Reverse Engineering IoT Devices: Effective Techniques and Methods

Omer Shwartz, Yael Mathov, Michael Bohadana, Yuval Elovici, Yossi Oren

Research output: Contribution to journalArticlepeer-review


Recent Internet of Things (IoT) botnet attacks have called the attention to the fact that there are many vulnerable IoT devices connected to the Internet today. Some of these Web-connected devices lack even basic security practices such as strong password authentication. As a consequence, many IoT devices are already infected with malware and many more are vulnerable to exploitation. In this paper we analyze the security level of 16 popular IoT devices. We evaluate several low-cost black-box techniques for reverse engineering these devices, including software and fault injection-based techniques used to bypass password protection. We use these techniques to recover device firmware and passwords. We also discover several common design flaws which lead to previously unknown vulnerabilities. We demonstrate the effectiveness of our approach by modifying a laboratory version of the Mirai botnet to automatically add these devices to a botnet. We also discuss how to improve the security of IoT devices without significantly increasing their cost or affecting their usability.

Original languageAmerican English
Article number8488542
Pages (from-to)4965-4976
Number of pages12
JournalIEEE Internet of Things Journal
Issue number6
StatePublished - 1 Dec 2018


  • Computer security
  • Internet of Things (IoT)
  • IoT application design
  • IoT standardization
  • IoT system architecture
  • IoT test-bed
  • Privacy
  • Reverse engineering

All Science Journal Classification (ASJC) codes

  • Signal Processing
  • Information Systems
  • Hardware and Architecture
  • Computer Science Applications
  • Computer Networks and Communications


Dive into the research topics of 'Reverse Engineering IoT Devices: Effective Techniques and Methods'. Together they form a unique fingerprint.

Cite this