PAN-Analys av IKEA TRÅDFRI. : En fördjupning av säkerhetsrisker kopplade till OTA-uppdateringar inom IKEA TRÅDFRI:s PAN.

Sammanfattning: Purpose – The purpose of this study is to elaborate security risks with OTA updates within TRÅDFRI:s PAN. To ensure that today’s IoT devices maintains a high and robust standard to protect end-user’s integrity. Method – To answer the questions and to provide research-based evidence the study was carried out as a case study and two methods were applied in the study. An initial literature review in which the Zigbee protocol and it´s process for certification as well as OTA updates was studied. The literature review was followed by a qualitative experiment with focus on how IKEA implemented the PAN-security in practice. Findings – The findings show reduced security within the TRÅDFRI:s PAN when a third party device performs the OTA update. The experiments also questions parts of the certificate issued by Zigbee Alliance. Implications - Due to the increasing popularity of IoT devices, requirements are increasing from a data security perspective. The data security perspective is more important than ever and take up significantly more space during the development process as well as during the life cycle. This study discusses the OTA updates impact on integrity as well as how an established IoT company, such as IKEA, has implemented this necessary feature to maintain its products during the products life cycle. Limitations – Data gathered from the experiment was limited to TRÅDFRI E27 LED Bulb and therefore the result cannot be seen as a generalization of all TRÅDFRI products.