Testing IoT Security : A comparison of existing penetration testing frameworks and proposing a generic framework

Sammanfattning: The Internet of Things (IoT) refers to the billions of physical devices linked to the Internet worldwide, integrating into various systems like healthcare, finance, and transportation. However, the rapid market expansion has led to software and hardware security shortcomings, leaving IoT devices vulnerable to cybercriminals. The security can be maintained and evaluated in different ways, nonetheless, this thesis focuses on investigating the process of a penetration test to identify vulnerabilities present in IoT devices. This paper investigates and compares existing penetration testing frameworks and proposes a generic testing framework for IoT. The results show that there is no standardized penetration testing framework to target IoT devices, as there are for networks and the web. By defining IoT-specific testing methodologies, our research shows that common IoT vulnerabilities could be identified and exploited.