Perpetrate cyber-attacks using IoT devices as attack vector: The ESP8266 use case

Security of the Internet of Things is a crucial topic, due to the criticality of the networks and the sensitivity of exchanged data. In this paper, we evaluate the adoption of IoT devices to execute cyber-threats by using a specific Wi-Fi module called ESP8266. This module may implement custom user applications, but it could also be adopted for malicious purposes, as to perpetrate cyber-attacks. In particular, we implemented a social engineering attack to steal sensitive information and a slow denial of service attack to saturate the resources of a web service based on an Apache2 server. Obtained results report that the ESP8266 module is able to perform both attacks successfully. Hence, we demonstrate that even a simple and cheap module is able to execute critical cyber-attacks.