![Page 1: Security Analysis of Emerging Smart Home Applica6ons · IP Cameras Smart Door Locks Emerging Smart Home Frameworks 2 Potenal Security Risks ... , Fake Fire Alarms. SmartThings Primer](https://reader033.vdocument.in/reader033/viewer/2022041505/5e24a30552538d5af358c63f/html5/thumbnails/1.jpg)
Security Analysis of Emerging Smart Home Applica6ons
EarlenceFernandes,JaeyeonJung,AtulPrakashPresentedby:GoharIrfanChaudhry
IEEESecurityandPrivacy24May2016
![Page 2: Security Analysis of Emerging Smart Home Applica6ons · IP Cameras Smart Door Locks Emerging Smart Home Frameworks 2 Potenal Security Risks ... , Fake Fire Alarms. SmartThings Primer](https://reader033.vdocument.in/reader033/viewer/2022041505/5e24a30552538d5af358c63f/html5/thumbnails/2.jpg)
COSensors ConnectedOvens
SmartTVs
SmartPlugsIPCameras
SmartDoorLocks
EmergingSmartHomeFrameworks
2
![Page 3: Security Analysis of Emerging Smart Home Applica6ons · IP Cameras Smart Door Locks Emerging Smart Home Frameworks 2 Potenal Security Risks ... , Fake Fire Alarms. SmartThings Primer](https://reader033.vdocument.in/reader033/viewer/2022041505/5e24a30552538d5af358c63f/html5/thumbnails/3.jpg)
Poten6al Security Risks
3
Flooding[1]RemotelydetermineprimeOmeforBurglary[1,2]
OR
[1]Denningetal.,ComputerSecurityandtheModernHome,CACM’13[2]FTCInternetofThingsReport’15
Current Vulnerabili6es
Devices Protocols
TheseaUacksaredevice-specific,andrequireproximitytothehome
![Page 4: Security Analysis of Emerging Smart Home Applica6ons · IP Cameras Smart Door Locks Emerging Smart Home Frameworks 2 Potenal Security Risks ... , Fake Fire Alarms. SmartThings Primer](https://reader033.vdocument.in/reader033/viewer/2022041505/5e24a30552538d5af358c63f/html5/thumbnails/4.jpg)
Inwhatwaysaretheseemerging,programmablesmarthomesvulnerabletoaUacks,and
whatdothoseaUacksentail?
4
![Page 5: Security Analysis of Emerging Smart Home Applica6ons · IP Cameras Smart Door Locks Emerging Smart Home Frameworks 2 Potenal Security Risks ... , Fake Fire Alarms. SmartThings Primer](https://reader033.vdocument.in/reader033/viewer/2022041505/5e24a30552538d5af358c63f/html5/thumbnails/5.jpg)
Analysis of SmartThings
• WhySmartThings?• RelaOvelyMature(2012)• 521SmartApps• 132devicetypes• SharesdesignprincipleswithotherexisOng,nascentframeworks
AccessControl
5
Trigger-AcOonProgramming
• Methodology• Examinesecurityfrom5perspecOvesbyconstrucOngtestappstoexerciseSmartThingsAPI
• Empiricalanalysisof499appstodeterminesecurityissueprevalence• ProofofconceptaUacksthatcomposesecurityflaws
![Page 6: Security Analysis of Emerging Smart Home Applica6ons · IP Cameras Smart Door Locks Emerging Smart Home Frameworks 2 Potenal Security Risks ... , Fake Fire Alarms. SmartThings Primer](https://reader033.vdocument.in/reader033/viewer/2022041505/5e24a30552538d5af358c63f/html5/thumbnails/6.jpg)
Analysis of SmartThings – Results Overview SecurityAnalysisArea FindingOverprivilegeinApps TwoTypesofAutomaOcOverprivilegeEventSystemSecurity EventSnoopingandSpoofing
Third-partyIntegraOonSafety IncorrectOAuthCanLeadtoAUacksExternalInputSaniOzaOon GroovyCommandInjecOonAUacks
APIAccessControl NoAccessControlaroundSMS/InternetAPI
EmpiricalAnalysisof499Apps >40%ofappsexhibitoverprivilegeofatleastonetype
ProofofConceptAIacks
6
PincodeInjecLonandSnooping,DisablingVacaLonMode,FakeFireAlarms
![Page 7: Security Analysis of Emerging Smart Home Applica6ons · IP Cameras Smart Door Locks Emerging Smart Home Frameworks 2 Potenal Security Risks ... , Fake Fire Alarms. SmartThings Primer](https://reader033.vdocument.in/reader033/viewer/2022041505/5e24a30552538d5af358c63f/html5/thumbnails/7.jpg)
SmartThings Primer
WiFi
ZWave
SmartThingsCompanionApp
Configure
Control
SmartThingsCloudPlagorm
SmartAppSmartDevice
Groovy-BasedSandbox
Groovy-BasedSandbox
CapabilitySystem
[Cmd/AUr][Events]
HTTPSGET/PUT
InternetAPISMSAPI
7
![Page 8: Security Analysis of Emerging Smart Home Applica6ons · IP Cameras Smart Door Locks Emerging Smart Home Frameworks 2 Potenal Security Risks ... , Fake Fire Alarms. SmartThings Primer](https://reader033.vdocument.in/reader033/viewer/2022041505/5e24a30552538d5af358c63f/html5/thumbnails/8.jpg)
Capability System
UntrustedSmartApp
ZWaveLockSmartDevice
capability.lock capability.lockCodes capability.baFery …
SendcommandsRead/setaUributes
Receiveevents
Capability Commands AIributes
capability.lock lock(),unlock() lock(lockstatus)
capability.baUery N/A baUery(baUerystatus)
UsabilitySimplerCoarserCapabiliOes
SecurityVeryGranularCapabiliOes
EaseofDevelopmentExpressiveFuncOonality
8
![Page 9: Security Analysis of Emerging Smart Home Applica6ons · IP Cameras Smart Door Locks Emerging Smart Home Frameworks 2 Potenal Security Risks ... , Fake Fire Alarms. SmartThings Primer](https://reader033.vdocument.in/reader033/viewer/2022041505/5e24a30552538d5af358c63f/html5/thumbnails/9.jpg)
SmartApps request Capabili6es
DeviceEnumeraOon
defini6on(name: “DemoApp”, namespace: “com.tes6ng”, category: “U6lity”) //query the user for capabili6es preferences {
sec6on(“BaFery-Powered Devices”) { input “dev”, “capability.baFery”, 6tle: “Select baFery powered devices you wish to authorize”, mul6ple: true
} }
…
9
![Page 10: Security Analysis of Emerging Smart Home Applica6ons · IP Cameras Smart Door Locks Emerging Smart Home Frameworks 2 Potenal Security Risks ... , Fake Fire Alarms. SmartThings Primer](https://reader033.vdocument.in/reader033/viewer/2022041505/5e24a30552538d5af358c63f/html5/thumbnails/10.jpg)
ZWave
WiFi
SmartThingsCompanionApp
Configure
Control
SmartThingsCloudPlagorm
SmartAppSmartDevice
Groovy-BasedSandbox
Groovy-BasedSandbox
CapabilitySystem
[Cmd/AUr][Events]
HTTPSGET/PUT
InternetAPISMSAPI
Overprivilege in SmartApps
10
![Page 11: Security Analysis of Emerging Smart Home Applica6ons · IP Cameras Smart Door Locks Emerging Smart Home Frameworks 2 Potenal Security Risks ... , Fake Fire Alarms. SmartThings Primer](https://reader033.vdocument.in/reader033/viewer/2022041505/5e24a30552538d5af358c63f/html5/thumbnails/11.jpg)
Overprivilege in SmartApps
CoarseSmartApp-SmartDeviceBindingSmartApp
input “dev”, “capability.baFery”
SmartDevice1[ZWaveLock]
capability.battery capability.lock
capability.refresh
SmartDevice2[SmokeSensor] capability.battery capability.smoke capability.refresh
PhysicalLock PhysicalSmokeSensor
Coarse-GrainedCapabiliOes • “Auto-lock”appfromappstore
• Onlyneeds“lock”command,butcanalsoissue“unlock”
OverprivilegeIncreasesAUackSurfaceoftheHome
11
![Page 12: Security Analysis of Emerging Smart Home Applica6ons · IP Cameras Smart Door Locks Emerging Smart Home Frameworks 2 Potenal Security Risks ... , Fake Fire Alarms. SmartThings Primer](https://reader033.vdocument.in/reader033/viewer/2022041505/5e24a30552538d5af358c63f/html5/thumbnails/12.jpg)
ZWave
WiFi
SmartThingsCompanionApp
Configure
Control
SmartThingsCloudPlagorm
SmartAppSmartDevice
CapabilitySystem
[Cmd/AUr][Events]
HTTPSGET/PUT
InternetAPISMSAPI
Insufficient Event Data Protec6on
Groovy-BasedSandbox
Groovy-BasedSandbox
12
![Page 13: Security Analysis of Emerging Smart Home Applica6ons · IP Cameras Smart Door Locks Emerging Smart Home Frameworks 2 Potenal Security Risks ... , Fake Fire Alarms. SmartThings Primer](https://reader033.vdocument.in/reader033/viewer/2022041505/5e24a30552538d5af358c63f/html5/thumbnails/13.jpg)
Insufficient Event Data Protec6on
SmartApp ZWaveDoorLock
71c9344e-6bea-4ae8-993a-28a7817a7d9e
subscribedev,“door.unlock”,handler
13
handler(EventData:{unlocked,Ome:9AM})
• OnceaSmartAppgainsanycapabilityforadevice,itcansubscribetoanyeventthatdevicegenerates
• IfaSmartAppacquiresthe128-bitID,thenitcanmonitoralleventsofthatdevicewithoutgaininganyofthecapabiliOesthedevicesupports
• Usingthe128-bitID,aSmartAppcanspoofphysicaldeviceevents• (aperbeingregistereditcanreaddevice.idvalue)
![Page 14: Security Analysis of Emerging Smart Home Applica6ons · IP Cameras Smart Door Locks Emerging Smart Home Frameworks 2 Potenal Security Risks ... , Fake Fire Alarms. SmartThings Primer](https://reader033.vdocument.in/reader033/viewer/2022041505/5e24a30552538d5af358c63f/html5/thumbnails/14.jpg)
Insufficient Event Data Protec6on
SmartApp ZWaveDoorLock
71c9344e-6bea-4ae8-993a-28a7817a7d9e
subscribedev,“door.unlock”,handler
14
handler(EventData:{unlocked,Ome:9AM})
• CanleadtoleakageofconfidenOalinformaOon
• SpoofedEventscanleadtoApps/DevicestakingincorrectacOons
• AppscanusethelocaOonobject(vacaOonmodeaUack)
![Page 15: Security Analysis of Emerging Smart Home Applica6ons · IP Cameras Smart Door Locks Emerging Smart Home Frameworks 2 Potenal Security Risks ... , Fake Fire Alarms. SmartThings Primer](https://reader033.vdocument.in/reader033/viewer/2022041505/5e24a30552538d5af358c63f/html5/thumbnails/15.jpg)
15
SmartThingsCloudPlagorm
SmartAppSmartDevice
CapabilitySystem
[Cmd/AUr][Events]
HTTPSGET/PUT
InternetAPISMSAPI
Other Poten6al Security Issues - OAuth
[1]Chenetal.,OAuthDemysOfiedforMobileApplicaOonDevelopers,CCS’14
• InsecurityofThird-PartyIntegraOon:SmartAppsexposeHTTPendpointsprotectedbyOAuth;IncorrectimplementaOoncanleadtoremoteaUacks[1]
Groovy-BasedSandbox
Groovy-BasedSandbox
![Page 16: Security Analysis of Emerging Smart Home Applica6ons · IP Cameras Smart Door Locks Emerging Smart Home Frameworks 2 Potenal Security Risks ... , Fake Fire Alarms. SmartThings Primer](https://reader033.vdocument.in/reader033/viewer/2022041505/5e24a30552538d5af358c63f/html5/thumbnails/16.jpg)
SmartThingsCloudPlagorm
SmartAppSmartDevice
CapabilitySystem
[Cmd/AUr][Events]
HTTPSGET/PUT
InternetAPISMSAPI
Other Poten6al Security Issues - OAuth
• UnsafeuseofGroovyDynamicMethodInvocaOon:AppscanbetrickedintoperformingunintendedacOons
16
def foo() { … } def str = “foo” “$str”()
Groovy-BasedSandbox
Groovy-BasedSandbox
![Page 17: Security Analysis of Emerging Smart Home Applica6ons · IP Cameras Smart Door Locks Emerging Smart Home Frameworks 2 Potenal Security Risks ... , Fake Fire Alarms. SmartThings Primer](https://reader033.vdocument.in/reader033/viewer/2022041505/5e24a30552538d5af358c63f/html5/thumbnails/17.jpg)
SmartThingsCloudPlagorm
SmartAppSmartDevice
CapabilitySystem
[Cmd/AUr][Events]
HTTPSGET/PUT
InternetAPISMSAPI
Other Poten6al Security Issues – Unrestricted
17
External Communica6on APIs
• UnrestrictedCommunicaOonAbiliOes:SMSandInternet;Canbeusedtoleakdataarbitrarily
Groovy-BasedSandbox
Groovy-BasedSandbox
![Page 18: Security Analysis of Emerging Smart Home Applica6ons · IP Cameras Smart Door Locks Emerging Smart Home Frameworks 2 Potenal Security Risks ... , Fake Fire Alarms. SmartThings Primer](https://reader033.vdocument.in/reader033/viewer/2022041505/5e24a30552538d5af358c63f/html5/thumbnails/18.jpg)
Compu6ng Overprivilege
Coarse-GrainedCapabiliOes
RequestedCmds/Attrs
CoarseSmartApp-SmartDeviceBinding
GrantedCapabiliOes
18
UsedCmds/AUrs
UsedCapabiliOes
![Page 19: Security Analysis of Emerging Smart Home Applica6ons · IP Cameras Smart Door Locks Emerging Smart Home Frameworks 2 Potenal Security Risks ... , Fake Fire Alarms. SmartThings Primer](https://reader033.vdocument.in/reader033/viewer/2022041505/5e24a30552538d5af358c63f/html5/thumbnails/19.jpg)
Measuring Overprivilege in SmartApps
19
• SmartThingsisclosedsource;can’tdoinstrumentaOon
• Groovyisextremelydynamic;BytecodeusesreflecOon(GroovyMetaObjectProtocol)
Challenge• Incompletecapabilitydetails(commands/aUributes)
SoluOon• DiscoveredanunpublishedRESTendpoint,which,ifgivenadeviceID,returnscapabilitydetails
• Studysourcecodeofappsfromopen-sourceappstoreinstead
• StaOcanalysis
![Page 20: Security Analysis of Emerging Smart Home Applica6ons · IP Cameras Smart Door Locks Emerging Smart Home Frameworks 2 Potenal Security Risks ... , Fake Fire Alarms. SmartThings Primer](https://reader033.vdocument.in/reader033/viewer/2022041505/5e24a30552538d5af358c63f/html5/thumbnails/20.jpg)
Empirical Analysis Results
20
Documented CompletedCommands 65 93AUributes 60 85
ReasonforOverprivilege NumberofAppsCoarse-grainedCapability 276(55%)
CoarseSmartApp-SmartDeviceBinding
213(43%)
OverprivilegeUsagePrevalence(CoarseBinding) 68(14%)
![Page 21: Security Analysis of Emerging Smart Home Applica6ons · IP Cameras Smart Door Locks Emerging Smart Home Frameworks 2 Potenal Security Risks ... , Fake Fire Alarms. SmartThings Primer](https://reader033.vdocument.in/reader033/viewer/2022041505/5e24a30552538d5af358c63f/html5/thumbnails/21.jpg)
21
Empirical Analysis of SmartThings
TotalnumberofSmartDevices 132NumberofSmartDevicesraisingeventsusing
createEventandsendEvent.SucheventscanbesnoopedonbySmartApps
111
TotalnumberofSmartApps 499
NumberofappsusingpotenOallyunsafeGroovydynamicmethodinvocaOon
26
NumberofOAuth-enabledapps,whosesecuritydependsoncorrectimplementaOonofOAuth
27
NumberofappsusingunrestrictedSMSAPIs 131
NumberofappsusingunrestrictedInternetAPIs 36
![Page 22: Security Analysis of Emerging Smart Home Applica6ons · IP Cameras Smart Door Locks Emerging Smart Home Frameworks 2 Potenal Security Risks ... , Fake Fire Alarms. SmartThings Primer](https://reader033.vdocument.in/reader033/viewer/2022041505/5e24a30552538d5af358c63f/html5/thumbnails/22.jpg)
22
Exploi6ng Design Flaws in SmartThings
AIackDescripLon
AIackVectors
PhysicalWorldImpact
BackdoorPincodeInjecOonAUack
CommandinjecOonintoexisOngWebServiceSmartApp;Overprivilege;OAuthimpl.flaws
Enablingphysicalentry;Thep
DoorLockPincodeSnoopingAUack
StealthybaUery-levelmonitoringapp;Overprivilege;leakdatausingSMS
Enablingphysicalentry;Thep
DisablingVacaOonModeAUack
AUackappwithnocapabiliOes;Misusinglogicofbenignapp;EventSpoofing
Thep;Vandalism
FakeAlarmAUack
AUackappwithnocapabiliOes;Eventspoofing;Misusinglogicofbenignapp
MisinformaOon;Annoyance
![Page 23: Security Analysis of Emerging Smart Home Applica6ons · IP Cameras Smart Door Locks Emerging Smart Home Frameworks 2 Potenal Security Risks ... , Fake Fire Alarms. SmartThings Primer](https://reader033.vdocument.in/reader033/viewer/2022041505/5e24a30552538d5af358c63f/html5/thumbnails/23.jpg)
Exploi6ng Design Flaws in SmartThings
OverprivilegeCommandInjecOon
OAuthCompromise
EventSpoofing
UnrestrictedSMSAPI
PincodeInjecOon
PincodeSnooping
DisablingVacaOonMode
FakeCOAlarm
PopularExisOngSmartAppwithAndroidcompanionapp;UnintendedacOonofsetCode()onlock
StealthymalwareSmartApp;ONLYrequestscapability.baUery
MalwareSmartAppswithnocapabiliOes;MisuseslogicofexisOngSmartAppswithfakeevents
21
![Page 24: Security Analysis of Emerging Smart Home Applica6ons · IP Cameras Smart Door Locks Emerging Smart Home Frameworks 2 Potenal Security Risks ... , Fake Fire Alarms. SmartThings Primer](https://reader033.vdocument.in/reader033/viewer/2022041505/5e24a30552538d5af358c63f/html5/thumbnails/24.jpg)
24
Poten6al Defense Strategies
• Achievingleast-privilegeinSmartApps• RiskasymmetryindeviceoperaOons,e.g.,oven.onandoven.off• IncludenoOonsofriskfrommulOplestakeholders,rank[1],andregroup
• PrevenLnginformaLonleakagefromevents• ProvideanoOonofstrongidenOtyforapps+accesscontrolonevents• Makeappsrequestaccesstocertaintypesofevents,e.g.,lockpincodeACKs
[1]Feltetal.,I’vegot99problems,butvibraOonain’tone:Asurveyofsmartphoneusers’concerns, SPSM’12
![Page 25: Security Analysis of Emerging Smart Home Applica6ons · IP Cameras Smart Door Locks Emerging Smart Home Frameworks 2 Potenal Security Risks ... , Fake Fire Alarms. SmartThings Primer](https://reader033.vdocument.in/reader033/viewer/2022041505/5e24a30552538d5af358c63f/html5/thumbnails/25.jpg)
Backdoor Pincode Injec6on AFack
28
WebServiceSmartApp
HTTP PUT
HTTP GET
client_id client_secret
mappings { path(“/devices/:id”) { ac6on: [ PUT: “updateDevice” ]
} def updateDevice() {
def cmd = request.JSON.command def args = request.JSON.arguments // code truncated device.”$cmd”(*args)
}
{ command: setCode, arguments: [3, ‘5500’]
}
![Page 26: Security Analysis of Emerging Smart Home Applica6ons · IP Cameras Smart Door Locks Emerging Smart Home Frameworks 2 Potenal Security Risks ... , Fake Fire Alarms. SmartThings Primer](https://reader033.vdocument.in/reader033/viewer/2022041505/5e24a30552538d5af358c63f/html5/thumbnails/26.jpg)
Example of Stealing an OAuth Bearer Token
• DecompileAPKbytecodetogettheclient_secret+client_id
• Sendemailtouseraskingto“reauthenOcate”toSmartThings
hUps://graph.api.smarUhings.com/oauth/authorize?responsetype=code&client_id=REDACTED&scope=app&redirect_uri=hUp%3A%2F%2FssmarUhings.appspot.com
OpenRedirector29
![Page 27: Security Analysis of Emerging Smart Home Applica6ons · IP Cameras Smart Door Locks Emerging Smart Home Frameworks 2 Potenal Security Risks ... , Fake Fire Alarms. SmartThings Primer](https://reader033.vdocument.in/reader033/viewer/2022041505/5e24a30552538d5af358c63f/html5/thumbnails/27.jpg)
39
![Page 28: Security Analysis of Emerging Smart Home Applica6ons · IP Cameras Smart Door Locks Emerging Smart Home Frameworks 2 Potenal Security Risks ... , Fake Fire Alarms. SmartThings Primer](https://reader033.vdocument.in/reader033/viewer/2022041505/5e24a30552538d5af358c63f/html5/thumbnails/28.jpg)
Door Lock Pincode Snooping AFack
LockCodeManagerApp
ZWaveLockDeviceHandler
SmartThingsHub
BaUeryMonitorApp
setCode(‘5500’)
28
codeReport event
zwave.userCodeV1.userCodeSet zwave.userCodeV1.userCodeGet
subscribe(‘codeReport’) [Possible due to overprivilege]
ZWave commands and reports
![Page 29: Security Analysis of Emerging Smart Home Applica6ons · IP Cameras Smart Door Locks Emerging Smart Home Frameworks 2 Potenal Security Risks ... , Fake Fire Alarms. SmartThings Primer](https://reader033.vdocument.in/reader033/viewer/2022041505/5e24a30552538d5af358c63f/html5/thumbnails/29.jpg)
29
Summary • Firstlookatthesecuritydesignofaprogrammablesmarthomepla[orm:SamsungSmartThings;Challenge:BlackboxCloudSystem
• Twosecuritydesignissues:• Overprivilege:CoarsegrainedcapabiliOes,andCoarseSmartApp-SmartDeviceBinding
• InsecureEvents:AppsdonotneedspecialprivilegestoaccesssensiOveinfo• EmpiricalAnalysis:55%ofappsdonotusealloperaOonstheircapabiliOesimply;43%getcapabiliOestheydidnotexplicitlyrequest
• FourPoCaIacksthatcombinevarioussecuritydesignissues• TheseaUacksaredeviceindependent,andlong-range
• SecurityImprovements:NoOfiedSmartThingsinDec2015;ImprovementsinvezngprocessanddeveloperbestpracOcesforGroovyStrings(Apr2016);Discussiononimprovementstocapabilitysystem(May2016)
![Page 30: Security Analysis of Emerging Smart Home Applica6ons · IP Cameras Smart Door Locks Emerging Smart Home Frameworks 2 Potenal Security Risks ... , Fake Fire Alarms. SmartThings Primer](https://reader033.vdocument.in/reader033/viewer/2022041505/5e24a30552538d5af358c63f/html5/thumbnails/30.jpg)
• Firstlookatthesecuritydesignofaprogrammablesmarthomepla[orm:SamsungSmartThings
• Twosecuritydesignissues:• Overprivilege:CoarsegrainedcapabiliOes,andCoarseSmartApp-SmartDeviceBinding
• InsecureEvents:AppsdonotneedspecialprivilegestoaccesssensiOveinfo• EmpiricalAnalysis:55%ofappsdonotusealloperaOonstheircapabiliOesimply;43%getcapabiliOestheydidnotexplicitlyrequest
• FourPoCaIacksthatcombinevarioussecuritydesignissues• TheseaUacksaredeviceindependent,andlong-range
• SecurityImprovements:NoOfiedSmartThingsinDec2015;ImprovementsinvezngprocessanddeveloperbestpracOcesforGroovyStrings(Apr2016);Discussiononimprovementstocapabilitysystem(May2016)
24
Security Analysis of Emerging Smart Home Applica6ons
hIps://iotsecurity.eecs.umich.edu EarlenceFernandes
![Page 31: Security Analysis of Emerging Smart Home Applica6ons · IP Cameras Smart Door Locks Emerging Smart Home Frameworks 2 Potenal Security Risks ... , Fake Fire Alarms. SmartThings Primer](https://reader033.vdocument.in/reader033/viewer/2022041505/5e24a30552538d5af358c63f/html5/thumbnails/31.jpg)
Discussion
1. Smarthomeordumbsecurityrisk?2. Howshouldweredesignthesystem?3. Maketheprogrammableframeworksopensource?
4. Videos?hIps://iotsecurity.eecs.umich.edu