Vulnerability Studies and Security Postures of IoT Devices: A Smart Home Case Study
Brittany D. Davis, Janelle Mason, Mohd Anwar
Abstract
Internet-of-Things (IoT) technology has revolutionized our daily lives in many ways-whether it is the way we conduct our day-to-day activities inside our home, or the way we control our home environments remotely. Unbeknownst to the users, with the adoption of these “smart home” technologies, their personal space becomes vulnerable to security and privacy attacks. We conducted studies of vulnerabilities and security posture of smart home IoT devices. We started with a literature review on known vulnerability studies of the IoT devices, considering four categories of attacks: 1) physical; 2) network; 3) software; and 4) encryption. We then conducted our own vulnerability experiments that compared security postures between well known and lesser known vendors through misuse and abuse case analysis, followed by a review of coverage in major vulnerability databases. Based on our analysis, the main finding was the need for a stronger focus on the security posture of lesser known vendor devices as they are often less regulated and faceless scrutiny.