Presentation av examensarbete för högskoleingenjörsexamen
| Titel: | IoT Pentesting: Obtaining the Firmware of a Smart Lock |
| Respondent: | Carl Aston Francke och Alexander Borg, cafra@kth.se, alborg@kth.se |
| Dag, Datum och Tid: | Onsdag 2020-06-10 kl 0900-1000 i Zoom, se länk |
| Plats: | För plats och tid kontakta respondenterna ovan. |
| Opponenter: | (max 3 st), kontakta respondenter för opponering på rapport. |
| Examinator: | Mathias Ekstedt, handledare: Pontus Johnson |
| Språk: | Muntligt på svenska, frågor kan ställas på engelska |
| Anmälan: | Anmälan för lyssnarnärvaro behövs ej för besökare. |
Abstract
Consumer Internet of Things (IoT) has become increasingly popular over the past years and continues to grow with virtual assistants, wearable devices and smart home appliances. Within the consumer IoT market, smart locks have
gained popularity.
Smart locks offer the consumers a convenient way of handling keys and access to their home. Enabling your front door to be controlled over the internet however, introduces new possibilities for an adversary to brake in. Therefore, the integrity and authenticity of the product must be ensured.
This thesis covers a security assessment of a smart lock, focusing on the firmware of the embedded devices as the main assets. Potential threats against obtaining and abusing the firmware are identified by threat modeling. Based on the identified threats, penetration tests are conducted to demonstrate the security of the firmware.
The results show that the firmware could not be obtained and that the product
constitutes a good example within consumer IoT for how to manage the
firmware of embedded devices.
Keywords
Internet of Things, Penetration testing, Threat modelling, Firmware, Hardware