Politecnico di Torino (logo)

Security of SOHO IoT devices

Giacomo Demattia

Security of SOHO IoT devices.

Rel. Fulvio Giovanni Ottavio Risso, Antonio Lotito. Politecnico di Torino, UNSPECIFIED, 2024


The proliferation of IoT(Internet of Things) devices capable of automating our homes raises significant cybersecurity issues, particularly for product categories where compliance for privacy is essential, such as IP cameras. This thesis explores IoT security, starting with an in-depth analysis of already discovered vulnerabilities providing a comprehensive understanding of the current state of the art. This research reveals a significant security flaw in the communication protocol between applications and IP camera devices of a popular brand; the approaches used to find the flaw were inspired by the processes used by security researchers to discover vulnerabilities. After discovering the vulnerability, the study investigates its potential exploitation and successfully demonstrates the feasibility of such attacks. A detailed exploration of this vulnerability includes a proof-of-concept (POC) that showcases the extraction of video feeds from a camera without prior knowledge of credentials. This demonstrates the seriousness of the identified weakness, demonstrating potential real-world consequences for end-users and system integrity. In addition, the proof of concept was integrated into a Wi-Fi probe used for lawful interception. A dedicated module has been developed to execute the attack, with the aim of extracting video feed, useful for investigative purposes. In conclusion, this thesis highlights the importance of informed consumer choice in selecting the most secure IoT devices for integration into everyday life, thereby ensuring digital security and privacy.

Relators: Fulvio Giovanni Ottavio Risso, Antonio Lotito
Academic year: 2023/24
Publication type: Electronic
Number of Pages: 97
Additional Information: Tesi secretata. Fulltext non presente
Corso di laurea: UNSPECIFIED
Classe di laurea: New organization > Master science > LM-32 - COMPUTER SYSTEMS ENGINEERING
Aziende collaboratrici: RCS E T M SICUREZZA SPA
URI: http://webthesis.biblio.polito.it/id/eprint/31123
Modify record (reserved for operators) Modify record (reserved for operators)