MaDIoT 2.0: Modern High-Wattage IoT Botnet Attacks and Defenses


Tohid Shekari, Georgia Institute of Technology; Alvaro A. Cardenas, University of California, Santa Cruz; Raheem Beyah, Georgia Institute of Technology


The widespread availability of vulnerable IoT devices has resulted in IoT botnets. A particularly concerning IoT botnet can be built around high-wattage IoT devices such as EV chargers because, in large numbers, they can abruptly change the electricity consumption in the power grid. These attacks are called Manipulation of Demand via IoT (MaDIoT) attacks. Previous research has shown that the existing power grid protection mechanisms prevent any large-scale negative consequences to the grid from MaDIoT attacks. In this paper, we analyze this assumption and show that an intelligent attacker with extra knowledge about the power grid and its state, can launch more sophisticated attacks. Rather than attacking all locations at random times, our adversary uses an instability metric that lets the attacker know the specific time and geographical location to activate the high-wattage bots. We call these new attacks MaDIoT 2.0.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

@inproceedings {280016,
author = {Tohid Shekari and Alvaro A. Cardenas and Raheem Beyah},
title = {{MaDIoT} 2.0: Modern {High-Wattage} {IoT} Botnet Attacks and Defenses},
booktitle = {31st USENIX Security Symposium (USENIX Security 22)},
year = {2022},
isbn = {978-1-939133-31-1},
address = {Boston, MA},
pages = {3539--3556},
url = {},
publisher = {USENIX Association},
month = aug

Presentation Video