close
close

Your internet-connected home devices may pose a threat to your security. BYU computer engineers have a solution

Posted on by darion

It seems like almost every new home device these days connects to the Internet. Thermostat? Check. Doorbell? Yes. Washer and dryer? Of course, in 2024, even pet feeders now connect to Wi-Fi and can be controlled via an app.

While this is convenient for dishwashers and pet owners everywhere, this trend also leaves consumers vulnerable to cyber attacks. This is because Internet of Things (IoT) devices are typically riddled with security vulnerabilities, and there are many examples of IoT devices serving as backdoors into private networks and then being used as botnets (infected malware) in malicious denial-of-service attacks “.

BYU computer engineering professor Phil Lundrigan says these exploits are possible because of the design of Wi-Fi security. This is because when you connect your device to a Wi-Fi network, providing the network name and password, you give the device full access to your network. And just one unsecured device can threaten the entire network.

“When you connect a device to a network, it can start scanning for vulnerabilities or it can become a Trojan horse monitoring traffic on your network,” Lundrigan said. “You buy this cheap device, but how do you know if you can trust it? We say: don’t connect it to the network, use our technology instead.

According to Lundrigan, WiFi only has two trust modes: total trust or no trust at all. He likes to use the analogy of someone coming to your house and the only two options are not to open the door or give them the house keys. “There has to be a middle option,” he said.

An intermediate option that provides partial trust would allow consumers to connect simple IoT devices such as air quality monitors to their home network without the risk of network compromise. And that’s exactly what Lundrigan and a team of students — Jacob Johnson, Ashton Palacios and undergraduate student Cody Arvonen — created.

Their solution allows communication between a WiFi device sending a small amount of data, such as a sensor, and a trusted WiFi network, without the need to connect the device to the network. Lundrigan and his colleagues achieve communication through the following technical steps:

  • First, they strategically and “surgically” disrupt Wi-Fi communication with the device
  • This jamming causes a temporary increase in the time it takes for data to travel across the network (called latency).
  • The pattern in which a device disrupts a network conveys information
  • Another device on the network detects changes in delay and receives the data

The result was a new wireless subprotocol they called “delay-shift keying.” Returning to the analogy of a stranger at your doorstep, Lundrigan says LSK is like knocking on a door, but the person knocks in a specific pattern to transmit data. Before this new door method (WiFi) was introduced, there were only two ways to use it: open it or keep it closed. Now there is a third way to interact with the person on the other side of the door.

“Communicating by knocking requires someone to be home and listening, which is the same as our protocol — you need a device on the network that looks for LSK messages,” Lundrigan said. “Knocking and LSK work because an outsider can influence something in the physical environment that an insider can “hear” and measure. In the case of knocking, it is the sound it makes; in the case of LSK it is a delay.”

For security, this method creates an air gap between untrusted IoT devices and the secured network, and only allows communication in one direction and only when the trusted Wi-Fi network needs to receive data. Full technical data can be found in wa article recently accepted for presentation in 2024 International Conference on Mobile Computing and Networking (Mobicom).

Lundrigan said that while there are other solutions to this problem, such as splitting the network using separate Wi-Fi networks, they usually require additional hardware or advanced network configuration, which usually requires some advanced knowledge. The Lundrigan software-based solution requires no additional hardware and uses the main Wi-Fi network.

You can read more about Lundrigan’s work here: https://netlab.byu.edu/projects/