Increasing IoT Attacks: Why You Should Learn About ARM Exploitation

. 5 min read

The Internet of Things (IoT) industry today is developing at a breakneck speed. All most every gadget that we can think of are now connected to the Internet. While this is good in one way, it also vastly increases the attack surface. It's now not uncommon to hear every other day about a new hack on an IoT device.  Not all vendors are equally up to the task to issue a proper patch after such a vulnerability is discovered. This leaves the end-user vulnerable and at the mercy of attackers.

This blog post explains some prominent examples of IoT hacks on ARM devices. These hacks paint a grim picture of the insecurity in today's world faced by IoT gadgets, a majority of which are powered by ARM processors. All of these incidents point towards the necessity to get familiar with ARM exploitation, to be able to understand the security threats and be equipped to deal with them appropriately.

Mirai Botnet Attack

Mirai is a self-spreading botnet virus. The Mirai botnet code contaminates inadequately secured web gadgets by utilizing telnet to discover those that are as yet utilizing their default username and password. The success of Mirai is because of its capacity to contaminate a huge number of these insecure gadgets and coordinate them to mount a DDOS attack against a picked unfortunate victim.

Mirai took advantage of these vulnerable IoT devices in a simple but brilliant way. Rather than trying to use complicated techniques to monitor IoT devices, it examined each bot for open Telnet slots, then tried to log in using 61 random username/password combinations that are frequently used as the standard for these devices. In this way, it was able to generate a military of impacted closed-circuit TV digital cameras and routers, prepared to do its bidding.


Mirai's first major strike came on Sept 19, 2016, when it was used against the France variety OVH. After a while, the Mirai botnet rule was launched into the crazy. With the public release of the Mirai Botnet rule, anybody could try their fortune infecting IoT devices (most of which were still unprotected) and releasing DDoS strikes against their opponents, or promoting that power to the biggest prospective buyer.

IP Cameras Attack

Image Source: Google Images

A cyber attack operated by something the world wide web had never seen before: a military created of more than one thousand affected Online of Factors gadgets. The online hackers, whose identification is still unidentified, used internet-connected electronic cameras, and other unprotected online gadgets to link to the, pummeling the website with demands in order to make it a failure. The electronic attack exceeded 660 Gbps of visitors, making it one of the most popular documented attacks in the past in regards to quantity.

At this factor, however, it's uncertain if the assailants used the complete energy of the two botnets or just a part of it. Security scientists and internet defenders are still looking into the strikes and trying to monitor who's behind them, but people who've been working to guard sites against huge refusal of support (DDoS) strikes such as this one, believe the fact this was unmatched both because of its surprising dimension and because of the use of what could be known as a Botnet of Factors.


Yi Technology Home Camera Code Execution Vulnerability

Image Source: Google Images

Yi Home Camera is an IoT home camera of the Yi Technology camera lineup sold globally.  An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US which can be triggered by inserting an SD card by the attacker. Logic flaw and command injection can be executed with the use of a specially crafted file, resulting in code execution.

Samsung SmartThings Hub video-core Code Execution Vulnerability

Image Source: Google Images

An exploitable stack-based buffer overflow vulnerability exists in the database "find-by-cameraId" functionality and Samsung WifiScan callback notification of video-core HTTP server of Samsung SmartThings Hub. An attacker can trigger this vulnerability by sending a series of HTTP requests. The video-core process mistakenly handles existing records inside its SQLite database, prompting a buffer overflow on the stack.


Samsung SmartThings Hub is a central controller which enables the end customer to utilize their smartphone to connect remotely with their home gadgets by simply installing the SmartThings mobile application. The firmware is Linux-based and runs a progression of daemons that interface with nearby gadgets by means of Ethernet, Z-Wave, Zigbee, and Bluetooth conventions.

There is a likelihood for remote SmartThings servers to communicate with the video-core process by sending messages in the persistent TLS connection, set up by the hubCore procedure. These messages can encapsulate an HTTP request, which hubCore would transfer straightforwardly to the HTTP server exposed by video-core. By requesting the path "/samsungWifiScan" it's possible to instruct the video-core process to discover a Samsung smart camera and notify the operation using a callback.

These attacks serve as a stark reminder of how vulnerable IoT devices can be. Remote code execution is a standout amongst the most unsafe situations accessible to PC criminals. In this day and age, ARM is to a great degree common and numerous projects utilize it. Hackers can use the infected devices to carry out botnet attacks or infect network hosts with dangerous viruses and other types of malware.


Many hacked IoT gadgets have been utilized in the past for observation purposes so that lawbreakers can keep an eye on the network activity when the compromised gadgets fill in as modems or routers, gateways. Working with ARM does not mean that you stack-overflow safe, you should always be careful with buffer operations, check sizes, and use safe coding functions instead of dangerous functions (such as strcpy, memcpy,).

Developing safe coding habits can minimize this threat. However, making the stack non-executable is not enough, adding more security mechanisms is essential.

We will be covering each of these attacks in detail in our upcoming blogs. Stay tuned!

If you’re a penetration tester, identifying vulnerabilities in ARM binaries and performing exploitation is a skillset that you need to master. Perfect your ARM Exploitation skills with Attify’s newly launched

ARM Exploitation Video Course. Order Today! ARM-Video-Course-launch

Get IoT Security Training

IoT Pentesting Exploitation Training


Android android application security android hands on security and exploitation training android security Apktool application auditing application security auditing appsec usa appwatch attify attify badge attify training binwalk blackberry pentesting blackhat ble BLE hacking and exploitation BLE sniffing box brut Exception chroot cloud based mobile application security scanner consulting CTF Damn Vulnerable iOS App devops dumping memory embedded hacking exploitation exploiting smart devices Firmware hacking frida hackfest hacking smart devices how to secure iot device IDA internet of things Internet of Things Security ios application security ios security iot iot device IoT Exploitation iot hacking iot pentest iot pentesting iot security iot security training iotsecurity jtag jtag debugging mobile app mobile application security mobile application security testing mobile security ninja recon technique offensive iot exploitation ola cabs owasp owasp appsec penetration testing pentesting pentesting mobile apps powerofcommunity PrinterSecurity qemu quizup radio communication protocol radio coomunication Reversing sdr secure coding guidelines security security issue security services security training security vulnerability smart devices social networking spi threat modeling training uart vulnerability writeups xposed hooking zigbee zigbee exploitation zigbee security zwave firmware reverse engineering firmware emulation firmware analysis toolkit firmadyne getting started with firmware hacking iot penetration testing iot attacks recent iot attacks cyber attacks iot hacks biggest iot attacks of all time hacked smart devices iot bots, malwares latest iot attacks BtleJuice bleah retail iot challenges in iot retail security issues faced by e-retailers network security in retail DDoS attacks phishing attacks how retail can prevent cyber attacks security challenges in retail IoT Flare-on radio waves hacking arduino nano how to hack radio waves analog modulation digital modulation capture radio traffic bluetooth technology BLE vulnerabilities BLE attacks BLE dangers BLE security issues exploiting ble how to exploit ble tools to exploit ble privacy protection iot threats protect against iot threats dangers of iot smart user security how to protect iot devices monitor iot devices internet security safety measures to protect privacy healthcare iot iot threats to healthcare industry how can healthcare fight iot threats healthcare cyber security prevent cyber attacks on healthcare measures to prevent cyber attacks on healthcare organisations steps to prevent iot attacks on healthcare healthcare business protection against iot threats security in healthcare iot recent cyber attacks recent ARM attacks ARM course ARM Training ARM binaries Exploit ARM devices IoT hacks on ARM devices ARM gadgets learn ARM exploitation Mirai Botnet vulnerable ARM devices arm ARM exploitation book ARM exploitation video training guide to ARM exploitation cybersecurity why you should be a cybersecurity expert professional expert career in cybersecurity why choose career in cybersecurity growth potential penetration testers hackers profession What is a Mirai Botnet? virus How Mirai botnet infects your device Understanding Mirai Botnet How Mirai works setup mirai history IoT Devices What is mirai botnet? IP cameras security cameras CCTV cameras hacked security IP cameras surveillance cameras hijacked vulnerabilities in internet connected cameras recent security camera attacks vulnerabilities discovered in popular IoT IP cameras IoT security guidelines Mozilla NIST GSMA best security practices automotive security V2V V2I Car security ECU hacking GozNym Bank account hack customer privacy banking malware