Evil Twin Attacks on Smart Home IoT Devices for Visually Impaired Users

Securing the Internet of Things (IoT) devices in a smart home has become inevitable due to the recent surge in the use of smart devices by the visually impaired. The visually impaired users rely heavily on these IoT devices and assistive technologies for guidance, medical usage, mobility help, voice recognition, news feeds and emergency communications. However, cyber attackers are deploying Evil Twin and Man-in-the-middle (MITM) attacks, among others, to penetrate the network, establish rogue Wi-Fi access points and trick victims into connecting to it, leading to interceptions, manipulation, exploitation, compromising the smart devices and taking command and control. The paper aims to explore the Evil Twin attack on smart devices and provide mitigating techniques to improve privacy and trust. The novelty contribution of the paper is three-fold: First, we identify the various IoT device vulnerabilities and attacks. We consider the state-of-the-art IoT cyberattacks on Smart TVs, Smart Door Lock, and cameras. Secondly, we created a virtual environment using Kali Linux (Raspberry Pi) and NetGear r7000 as the home router for our testbed. We deployed an Evil Twin attack to penetrate the network to identify the vulnerable spots on the IoT devices. We consider the Kill Chain attack approach for the attack pattern. Finally, we recommend a security mechanism in a table to improve security, privacy and trust. Our results show how vulnerabilities in smart home appliances are susceptible to attacks. We have recommended mitigation techniques to enhance the security for visually impaired users

Solution to the wireless evil-twin transmitter attack

In a wireless network comprising some receivers and a truth-teller transmitter, an attacker adds a malicious evil-twin transmitter to the network such that the evil-twin lies about its true identity and transmits like the truth-teller transmitter in the network. The truth-teller transmitter may be a malicious transmitter as well, but it is honest in that it doesn't lie about its identity. The evil-twin uses the identity of the truth teller and transmits at the same time as the truth-teller. The receivers are bound to get confused about the location of the honest transmitter. We describe an algorithm to detect such a wireless evil-twin attack, and locate the truth-teller and the evil-twin transmitter. Four-square antennas are used by the receivers to detect an attack. RSS values measured at the receivers are used by Hyperbolic Position Bounding (HPB) to locate the transmitters in the wireless network with a degree of confidence. The performance of the algorithm is tested using a simulation of a wireless network