IOT_CHFI

Question 1

Access Gateway Layer

Answer 1

This layer helps bridge the gap between two end points, such as a device and a client. The very first data handling also takes place in this layer. It carries out message routing, message identification, and subscription.

Question 2

Android wear pair device

Answer 2

1. Enable developer options on the smartwatch

Question 3

application

Answer 3

Validation of the inputted string, AuthN, AuthZ, no automatic security updates, default passwords

Question 4

Cloud

Answer 4

Improper authentication, no encryption for storage and communications, insecure web interface

Question 5

complications.db

Answer 5

Contains complications display information

Question 6

cross-site request forgery (XSRF)

Answer 6

is a type of attack in which a malicious web site, blog, instant message, or program causes a user’s web browser to behave abnormally on a trusted site for which the user is authenticated at that moment.

Question 7

Cross-Site Scripting (XSS)

Answer 7

is a type of attack on web applications, using which an attacker can inject malicious code into the application to obtain unauthorized access to the web application.

Question 8

Data API

Answer 8

This API helps the data sync with the smartphone; once synced, the data is automatically transferred among the two devices

Question 9

DataStore.db

Answer 9

Contains to-do lists and shopping lists that are acquired using the todos API from cloud services and client centric applications.

Question 10

DDoS attack on IoT device steps

Answer 10

1. Attacker gains remote access to vulnerable devices

Question 11

DDoS attack

Answer 11

attack is a type of attack where multiple infected systems are used to pound a single online system or service, thereby making the server useless, slow, and unavailable for a legitimate user for a short period of time.

Question 12

Edge Technology Layer

Answer 12

This layer consists of all the hardware components, including sensors, radio-frequency identification (RFID) tags, readers, or other soft sensors, and the device itself. These entities are the primary part of the data sensors that are deployed in the field for monitoring or sensing various phenomena. This layer plays an important part in data collection, and in connecting devices within the network and with the server.

Question 13

Forged Malicious Device

Answer 13

Attackers replace authentic IoT devices with malicious devices if they have physical access to the network.

Question 14

GPS connections

Answer 14

help determine the physical location of a smartwatch. A smartwatch can obtain satellite signals and help determine the exact location of the user of that watch.

Question 15

gservices.db

Answer 15

Contains information related to Google Service Frameworks for Android.

Question 16

Internet Layer

Answer 16

one of the crucial layers within the IoT architecture, as it serves as the main component in communicating between two end points. The communication can be between two devices, or any device connected to a cloud, or between a device and any local gateway service; it may also involve backend data sharing.

Question 17

man-in-the-middle attack

Answer 17

An attacker pretends to be a legitimate sender who intercepts all communication between the sender and receiver and hijacks the communication.

Question 18

Map_data_storage.db

Answer 18

Contains currently logged-in users in the Alexa device, and whenever a user signs out, the data in the database is erased; however, the deleted records can be recovered from the SQLite database and its journal file.

Question 19

Message API

Answer 19

This API manages call, messages, and emails by sending a small payload to the connected smartphone

Question 20

Middleware Layer

Answer 20

This is one of the most critical layers in the two-way mode. As the name suggests, this layer sits in the middle of the application layer and the hardware layer, thus behaving as an interface between these two layers. It is responsible for important functions such as data management, device management, and various issues such as data analysis, data aggregation, data filtering, device information discovery, and access control.

Question 21

mobile

Answer 21

Insecure API, lack of communication channels encryption, authentication, and lack of storage security

Question 22

Network

Answer 22

Firewall, improper communications encryption, services, lack of automatic updates

Question 23

Node API

Answer 23

This API manages all nodes that can be connected or disconnected on the smartwatch. The connected smart phone receives notifications with the help of the node API whenever a new connection is established among the IoT devices.

Question 24

Replay Attack

Answer 24

attackers intercept legitimate messages from a valid communication and continuously send the intercepted message to the target device to perform a denial-of-service attack or delay it in order to manipulate the message or crash the target device.

Question 25

Rolling Code Attack

Answer 25

1. Victim presses car remote button and tries to unlock the car

Question 26

Side Channel Attack

Answer 26

attack by extracting information on encryption keys by observing the emission of signals, that is, “side channels” from IoT devices. All devices emit these signals that provide information about the internal computing process either by power consumption or electromagnetic emanations.

Question 27

SQL injection

Answer 27

is a code injection technique where a malicious code is injected in the application to extract and modify the database content.

Question 28

Sybil Attack

Answer 28

An attacker uses multiple forged identities to create a strong illusion of traffic congestion, affecting communication between neighboring nodes and networks.

Question 29

User Enumeration

Answer 29

is a technique in which an attacker finds out whether some username is already existing or not with the help of forgot password form. Once a set of existing or valid usernames are obtained, they can be used to obtain further access to their accounts.