Vulnerability Assessment and Penetration Testing (VAPT) of IoT Aided Home Automation System Using Google Home and Sinric Pro Application
摘要
The Internet of Things (IoT) has witnessed rapid proliferation across various domains, offering unparalleled convenience and automation. However, this widespread adoption also introduces significant security vulnerabilities. This research paper aims to address these vulnerabilities through a comprehensive vulnerability assessment and penetration testing (VAPT) approach. By identifying, analyzing, and mitigating security weaknesses in IoT devices, once can contribute to the ongoing efforts to enhance IoT security and protect against cyber threats. In an increasingly connected world, where everyday objects are transformed into intelligent devices, IoT security is paramount. Despite its transformative potential, the IoT landscape is riddled with security challenges, potentially leaving users and organizations exposed to data breaches, unauthorized access, and other malicious activities. Vulnerabilities in IoT devices can have severe consequences, ranging from privacy breaches to operational disruptions. This paper covers how a VAPT was performed using free tools and technologies to achieve the aim of the research. The researchers were able to identify different vulnerabilities which the system is prone to, namely; Denial of Service Attack (DoS), Man-in-the-Middle Attack (MitM), DHCP Starvation Attack, TCP SYN Flood Vulnerability, and Open Port vulnerability. However, all these vulnerabilities identified, proper measures and procedures to securing the system were made for end users and major marketers who employed the use of Sinric Pro Application. The findings and recommendations in this paper serve as a call to action for IoT device manufacturers, security professionals, and end-users to collectively strengthen the security posture of IoT devices. The ultimate goal is to ensure the safe and secure adoption of IoT technology and the protection of sensitive data in a connected world. We hope that this research will inspire further study, collaboration, and the development of robust IoT security measures.