We examine in detail the provisioning process used by many common, consumer-grade Internet of Things (IoT) devices. We find that this provisioning process involves the IoT device, the vendor's cloud-based server, and a vendor-provided mobile app. In order to better understand this process, we develop two toolkits. IoT-Dissect I enables us to decrypt and examine the messages exchanged between the IoT device and the vendor's server, and between the vendor's server and a vendor-provided mobile app. IoT-Dissect II permits us to reverse engineer the vendor's mobile app and observe its operation in detail. We find several potential security issues with the provisioning process and recommend ways to mitigate these potential problems. Further, based on these observations, we conclude that it is likely feasible to construct a vendor-agnostic IoT home gateway that will automate this largely manual provisioning process, isolate IoT devices on their own network, and perhaps open the tight association between an IoT device and the vendor's server.

翻译：我们详细审视了多种常见消费级物联网设备所使用的配网流程。研究发现，该流程涉及物联网设备、供应商云端服务器以及供应商提供的移动应用程序。为深入理解此流程，我们开发了两套工具集。IoT-Dissect I能够解密并分析物联网设备与供应商服务器之间、以及供应商服务器与移动应用程序之间交换的报文。IoT-Dissect II则可对供应商的移动应用进行逆向工程，并详细观察其运行机制。我们在配网流程中发现了若干潜在安全隐患，并提出了缓解这些问题的建议。此外，基于观察结果，我们认为构建一个供应商无关的物联网家庭网关具有可行性：该网关可自动化本需手动完成的配网流程，将物联网设备隔离在独立网络中，并可能打破物联网设备与供应商服务器之间的紧密绑定关系。