• Journal of Internet Computing and Services
    ISSN 2287 - 1136 (Online) / ISSN 1598 - 0170 (Print)
    https://jics.or.kr/
Menu

A Study on Vulnerability Analysis and Memory Forensics of ESP32


Jiyeon Baek, Jiwon Jang, Seongmin Kim, Journal of Internet Computing and Services, Vol. 25, No. 3, pp. 1-8, Jun. 2024
10.7472/jksii.2024.25.3.1, Full Text:  HTML
Keywords: Memory Forensics, Over-The-Air (OTA), ESP32, Attack Scenario

Abstract

As the Internet of Things (IoT) has gained significant prominence in our daily lives, most IoT devices rely on over-the-air technology to automatically update firmware or software remotely via the network connection to relieve the burden of manual updates by users. And preserving security for OTA interface is one of the main requirements to defend against potential threats. This paper presents a simulation of an attack scenario on the commoditized System-on-a-chip, ESP32 chip, utilized for drones during their OTA update process. We demonstrate three types of attacks, WiFi cracking, ARP spoofing, and TCP SYN flooding techniques and postpone the OTA update procedure on an ESP32 Drone. As in this scenario, unpatched IoT devices can be vulnerable to a variety of potential threats. Additionally, we review the chip to obtain traces of attacks from a forensics perspective and acquire memory forensic artifacts to indicate the SYN flooding attack.


Statistics
Show / Hide Statistics

Statistics (Past 3 Years)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article
[APA Style]
Baek, J., Jang, J., & Kim, S. (2024). A Study on Vulnerability Analysis and Memory Forensics of ESP32. Journal of Internet Computing and Services, 25(3), 1-8. DOI: 10.7472/jksii.2024.25.3.1.

[IEEE Style]
J. Baek, J. Jang, S. Kim, "A Study on Vulnerability Analysis and Memory Forensics of ESP32," Journal of Internet Computing and Services, vol. 25, no. 3, pp. 1-8, 2024. DOI: 10.7472/jksii.2024.25.3.1.

[ACM Style]
Jiyeon Baek, Jiwon Jang, and Seongmin Kim. 2024. A Study on Vulnerability Analysis and Memory Forensics of ESP32. Journal of Internet Computing and Services, 25, 3, (2024), 1-8. DOI: 10.7472/jksii.2024.25.3.1.