Automated Penetration Testing Framework for Smart-Home-Based IoT Devices

Rohit Akhilesh, Oliver Bills, Naveen Chilamkurti and Mohammad Jabed Morshed Chowdhury ()
Additional contact information
Rohit Akhilesh: Department of Cybersecurity, School of Engineering and Computer Sciences, University of Southampton, University Road, Southampton SO17 1BJ, UK
Oliver Bills: Department of Cybersecurity, School of Engineering and Computer Sciences, University of Southampton, University Road, Southampton SO17 1BJ, UK
Naveen Chilamkurti: Department of Computer Science and Engineering, La Trobe University, Bundoora VIC 3086, Australia
Mohammad Jabed Morshed Chowdhury: Department of Computer Science and Engineering, La Trobe University, Bundoora VIC 3086, Australia

Future Internet, 2022, vol. 14, issue 10, 1-18

Abstract: Security testing is fundamental to identifying security vulnerabilities on smart home-based IoT devices. For this, penetration testing is the most prominent and effective solution. However, testing the IoT manually is cumbersome and time-consuming. In addition, penetration testing requires a deep knowledge of the possible attacks and the available hacking tools. Therefore, this study emphasises building an automated penetration testing framework to discover the most common vulnerabilities in smart home-based IoT devices. This research involves exploring (studying) different IoT devices to select five devices for testing. Then, the common vulnerabilities for the five selected smart home-based IoT devices are examined, and the corresponding penetration testing tools required for the detection of these vulnerabilities are identified. The top five vulnerabilities are identified from the most common vulnerabilities, and accordingly, the corresponding tools for these vulnerabilities are discovered. These tools are combined using a script which is then implemented into a framework written in Python 3.6. The selected IoT devices are tested individually for known vulnerabilities using the proposed framework. For each vulnerability discovered in the device, the Common Vulnerability Scoring System (CVSS) Base score is calculated and the summation of these scores is taken to calculate the total score (for each device). In our experiment, we found that the Tp-Link Smart Bulb and the Tp-Link Smart Camera had the highest score and were the most vulnerable and the Google Home Mini had the least score and was the most secure device of all the devices. Finally, we conclude that our framework does not require technical expertise and thus can be used by common people. This will help improve the field of IoT security and ensure the security of smart homes to build a safe and secure future.

Keywords: internet of things (IoT); penetration testing (PT); smart home; IoT devices; Common Vulnerability Scoring System (CVSS) (search for similar items in EconPapers)
JEL-codes: O3 (search for similar items in EconPapers)
Date: 2022
References: View references in EconPapers View complete reference list from CitEc
Citations:

Downloads: (external link)
https://www.mdpi.com/1999-5903/14/10/276/pdf (application/pdf)
https://www.mdpi.com/1999-5903/14/10/276/ (text/html)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:gam:jftint:v:14:y:2022:i:10:p:276-:d:926050

Access Statistics for this article

Future Internet is currently edited by Ms. Grace You

More articles in Future Internet from MDPI
Bibliographic data for series maintained by MDPI Indexing Manager ().