There are ever increasing numbers of data processing devices having processing and communication capabilities, which allows for interaction between such data processing devices, objects and cloud services, across different environments, as part of the ‘Internet of Things’ (IoT).
For example, a heating system in the home may gather information from various temperature sensor devices provided in a network (e.g. a mesh network) in the home and control the activation of heaters based on the gathered information; a factory pollution monitoring sensor device may gather information from various chemical sensors in a factory network and arrange maintenance via the internet based on the gathered information; a fridge may gather information from products within the fridge and update a user as to stock levels, best before dates and the like, for example, via the user's smartwatch or smartphone; while a door-lock device configured to lock/unlock doors may communicate with an authorized device, such as a smartphone paired therewith, to validate the authorized device and unlock one or more of the doors when the authorized device is in range thereof.
In IoT applications, such data processing devices, hereinafter ‘IoT devices’ may have minimal security capabilities such that they tend to be vulnerable to an attack by a 3rd party. As an example, an attacker may, using a rogue device, intercept messages destined for the IoT device and modify/forge messages before transmitting the modified/forged messages to the IoT device so as to compromise the IoT device. Additionally or alternatively the attacker may transmit packets comprising corrupt data to an IoT device, which may result in failure of the IoT device.
Instead of attempting to intercept messages, an attacker may instead repeatedly send forged messages to the IoT devices, such that the IoT devices will attempt to process the forged messages such that the flash cycles at the IoT device will be exhausted or the battery drained, whereby the IoT device will not be capable of receiving further messages from genuine devices. Furthermore, an IoT device repeatedly receiving messages having packets with errors therein may repeatedly re-request updated messages from the transmitting device, thereby increasing congestion on the network.