Adagio For The Internet Of Things : IoT penetration testing and security analysis of a smart plug

Sammanfattning: The emergence of the Internet of Things (IoT) shows us that more and more devices will be connected to the internet for all types of different purposes. One of those devices, the smart plug, have been rapidly deployed because of the ease it brings users into achieving home automation by turning their previous dumb devices smart by giving them the means of controlling the devices remotely. These IoT devices that gives the user control could however poseserious security problems if their vulnerabilities were not care fully investigated and analyzed before we blindly integrate them into our everyday life. In this paper, we do a threat model and subsequent penetration testing on a smart plug system made by particular brand by exploiting its singular communication protocol and we successfully launch five attacks: a replay attack, a MCU tampering attack, a firmware attack, a sniffing attack, and a denial-of-service attack. Our results show that we can hijack the device or obtain the authentication credentials from the users by performing these attacks. We also present guidelines for securing the IoT device.