Vulnerability assessment of Iot devices

This thesis presents a comprehensive vulnerability assessment of Internet of Things (IoT) devices, structured into both theoretical and practical analyses. In the initial phase, an extensive theoretical study is conducted focusing on the intrinsic architecture of IoT devices, firmware analysis and the exploration of known vulnerabilities. This foundational work establishes the necessary background to understand the security challenges inherent in these systems. Subsequently, the thesis shifts to a practical examination of the communication protocols employed by IoT devices such as Tapo cameras and smart plugs, Shelly, and Sonoff switches, focusing on how these devices interconnect within the same network and communicate with their respective servers. Detailed investigations were carried out on the encryption methods and other security mechanisms in place, identifying potential weaknesses. Custom-developed scripts were utilized to exploit medium severity vulnerabilities. Following this, the results coming from the previous research activities have been exploited in many IoT devices. The most interesting results have been collected attacking a Tplink camera and in the communication with its mobile application. Such results redirected the focus of the study. In conclusion tests were conducted to assess the success rate and average duration of the various attacks.