Security of SOHO IoT devices

The proliferation of IoT(Internet of Things) devices capable of automating our homes raises significant cybersecurity issues, particularly for product categories where compliance for privacy is essential, such as IP cameras. This thesis explores IoT security, starting with an in-depth analysis of already discovered vulnerabilities providing a comprehensive understanding of the current state of the art. This research reveals a significant security flaw in the communication protocol between applications and IP camera devices of a popular brand; the approaches used to find the flaw were inspired by the processes used by security researchers to discover vulnerabilities. After discovering the vulnerability, the study investigates its potential exploitation and successfully demonstrates the feasibility of such attacks. A detailed exploration of this vulnerability includes a proof-of-concept (POC) that showcases the extraction of video feeds from a camera without prior knowledge of credentials. This demonstrates the seriousness of the identified weakness, demonstrating potential real-world consequences for end-users and system integrity. In addition, the proof of concept was integrated into a Wi-Fi probe used for lawful interception. A dedicated module has been developed to execute the attack, with the aim of extracting video feed, useful for investigative purposes. In conclusion, this thesis highlights the importance of informed consumer choice in selecting the most secure IoT devices for integration into everyday life, thereby ensuring digital security and privacy.