Authors:
Kevin Nordnes
1
;
Jia-Chun Lin
2
;
Ming-Chang Lee
2
and
Victor Chang
3
Affiliations:
1
Mnemonic AS, Oslo, Norway
;
2
Department of Information Security and Communication Technology, Norwegian University of Science and Technology (NTNU), Gjøvik, Norway
;
3
Department of Operations and Information Management, Aston Business School, Aston University, Birmingham, U.K.
Keyword(s):
IoT, Smart Homes, Penetration Testing, Security Testing, Vulnerability Identification, Network Scanning.
Abstract:
As the prevalence of Internet of things (IoT) continues to increase, there is a corresponding escalation in security concerns. Given that many IoT devices lack robust security features, the need for specialized security testing tools has become evident. In this paper, we introduce an open-source automated penetration testing tool named IoTective for smart home environments in response to the increasing security concerns surrounding IoT devices. IoTective aims to discover devices in Wi-Fi, Bluetooth, and Zigbee networks, identify vulnerabilities, and gather valuable information for further analysis. IoTective streamlines the initial stages of reconnaissance, planning, and scanning, which provides a good support for a variety of devices and protocols common used in smart home environments. With a focus on ease of use and flexibility, the tool provides an intuitive user interface and customizable scanning capabilities. We evaluated the effectiveness of IoTective and explored the impact
on overall security posture. Ethical considerations for automated penetration testing are also discussed.
(More)