Abstract
The rapid advance of Internet of Things (IoT) and its immersion in every domain brought into attention, besides many of its technical, social, and economic advantages, a panoply of security vulnerabilities and attack vectors that threaten IoT interconnected devices. IoT devices face many security issues such as weak authentication, insufficient encryption, deficient device management, insecure interfaces, inadequate physical security, lack of standardization, privacy concerns, insecure networks, resource constraints, and non-compliance with security standards. This highlights the pressing need for comprehensive security measures that currently seem insufficient to address the evolving landscape of threats in the dynamic IoT ecosystem. This paper conducts a security evaluation of a physical IoT device through the penetration testing methodology. It then focuses on a known vulnerability from the Common Vulnerabilities and Exposures (CVE) database. It presents the execution of a brute force attack to uncover credentials and the device’s buffer overflow vulnerability to cause a denial of service (DoS) on the device’s server. Employing a hands-on approach, the research emphasizes the practical execution of these exploitation scenarios providing a step-by-step guide on how they were performed. Lastly, it delves into the development of a proof of concept (PoC) application created to automate the process of firmware analysis and running the buffer overflow exploit for this particular use case.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Singh, J., Singh, G., Negi, S.: Evaluating security principals and technologies to overcome security threats in IoT world. In: 2023 2nd International Conference on Applied Artificial Intelligence and Computing (2023). https://doi.org/10.1109/ICAAIC56838.2023.10141083
Tariq, U., Ahmed, I., Bashir, A.K., Shaukat, K.: A critical cybersecurity analysis and future research directions for the internet of things: a comprehensive review. Sensors (Basel) (2023). https://doi.org/10.3390/s23084117
Schiller, E., Aidoo, A., Fuhrer, J., Stahl, J., Ziorjen, M., Stiller, B.: Landscape of IoT security. Comput. Sci. Rev. 44 (2022). https://doi.org/10.1016/j.cosrev.2022.100467
Zenarmor: Cyber security solutions on IoT security (2023). https://www.zenarmor.com/docs/what-is-iot-security. Accessed 07 Nov 2023
Srhir, A., Mazri, T., Benbrahim, M.: Security in the IoT: state of the art, issues, solutions, and challenges. Int. J. Adv. Comput. Sci. Appl. 14(5) (2023). https://doi.org/10.14569/IJACSA.2023.0140507
Weigong, L.V., Meng, F., Zhang, C., Yuefei, L.V., Cao, N., Jiang, J.: A general architecture of IoT System. In: IEEE International Conference on Computational Science and Engineering and IEEE International Conference on Embedded and Ubiquitous Computing, Guangzhou, China, pp. 659–664 (2017). https://doi.org/10.1109/CSE-EUC.2017.124
Bouaouad, A.-E., Cherradi, A., Assoul S., Souissi, N.: The key layers of IoT architecture. In: 5th International Conference on Cloud Computing and Artificial Intelligence: Technologies and Applications (CloudTech) (2020). https://doi.org/10.1109/CloudTech49835.2020.9365919
Krishna, A., Priyadarshini, R.R., Jha, A.V., Appasani, B., Srinivasulu A., Bizon, N.: State-of-the-art review on IoT threats and attacks: taxonomy, challenges and solutions. Efficiency and Sustainability of the Distributed Renewable Hybrid Power Systems Based on the Energy Internet, Blockchain Technology and Smart Contracts-Volume II (2021). https://doi.org/10.3390/su13169463
National Institute of Standards and Technology (NIST): National Vulnerability Database. https://nvd.nist.gov/vuln/detail/CVE-2017-17020. Accessed 15 Nov 2023
D-Link: DCS-5009L Pan & Tilt WiFi Camera. https://eu.dlink.com/uk/en/products/dcs-5009l-pan-tilt-wifi-camera. Accessed 29 Oct 2023
Wikipedia Contributors: Wikipedia List of HTTP Status Codes. https://en.wikipedia.org/wiki/List_of_HTTP_status_codes. Accessed 25 Nov 2023
Neskey, C.: Hive Systems Cybersecurity Solutions. https://www.hivesystems.io/password. Accessed 1 Nov 2023
Linux Kernel End-of-Life. https://endoflife.date/linux. Accessed 5 Jan 2024
Tacnetsol: D-Link exploit Python scripts. https://github.com/tacnetsol/CVE-2019-10999. Accessed 15 Nov 2023.https://nvd.nist.gov/vuln/detail/CVE-2017-17020
Acknowledgment
The research leading to these results has been partially supported by the NO Grants 2014-2021, under Project contract no. 42/2021, RO-NO-2019-0499 - “A Massive MIMO Enabled IoT Platform with Networking Slicing for Beyond 5G IoV/V2X and Maritime Services” - SOLID-B5G.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Cîmpean, D.A., Vochin, MC., Crăciunescu, RE., Drăgulinescu, AMC., Boicescu, L. (2024). Security Assessment of an Internet of Things Device. In: Rocha, Á., Adeli, H., Dzemyda, G., Moreira, F., Poniszewska-Marańda, A. (eds) Good Practices and New Perspectives in Information Systems and Technologies. WorldCIST 2024. Lecture Notes in Networks and Systems, vol 989. Springer, Cham. https://doi.org/10.1007/978-3-031-60227-6_26
Download citation
DOI: https://doi.org/10.1007/978-3-031-60227-6_26
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-60226-9
Online ISBN: 978-3-031-60227-6
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)