Penetration testing IoT devices to discover critical vulnerabilities

Abhigyan Chakraborty; K. C. Akshay

doi:10.1109/ICRAIS62903.2024.10811719

Penetration testing IoT devices to discover critical vulnerabilities

Abhigyan Chakraborty
, K. C. Akshay

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

The proliferation of Internet of Things (IoT) devices has introduced numerous benefits across various domains but also raises significant security concerns. This paper presents a penetration testing study on a Wi-Fi smart bulb to identify critical vulnerabilities. The testing revealed severe susceptibilities to Denial of Service (DoS) attacks, including ICMP flooding, TCP SYN flooding, and UDP flooding, which disrupted the device's functionality. Additionally, a man-in-the-middle attack using ARP spoofing exposed weak encryption practices, specifically the use of TLSv1.2 with a pre-shared key cipher suite lacking Perfect Forward Secrecy (PFS). These findings highlight the urgent need for improved security protocols in IoT devices to ensure their safe and reliable operation.

Original language	English
Title of host publication	2nd IEEE International Conference on Recent Advances in Information Technology for Sustainable Development, ICRAIS 2024 - Proceedings
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	54-59
Number of pages	6
ISBN (Electronic)	9798350354461
DOIs	https://doi.org/10.1109/ICRAIS62903.2024.10811719
Publication status	Published - 2024
Event	2nd IEEE International Conference on Recent Advances in Information Technology for Sustainable Development, ICRAIS 2024 - Manipal, India Duration: 06-11-2024 → 07-11-2024

Publication series

Name	2nd IEEE International Conference on Recent Advances in Information Technology for Sustainable Development, ICRAIS 2024 - Proceedings

Conference

Conference	2nd IEEE International Conference on Recent Advances in Information Technology for Sustainable Development, ICRAIS 2024
Country/Territory	India
City	Manipal
Period	06-11-24 → 07-11-24

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

SDG 7 Affordable and Clean Energy

All Science Journal Classification (ASJC) codes

Computer Vision and Pattern Recognition
Information Systems
Signal Processing
Information Systems and Management
Renewable Energy, Sustainability and the Environment
Media Technology
Health Informatics

Access to Document

10.1109/ICRAIS62903.2024.10811719

Cite this

Chakraborty, A., & Akshay, K. C. (2024). Penetration testing IoT devices to discover critical vulnerabilities. In 2nd IEEE International Conference on Recent Advances in Information Technology for Sustainable Development, ICRAIS 2024 - Proceedings (pp. 54-59). (2nd IEEE International Conference on Recent Advances in Information Technology for Sustainable Development, ICRAIS 2024 - Proceedings). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICRAIS62903.2024.10811719

Chakraborty, Abhigyan ; Akshay, K. C. / Penetration testing IoT devices to discover critical vulnerabilities. 2nd IEEE International Conference on Recent Advances in Information Technology for Sustainable Development, ICRAIS 2024 - Proceedings. Institute of Electrical and Electronics Engineers Inc., 2024. pp. 54-59 (2nd IEEE International Conference on Recent Advances in Information Technology for Sustainable Development, ICRAIS 2024 - Proceedings).

@inproceedings{157ef2de5f6d4b89822e6432b97fa5b2,

title = "Penetration testing IoT devices to discover critical vulnerabilities",

abstract = "The proliferation of Internet of Things (IoT) devices has introduced numerous benefits across various domains but also raises significant security concerns. This paper presents a penetration testing study on a Wi-Fi smart bulb to identify critical vulnerabilities. The testing revealed severe susceptibilities to Denial of Service (DoS) attacks, including ICMP flooding, TCP SYN flooding, and UDP flooding, which disrupted the device's functionality. Additionally, a man-in-the-middle attack using ARP spoofing exposed weak encryption practices, specifically the use of TLSv1.2 with a pre-shared key cipher suite lacking Perfect Forward Secrecy (PFS). These findings highlight the urgent need for improved security protocols in IoT devices to ensure their safe and reliable operation.",

author = "Abhigyan Chakraborty and Akshay, \{K. C.\}",

note = "Publisher Copyright: {\textcopyright} 2024 IEEE.; 2nd IEEE International Conference on Recent Advances in Information Technology for Sustainable Development, ICRAIS 2024 ; Conference date: 06-11-2024 Through 07-11-2024",

year = "2024",

doi = "10.1109/ICRAIS62903.2024.10811719",

language = "English",

series = "2nd IEEE International Conference on Recent Advances in Information Technology for Sustainable Development, ICRAIS 2024 - Proceedings",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "54--59",

booktitle = "2nd IEEE International Conference on Recent Advances in Information Technology for Sustainable Development, ICRAIS 2024 - Proceedings",

address = "United States",

}

Chakraborty, A & Akshay, KC 2024, Penetration testing IoT devices to discover critical vulnerabilities. in 2nd IEEE International Conference on Recent Advances in Information Technology for Sustainable Development, ICRAIS 2024 - Proceedings. 2nd IEEE International Conference on Recent Advances in Information Technology for Sustainable Development, ICRAIS 2024 - Proceedings, Institute of Electrical and Electronics Engineers Inc., pp. 54-59, 2nd IEEE International Conference on Recent Advances in Information Technology for Sustainable Development, ICRAIS 2024, Manipal, India, 06-11-24. https://doi.org/10.1109/ICRAIS62903.2024.10811719

Penetration testing IoT devices to discover critical vulnerabilities. / Chakraborty, Abhigyan; Akshay, K. C.
2nd IEEE International Conference on Recent Advances in Information Technology for Sustainable Development, ICRAIS 2024 - Proceedings. Institute of Electrical and Electronics Engineers Inc., 2024. p. 54-59 (2nd IEEE International Conference on Recent Advances in Information Technology for Sustainable Development, ICRAIS 2024 - Proceedings).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Penetration testing IoT devices to discover critical vulnerabilities

AU - Chakraborty, Abhigyan

AU - Akshay, K. C.

PY - 2024

Y1 - 2024

N2 - The proliferation of Internet of Things (IoT) devices has introduced numerous benefits across various domains but also raises significant security concerns. This paper presents a penetration testing study on a Wi-Fi smart bulb to identify critical vulnerabilities. The testing revealed severe susceptibilities to Denial of Service (DoS) attacks, including ICMP flooding, TCP SYN flooding, and UDP flooding, which disrupted the device's functionality. Additionally, a man-in-the-middle attack using ARP spoofing exposed weak encryption practices, specifically the use of TLSv1.2 with a pre-shared key cipher suite lacking Perfect Forward Secrecy (PFS). These findings highlight the urgent need for improved security protocols in IoT devices to ensure their safe and reliable operation.

AB - The proliferation of Internet of Things (IoT) devices has introduced numerous benefits across various domains but also raises significant security concerns. This paper presents a penetration testing study on a Wi-Fi smart bulb to identify critical vulnerabilities. The testing revealed severe susceptibilities to Denial of Service (DoS) attacks, including ICMP flooding, TCP SYN flooding, and UDP flooding, which disrupted the device's functionality. Additionally, a man-in-the-middle attack using ARP spoofing exposed weak encryption practices, specifically the use of TLSv1.2 with a pre-shared key cipher suite lacking Perfect Forward Secrecy (PFS). These findings highlight the urgent need for improved security protocols in IoT devices to ensure their safe and reliable operation.

UR - https://www.scopus.com/pages/publications/85216772314

UR - https://www.scopus.com/pages/publications/85216772314#tab=citedBy

U2 - 10.1109/ICRAIS62903.2024.10811719

DO - 10.1109/ICRAIS62903.2024.10811719

M3 - Conference contribution

AN - SCOPUS:85216772314

T3 - 2nd IEEE International Conference on Recent Advances in Information Technology for Sustainable Development, ICRAIS 2024 - Proceedings

SP - 54

EP - 59

BT - 2nd IEEE International Conference on Recent Advances in Information Technology for Sustainable Development, ICRAIS 2024 - Proceedings

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 2nd IEEE International Conference on Recent Advances in Information Technology for Sustainable Development, ICRAIS 2024

Y2 - 6 November 2024 through 7 November 2024

ER -

Chakraborty A, Akshay KC. Penetration testing IoT devices to discover critical vulnerabilities. In 2nd IEEE International Conference on Recent Advances in Information Technology for Sustainable Development, ICRAIS 2024 - Proceedings. Institute of Electrical and Electronics Engineers Inc. 2024. p. 54-59. (2nd IEEE International Conference on Recent Advances in Information Technology for Sustainable Development, ICRAIS 2024 - Proceedings). doi: 10.1109/ICRAIS62903.2024.10811719

Penetration testing IoT devices to discover critical vulnerabilities

Abstract

Publication series

Conference

UN SDGs

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this