On the assessment of Denial of Service vulnerabilities affecting smart home systems

• Main Authors: Andersson, Sebastian, Josefsson, Oliver
• Format: Others
• Language: English
• Published: Malmö universitet, Fakulteten för teknik och samhälle (TS) 2019
• Subjects: Internet of Things (IoT); IoT; IoT Vulnerability; Vulnerability Testing; OpenVAS; Availability; Denial of Service; Smart Home; Engineering and Technology; Teknik och teknologier
• Online Access: http://urn.kb.se/resolve?urn=urn:nbn:se:mau:diva-20717

IoT is an abbreviation of the term Internet of Things. The term describes everydayitems such as light bulbs that are connected to the Internet. IoT is a field that isgrowing very quickly with some researchers and industry leaders predicting thatthere will be up to 200 billion connected IoT devices in the world by 2020. Many IoTdevices are developed by smaller companies looking to capitalize on a specific needin the market. Because of this, the companies may favor launching a product as fastas possible which could mean that the devices may have not been adequately testedfor different vulnerabilities.The IoT and Smart Home market is currently experiencing rapid growth and all signspoint towards that continuing in the future. This thesis focuses on testing forvulnerabilities to Denial of Service attacks in common-off-the-shelf IoT devices thatcan be found in a smart home environment. The purpose of this thesis is to createmore knowledge about the vulnerabilities that can be found in Internet connecteddevices that are used daily.This thesis includes experiments using OpenVAS, which is a vulnerability scannerdeveloped by Greenbone Security used to test for vulnerabilities to Denial of Serviceattacks in IoT devices. The devices that are tested are Sony PlayStation 4, IKEATrådfri Smart Lighting, Google Chromecast (First Generation), Apple TV (ThirdGeneration) and D-Link DCS-930LB Wi-Fi IP-Camera. The firmware/software of allthe devices are updated as of April of 2019.The results of the conducted experiments show that all the tested devices besidesChromecast and IKEA Trådfri had vulnerabilities to Denial of Service attacks.PlayStation 4 was the device with the highest amount of vulnerabilities (9) and thevulnerability with highest possible severity (10.0). The effects of a Denial of Serviceattack range from an annoyance, when a gaming console is unavailable, to a securityrisk when an IP camera can be temporarily disabled.