Threat Modeling and Penetration Testing of a Yanzi IoT-system : A Survey on the Security of the system’s RF communication

Sammanfattning: Internet of Thing (IoT) products have in recent years become increasingly popular with both industries and private consumers, and it has been forecasted that the number of connected devices around the world will be roughly 14 billion in the year 2022. One particular field that the booming of IoT solutions continues to create endless possibilities for is smart offices. Several different devices are connected in an office environment to create a better workplace and enable a better, faster and smarter working approach. However, while there are several advantages with IoTs, they have also introduced new security threats that can not be overlooked. In this thesis, the security of a smart office system designed by Yanzi is examined. The system consists of a gateway, 34 sensors and a cloud service embedded as a SaaS. The security analysis was performed in three steps: planning, penetration testing and reporting. Radio frequency (RF) hacking against the systems RF communication was the main focus of the work. Due to some technical issues, not all selected attacks were possible to perform. Out of three that were possible to perform, one of them revealed a security flaw. Different countermeasures for the found flaw were proposed.