IoTLS: Understanding TLS Usage in Consumer IoT Devices
Date
2021-11Abstract
Consumer IoT devices are becoming increasingly popular, with
most leveraging TLS to provide connection security. In this work,
we study a large number of TLS-enabled consumer IoT devices to
shed light on how effectively they use TLS, in terms of establishing
secure connections and correctly validating certificates, and how
observed behavior changes over time. To this end, we gather more
than two years of TLS network traffic from IoT devices, conduct
active probing to test for vulnerabilities, and develop a novel black-
box technique for exploring the trusted root stores in IoT devices
by exploiting a side-channel through TLS Alert Messages. We find a
wide range of behaviors across devices, with some adopting best
security practices but most being vulnerable in one or more of
the following ways: use of old/insecure protocol versions and/or
ciphersuites, lack of certificate validation, and poor maintenance
of root stores. Specifically, we find that at least 8 IoT devices still
include distrusted certificates in their root stores, 11/32 devices are
vulnerable to TLS interception attacks, and that many devices fail
to adopt modern protocol features over time. Our findings motivate
the need for IoT manufacturers to audit, upgrade, and maintain
their devices’ TLS implementations in a consistent and uniform
way that safeguards all of their network traffic.