polito.it
Politecnico di Torino (logo)

Security of SOHO IoT devices

Giacomo Demattia

Security of SOHO IoT devices.

Rel. Fulvio Giovanni Ottavio Risso, Antonio Lotito. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering), 2024

Abstract:

The proliferation of IoT(Internet of Things) devices capable of automating our homes raises significant cybersecurity issues, particularly for product categories where compliance for privacy is essential, such as IP cameras. This thesis explores IoT security, starting with an in-depth analysis of already discovered vulnerabilities providing a comprehensive understanding of the current state of the art. This research reveals a significant security flaw in the communication protocol between applications and IP camera devices of a popular brand; the approaches used to find the flaw were inspired by the processes used by security researchers to discover vulnerabilities. After discovering the vulnerability, the study investigates its potential exploitation and successfully demonstrates the feasibility of such attacks. A detailed exploration of this vulnerability includes a proof-of-concept (POC) that showcases the extraction of video feeds from a camera without prior knowledge of credentials. This demonstrates the seriousness of the identified weakness, demonstrating potential real-world consequences for end-users and system integrity. In addition, the proof of concept was integrated into a Wi-Fi probe used for lawful interception. A dedicated module has been developed to execute the attack, with the aim of extracting video feed, useful for investigative purposes. In conclusion, this thesis highlights the importance of informed consumer choice in selecting the most secure IoT devices for integration into everyday life, thereby ensuring digital security and privacy.

Relatori: Fulvio Giovanni Ottavio Risso, Antonio Lotito
Anno accademico: 2023/24
Tipo di pubblicazione: Elettronica
Numero di pagine: 97
Informazioni aggiuntive: Tesi secretata. Fulltext non presente
Soggetti:
Corso di laurea: Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering)
Classe di laurea: Nuovo ordinamento > Laurea magistrale > LM-32 - INGEGNERIA INFORMATICA
Aziende collaboratrici: RCS E T M SICUREZZA SPA
URI: http://webthesis.biblio.polito.it/id/eprint/31123
Modifica (riservato agli operatori) Modifica (riservato agli operatori)