The Capture is an archehκτονική γραφής firmware που αναπτύχθηκε και plusτηρείται από τον Han Zhang και την ομάδα του Ινστιτούτου CyLab Security and Privacy Institute του Πανεπιστημίου Carnegie Mellon. Η χρήση του Capture allows you to push updates to IoT devices within your local network.
In this article, we'll look at what Capture is, examine its structure, and analyze how its implementation can benefit both IoT device owners and IoT device vendors.
Why use Capture?
The inspiration behind Capture comes from the fact that many IoT devices are not regularly patched for security vulnerabilities from widely adopted vulnerability libraries.
IoT vendors generally build their IoT software by integrating third-party libraries that are highly vulnerable to IoT-based attacks. The software developers behind these IoT devices embrace the convenience of importing third-party libraries to make the coding process faster rather than writing their own libraries from scratch.
So when vendors use such libraries, they automatically inherit vulnerabilities from the original developer of the libraries. According to Han Zhang and his team, this is the most common source of such vulnerabilities and puts many homes at risk of cyber attacks.
How vulnerable are IoT devices?
Zhang and his team analyzed 122 different IoT firmwares and 27 different IoT devices within eight years of their release. The motivation for this research was threefold:
- To determine how extensive the use of third-party libraries was across all vendors
- To determine if the detected libraries were patched for vulnerabilities
- To determine if there were significant delays in updating corrected libraries from vendors
According to the survey data, Zhang and his team found that the vendors updated the libraries infrequently and that they most often used outdated and mostly vulnerable versions. They found that vendors did not update libraries for hundreds of days after critical vulnerabilities were made public.
Zhang concluded that relying on vendors for updates was problematic as it required too much effort and did not provide much incentive for vendors.
How does Capture work?
Capture performs centralized management of your home library. It acts as a WiFi access point for all your IoT devices and replaces their libraries with newer alternatives stored centrally on it.
An IoT device that supports Capture contains two components: Capture-enabled firmware on the device and a remote driver that uses third-party libraries on the Capture node on the local network. In this way, the following functions are achieved:
- Device integrity: Capture ensures that the integrity of the communication between the IoT device and its driver is stored and managed within Capture. This makes it easy to update the driver to ensure the IoT device works.
- Security: Logging ensures security in the IoT device environment.
- Ease of adoption: Capture makes it very easy to make any changes to IoT devices, as every change is made to the Capture node and not to the IoT device itself.
- Performance and scalability: Capture ensures the support of hundreds of IoT devices from a single node, all with the lowest possible overhead.
To achieve isolation and security and ensure that an attacker cannot compromise the node and abuse the connected IoT devices, Capture implements a function of the WPA2 WiFi protocol to construct device-specific VLANs and unique network credentials.
Capture also assigns unique virtual network interfaces to each device and assigns different subnetworks for security reasons. Capture creates separate security domains for each driver within the node to manage resource isolation, and also creates an isolated runtime environment for each pair of device drivers, leveraging Linux security modules and the built-in firewall.
Capture blocks all network communications between local IoT devices except by their guides. This protects devices even if they have vulnerable firmware. These drivers are, however, allowed to communicate over the public internet.
What are the limitations of Capture?
As with any innovative solution, some limitations currently prevent this plan from being implemented. Here are some of those obstacles.
- Single point of failure: This is the most obvious challenge because it means that if the logging node is taken out operation for any reason, the entire local network will be left vulnerable.
- Vendor incentives and adoption challenges: One challenge is getting vendors to agree to integrate and use Capture.
- Protocol compatibility: There are several challenges regarding protocol compatibility between IoT devices and the capture node.
- Augmenting device resources: The investigation is still ongoing. It is still quite difficult to improve the performance of IoT devices in the local network to improve the storage and processing capabilitieswork their. It is not yet possible to do this.
- Firmware splitting: Capture suggests breaking the monolithic firmware into remote and local components. This approach faces practical challenges such as data serialization, consistency, and fault tolerance.
- Capture: Centralized Library Management for Heterogeneous IoT Devices, Han Zhang, Abhijith Anilkumar, Matt Fredrikson, and Yuvraj Agarwal, Carnegie Mellon University
- “Capture” your IoT devices and improve their security, CyLab
- Protecting IoT devices from unpatched code, GCN
- USENIX Security '21 — Capture: Centralized Library Management for Heterogeneous IoT Devices, USENIX