Saudi Cultural Missions Theses & Dissertations

Permanent URI for this communityhttps://drepo.sdl.edu.sa/handle/20.500.14154/10

Browse

Filters

20231

Settings

Author: search.filters.author.Alqarni, Abdullah Ibrahim ASubject: search.filters.subject.IoT Security

Search Results

Now showing 1 - 1 of 1
  • Thumbnail Image
    ItemRestricted
    Internet Of Things Security
    (Cardiff University, 2023-09-10) Alqarni, Abdullah Ibrahim A; Theodorakopoulos, George; Hood, Andrew
    This project sought to examine the security of the TP-Link KP105 smart plug, an Internet of Things (IoT) device. In the IoT realm, where numerous devices are interconnected and constantly communicating, ensuring security is crucial, and the goal was thus to identify and evaluate any potential vulnerabilities in the smart plug as part of an effort to enhance the overall safety of IoT devices. The project thus adopted a methodical approach, conducting a comprehensive penetration test on the smart plug using the Penetration Testing Execution Standard (PTES) as a guiding framework. Initially, an understanding the intricacies of IoT security was thus developed, based on the author studying various penetration testing methodologies, and gaining ands-on experience with a wide array of suitable tools including, though not limited to, Metasploit, LOIC, hping3, and Aireplay-ng. Penetration testing was carried out using the Kali Linux operating system, which is renowned for its extensive suite of pre-installed security tools. The full process involved the capture and analysis of network traffic both to and from the smart plug by means of Wireshark, followed by the implementation of the TP-Link Smart Home Protocol Wireshark Dissector to enable the decryption of local network communication between the TP-Link Smart Home Devices and the Kasa Smart Home App. The EXPLIoT framework and the tplink_smartplug.py script were then leveraged to dispatch commands, facilitating manipulation of the plug's operations. By dong this, the project identified a series of significant vulnerabilities, including weak points across all of the areas of encryption, protocol authentication, binary protections, and physical security. Post-exploitation scenarios were also explored to develop understanding of the potential consequences of exploitation of the identified vulnerabilities. If an attacker were to gain physical access to the smart plug, they could reset, reboot, or even steal the device, while the lack of binary protections could open the door for reverse engineering of the smart plug software, leading to the discovery of additional vulnerabilities or even the creation of custom firmware with malicious functions. Furthermore, breaking XOR encryption could potentially enable an attacker to read and manipulate the traffic between the smart plug and the control app, while the absence of authentication, coupled with the use of open ports and a known MAC address, also pose significant network threats. The results of this study thus highlight the crucial need for additional strong security measures in IoT devices. Examining the identified vulnerabilities and potential exploitation scenarios should thus guide the creation of safer IoT devices in the future. This project also reinforces the importance of ongoing learning in the swiftly changing field of cybersecurity, however, and the need for proactive protection of secure interconnected devices in the IoT era.
    19 0

Copyright owned by the Saudi Digital Library (SDL) © 2025