70 likes | 80 Views
Explore the impact of phishing with consumer electronics, focusing on malicious home routers. The study delves into generalized phishing tactics, broadcasting, spoofing, and the online marketplace embedding communication devices. Sustainability factors and the financial implications of identity fraud are also analyzed, underscoring the need for trust in hardware vendors to combat such cyber threats.
E N D
Phishing with Consumer Electronics : Malicious Home Routers Alex Tsow atsow@cs.indiana.edu
Generalized Phishing • Broadcasting + Spoofing • Spam + Spoofed webhost • Online Marketplace + Spoofed Electronics • Communications devices are mutable embedded systems • Network routers • Cell Phones • Computer motherboards
The Online Marketplace • Available to millions without spamming • Confers feeling of control to buyer • Unverified identities and products, caveat emptor • Seller chooses own jurisdiction • Trust cultivated by reputation system • Measures mostly transactional satisfaction
Sustainability: Volume • Expensive startup costs • $45 to $120 per router • 131 of 145 “Linksys 802.11g routers” sold in a week • Estimate selling 15 per week • Estimate 3 victims per router • 45 victims per week is roughly 1% of all victims attributed to phishing in US.
Sustainability: Benefits • $6,383 average identity fraud in 2006 • $2100 misuse of existing account • $10,200 new account & other fraud • 45 x 52 x $6,383 = $14,936,220 • 45 x 52 x $2,100 = $4,914,000 • Total distribution overhead • $34,000 to $81,000
Conclusion • Malicious embedded software is not just a theory • Must be able to trust your hardware vendor • At $5-$20 million a year, someone will do this, or is already doing it