Perpetrate cyber-threats using IoT devices as attack vector: the ESP8266 use case

Security of the Internet of Things is a crucial topic, due to the criticality of the networks and the sensitivity of exchanged data. In this paper, we evaluate the adoption of IoT devices to execute cyber-threats by using a specific Wi-Fi module called ESP8266. This module allows to implement custom applications by the users but could be adopted to malicious purposes as implements cyber-threats. In particular, we implemented a social engineering attack to steal sensitive information to victims and a slow denial of service attack to saturate a service based on an Apache2 server. Obtained results report that the ESP8266 module is able to perform both attacks successfully. This work demonstrate that, with a simple module, is possible to execute critical cyber-attacks.