Security vulnerabilities and cyber threat analysis of the AMQP protocol for the internet of things

The Internet of Things (IoT) expands the global Internet-connected network to encompass device-to-device, device-to-server, and server-to-server connectivity for an ever-increasing variety of end-user devices. IoT remains a somewhat amorphous entity, with little in the way of coordinated development, and is undermined largely by a manufacturer-driven scramble to be first-to-market with the latest innovation. Communication between IoT devices/servers relies on underlying protocols, which must be efficient and effective to establish and maintain reliability and integrity of data transfer. However, the lack of coordination during IoT’s expansion has resulted in a variety of communications protocols being developed. AMQP (Advanced Message Queuing Protocol) originated from the financial sector’s requirement for an improved messaging system that was fast, reliable and independent of end-user platform configurations. AMQP is an open-source server-to-server communications protocol which allows the addition of user-specific extensions. The software coding of such end-user-developed modules can be insufficient regarding threat-mitigation and can make the end product vulnerable to cyber-attack. Through this paper, we present vulnerability and threat analysis for AMQP-based IoT systems

XMPP architecture and security challenges in an IoT ecosystem

The elusive quest for technological advancements with the aim to make human life easier has led to the development of the Internet of Things (IoT). IoT technology holds the potential to revolutionise our daily life, but not before overcoming barriers of security and data protection. IoTs’ steered a new era of free information that transformed life in ways that one could not imagine a decade ago. Hence, humans have started considering IoTs as a pervasive technology. This digital transformation does not stop here as the new wave of IoT is not about people, rather it is about intelligent connected devices. This proliferation of devices has also brought serious security issues not only to its users but the society as a whole. Application layer protocols form an integral component of IoT technology stack, and XMPP is one of such protocol that is efficient and reliable that allows real-time instant messaging mechanism in an IoT ecosystem. Though the XMPP specification possesses various security features, some vulnerabilities also exist that can be leveraged by the attacking entity to compromise an IoT network. This paper will present XMPP architecture along with various security challenges that exist in the protocol. The paper has also simulated a Denial of Service (DoS) attack on the XMPP server rendering its services unresponsive to its legitimate clients

Security vulnerabilities in android applications

Privacy-related vulnerabilities and risks are often embedded into applications during their development, with this action being either performed out of malice or out of negligence. Moreover, the majority of the mobile applications initiate connections to websites, other apps, or services outside of its scope causing significant compromise to the oblivious user. Therefore, mobile data encryption or related data-protection controls should be taken into account during the application development phase. This paper evaluates some standard apps and their associated threats using publicly available tools and demonstrates how an ignorant user or an organisation can fall prey to such apps

Forensic analysis of a crash-damaged Cheerson CX-20 Auto Pathfinder drone

Long gone are the days when Unmanned Aerial Vehicles (UAVs) and drones (multirotor UAVs) were the exclusive domain of the military for surveillance or tactical strike purposes. For relatively little money mainly due to high-tech progression in microprocessor design, anyone can now purchase a drone with GNSS-tracking capabilities and can support a live high-resolution video feed to its flight controller. The global population of drones has sky- rocketed in recent years as this new technology has been embraced for both its recreational and commercial applications. However, the more nefarious members of society have also recognized the potential for using drones to partake in criminal and terrorist activities. In such cases, the relatively inexpensive drones are often sacrificed to facilitate a quick escape once the criminal act has been completed. The pioneering field of UAV/drone forensics has grown out of the challenge law enforcement faces in examining the abandoned hardware for digital traces that can be used to identify the criminals themselves