Penetration Testing and Security of WeMo The Internet of Things (IoT)

Abstract

The Internet of things (IoT) are smart devices allowing sophisticated industrial tools and general households to perform tasks and control devices using mobile and tablet applications remotely. The information and the data exchanged between users and the smart IoT device is transmitted over the phone application and stored locally or the cloud account provided by the IoT company. The information and the packets travelling betweentheIoT’smaycontain avarietyofsensitiveinformationwhichcanusedormisusedbyonlinehackers and predators ifcaptured; for the above reason a research is conducted on a WeMo Smart Plug device enabling users to connect and control their home devices remotely without human intervention. The motivation for conducting this experiment is to evaluate and demonstrate the level of security with the WeMo device and the weaknesses that may be identified within the experiment that will imply the possibility for an attacker to use these vulnerabilities for malicious intent, and to take advantage of the shortcomings for the attack of their system through the exploitation of the system and gaining access to controlling the device locally or remotely. The aim of the following research is to discover IoT devices on the target network and conduct the penetration test, capture and monitor the packet behaviour and find a solution to secure the device and the network. The results suggest that the WeMo Smart Plug is vulnerable to the attacks conducted for this experiment and the device can simply exploit by the attacker. All the activates and communication between the user and the WeMo device were monitored and tracked successfully. Using the DoS attack can simply interrupt the service on WeMo or shut down the entire device. Another downside of the WeMo smart plug was just by tweaking the XML file, it is possible to turn the Smart Plug ON or OFF.