Cristoffer Leite, J. Gondim, P. S. Barreto, Marcos F. Caetano, E. Alchieri
{"title":"Pentest on Internet of Things Devices","authors":"Cristoffer Leite, J. Gondim, P. S. Barreto, Marcos F. Caetano, E. Alchieri","doi":"10.1109/CLEI47609.2019.235111","DOIUrl":null,"url":null,"abstract":"Internet of Things (IoT) is one of the key enabling technologies for an always-connected world and also a main enabler for generating information of interest in various application domains. A growing problem in recent years in this technology is security, as power-constrained devices that are typical of IoT applications may not always provide these implementations properly. These conditions can compromise entire environments and allow malicious agents to take control and perform malicious activities. In this article, we provide a summary of the principal vulnerabilities reported for IoT devices based on the OWASP Internet of Things Project, classified by test routine groups. Using models based on standard architectures to define and detail reproducible verification routines for each test, a selection of independent analyzes of each identified category was performed to ensure more comprehensive and accurate testing. Finally, the proposed routines are performed in a test environment to exemplify and ensure their operation, thus contributing to meeting the demand in the area for more accurate information and to assist in understanding the most common vulnerabilities.","PeriodicalId":216193,"journal":{"name":"2019 XLV Latin American Computing Conference (CLEI)","volume":"76 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 XLV Latin American Computing Conference (CLEI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CLEI47609.2019.235111","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 3
Abstract
Internet of Things (IoT) is one of the key enabling technologies for an always-connected world and also a main enabler for generating information of interest in various application domains. A growing problem in recent years in this technology is security, as power-constrained devices that are typical of IoT applications may not always provide these implementations properly. These conditions can compromise entire environments and allow malicious agents to take control and perform malicious activities. In this article, we provide a summary of the principal vulnerabilities reported for IoT devices based on the OWASP Internet of Things Project, classified by test routine groups. Using models based on standard architectures to define and detail reproducible verification routines for each test, a selection of independent analyzes of each identified category was performed to ensure more comprehensive and accurate testing. Finally, the proposed routines are performed in a test environment to exemplify and ensure their operation, thus contributing to meeting the demand in the area for more accurate information and to assist in understanding the most common vulnerabilities.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
