks to communicate.

If I'm worried about a device that could send some personal information without my consent, is unplugging it and returning it to the store the only solution?

What about devices that communicate using LoRaWan/LPWAN?

WayToDoor

Posted 2016-12-06T18:07:55.860

Reputation: 431

3Keep in mind that sniffing wireless traffic is illegal in many jurisdictions since you can't avoid sniffing other people's traffic.Helmar 2016-12-06T23:21:46.593

3I suppose if the data is encrypted even if we sniff the traffic using tools, it is of no use.bravokeyl 2016-12-06T18:19:12.070

Answers

16

I have been professionally developing a "device that use LTE/3G or other cellular networks" for decades now, and WireShark is one of our major test tools. Data can be encrypted (generally at layer 2, which is an option, or layer 4, by writing code to do so), but much (most?) is not.


If I'm worried about a device that could send some personal information without my consent is unplugging it and returning it to the store the only solution.

If you do not have access to the source code, then you cannot trust the device, or the communication channel.

Mawg

Posted 2016-12-06T18:07:55.860

Reputation: 2 069

2That doesn't answer the question of how to intercept LTE and 3G traffic (even assuming it isn't encrypted at the application level).Gilles 2016-12-07T00:55:25.473

1Even if you do have access to the source code, how do you know that it's what's actually running on the device? And how do you know what the source code is really doing? Open source helps but it doesn't solve the problem.Gilles 2016-12-07T00:56:07.537

Well, I tend to code myself, but , of course, I only code the app, not, for instance, the TCP/IP stack. It is generally agreed that all that you can do, to be safe(r) is to take the sources of everything from a trusted source and build and install them yourself. Something like https://www.gentoo.org/, but for IoT

Mawg 2016-12-07T08:13:05.330

1So you are saying that most of traffic from IoT devices I use is - not secured and - can be easily read by a potential attacker ? That's scary!WayToDoor 2016-12-06T18:36:11.743

1

Just follow online publications. For instance http://www.theregister.co.uk/ regularly exposes flaws, including devices which transmit even password in cleartext. Google for more. Rule #1 is always to immediately change any passwords that the device may have.

Mawg 2016-12-06T18:45:29.227

9

  1. 3g v Wifi Security
  2. Standard wifi v LoRaWan/LPWAN
  3. If I'm worried about a device that could send some personal information without my consent is unplugging it and returning it to the store the only solution.

3g v Wifi Security

It is possible to sniff 3G signals, e.g. , however of more concern might be ensuring the packets cannot be decrypted on the cloud receiver end, where they can be easily wiresharked. In order to avoid this a good device encryption level protocol could be used.

On the WiFi side, yes you can sniff more easily but again if the message is encrypted, it doesn't matter.

The AWS platform offers really strong security.

AWS IoT supports the following certificate-signing algorithms:

[SHA256WITHRSA][1]
SHA384WITHRSA
SHA384WITHRSA
SHA512WITHRSA
RSASSAPSS
DSA_WITH_SHA256
ECDSA-WITH-SHA256
ECDSA-WITH-SHA384
ECDSA-WITH-SHA512

So using this security stack your data cannot be brute force sniffed at source as it would currently take billions of years. I am familiar with AWS but assume azure has a similar offering which of course you could implement separately.

In summary, the transport protocol does not matter. Take your security pick, (3G or wifi). If implemented properly both are secure assuming the hackers are not microscopically x-raying and modelling the silicon of your IoT device. Perhaps if you see someone in your house with a star trek type X-Ray machine it is time to worry?

Standard wifi v LoRaWan/LPWAN

Let's rate against SHA256withRSA

LoRaWan

Each device is provisioned with a unique AES 128 key

To my knowledge AES 128 is un-crackable.

LPWAN

LPWAN is not a standard. It includes:

LoRa / SigFox/ WAVIoT NB-Fi. So you need to evaluate the security of each protocol falling under LPWAN. As we have seen LoRa is pretty secure.

If I'm worried..

I would suggest talk to the manufacturer first, see what data they collect, maybe it is harmless? If you are still suspicious and don't believe them and don't have access to the source code, then maybe it is time to return it.

SeanJ

Posted 2016-12-06T18:07:55.860

Reputation: 679