Global ETD Search

51	Hacking Into Someone’s Home using Radio Waves : Ethical Hacking of Securitas’ Alarm System / Hacka in i Någons Hem med hjälp av Radiovågor : Etiskt Hackning av Securitas Hemlarmsystem Lindeberg, Axel January 2021 (has links) The number of IoT systems in our homes has exploded in recent years. By 2025 it is expected that the number of IoT devices will reach 38 billion. Home alarm systems are an IoT product that has increased dramatically in number and complexity in recent years. Besides triggering an alarm when an intruder tries to break in, a modern system can now control your light bulbs, lock and unlock your front door remotely, and interact with your smart speaker. They are undeniably effective in deterring physical intrusion. However, given the recent rise in complexity how well do they hold up against cyber attacks? In this thesis, a smart home alarm system from SecuritasHome is examined. A comprehensive security analysis was performed using penetration testing techniques and threat modeling. The work focused mainly on radio frequency (RF) hacking against the systems RF communication. Among other things, a critical vulnerability was found in the proprietary RF protocol, allowing an attacker to disarm an armed system and thus completely bypass the system’s functionality. The security of the system was deemed to be lacking. / Antalet IoT system i våra hem har exploderat de senaste åren. Vid år 2025 förväntas antalet IoT enheter nå 38 miljarder. Hemlarmsystem är en typ av IoT-produkt som ökat dramatiskt i komplexitet på senare tid. Förutom att framkalla ett larm vid ett intrång kan ett modernt hemlamsystem numera kontrollera dina glödlampor, låsa och låsa upp din ytterdörr, samt kontrollera dina övervakningskameror. De är utan tvekan effektiva på att förhindra fysiska intrång, men hur väl står de emot cyberattacker? I denna uppsats undersöks ett hemlarmsystem från SecuritasHome. En utförlig säkerhetsanalys gjordes av systemet med penetrationstestnings-metodiker och hotmodellering. Arbetet fokuserade mestadels på radiovågshackning (RF) mot systemets RF-kommunikation. Bland annat hittades en kritiskt sårbarhet i systemets RF-protokoll som gör det möjligt för en angripare att avlarma ett larmat system, och därmed kringå hela systemets funktionalitet. Säkerheten av systemet bedömdes vara bristfällig. penetration testing threat modeling IoT computer security home alarm system penetrationstestning hotmodellering IoT datasäkerhet hemlarmsystem Computer Sciences Datavetenskap (datalogi)
52	Where’s My Car? Ethical Hacking of a Smart Garage / Var är min bil? Etisk hackning av ett smart garage Berner, Madeleine January 2020 (has links) IoT products are breaking new ground into widespread industries and introducing potential attack vectors to unprepared environments. Even the new generation of garage openers, called smart garages, have entered into the world of IoT. They are connected to the Internet, and are delivered with the goal of providing more security by merging features from the home surveillance boom. But do they keep what they promise? This thesis has evaluated the security of one particular smart garage that is being sold worldwide – iSmartgate PRO. Penetration testing was conducted with focus on the web application. A total of eleven vulnerabilities were reported, including a one-click-root attack that combined three of them into providing an unauthenticated remote attacker with a root shell. It was concluded that the product lacked security measures in certain areas. / IoT-produkter bryter ny mark inom spridda branscher, och introducerar potentiella attackvektorer i oförberedda miljöer. Det är inte förvånande att till och med den nya generationen garageöppnare har tagit ett kliv in i världen av IoT. Vilket innebär att garageöppnarna är uppkopplade till Internet, kallas för smarta garage och levereras med målet att bidra till ökad säkerhet med sina nya funktioner tagna från trenden av hemmaövervakning. Men kan de hålla vad de lovar? Det här examensarbetet har utvärderat säkerheten av ett utvalt smart garage som säljs världen över – iSmartgate PRO. Penetrationstestning genomfördes med fokus på webbapplikationen. Totalt sett rapporterades elva sårbarheter, varav en inkluderade en one-click-root-attack som kombinerade tre sårbarheter till att ge en icke autentisierad fjärrangripare ett root-skal. Den dragna slutsatsen var att produkten hade utrymme för att förbättra säkerheten. security smart garage penetration testing IoT threat modeling säkerhet smart garage penerationstestning IoT hotmodellering Computer Sciences Datavetenskap (datalogi)
53	IoT Pentesting: Obtaining the Firmware of a Smart Lock Borg, Alexander, Francke, Carl Aston January 2020 (has links) Consumer Internet of Things (IoT) has become increasingly popular over the past years and continues to grow with virtual assistants, wearable devices and smart home appliances. Within the consumer IoT market, smart locks have gained popularity. Smart locks offer the consumers a convenient way of handling keys and access to their home. Enabling your front door to be controlled over the internet however, introduces new possibilities for an adversary to brake in. Therefore, the integrity and authenticity of the product must be ensured. This thesis covers a security assessment of a smart lock, focusing on the firmware of the embedded devices as the main assets. Potential threats against obtaining and abusing the firmware are identified by threat modeling. Based on the identified threats, penetration tests are conducted to demonstrate the security of the firmware. The results show that the firmware could not be obtained and that the product constitutes a good example within consumer IoT for how to manage the firmware of embedded devices. / Sakernas internet (IoT) har blivit allt mer populärart under de senaste åren och fortsätter att växa med produkter som virtuella assistenter, bärbara enheter och smarta hushållsapparater. Inom marknaden för IoT-produkter riktat mot konsumenter har smarta lås blivit vanligare. Smarta lås erbjuder konsumenter ett bekvämt sätt att hantera nycklar och tillgång till sina hem. Genom att göra det möjligt att styra ytterdörren via internet introduceras dock nya möjligheter för en attackerare att bryta sig in. Därför måste intergriteten och autenticiteten av produkten säkerställas. Den här examensarbetet omfattar en säkerhetsbedömning av ett smart lås, med fokus på firmware för de inbyggda systemen som huvudtillgångar. Potentiella hot mot att få tag på och missbruka firmware identifieras genom hotmodellering. Baserat på de identifierade hoten genomförs penetrationstester för att utvärdera säkerheten för firmware. Resultaten visar att firmware inte kunde erhållas och att produkten utgör ett bra exempel inom IoT-produkter riktat mot konsumenter för hur man hanterar firmware för inbyggda system. Internet of Things Penetration testing Threat modelling Firmware Hardware Sakernas internet Penetrationstesting Hotmodellering Firmware Hårdvara Computer and Information Sciences Data- och informationsvetenskap
54	Finding vulnerabilities in connected devices Qvick, Matilda, Harnesk, Saga January 2022 (has links) This thesis covers the security testing of a system with connected devices. In a world with an ever-growing number of connected devices, it is crucial to be mindful of the consequences unprotected systems can cause. The thesis aim to shine light on the issues of not having sufficient security measures in place. The test target was a system with a battery charger, gateway and cloud service. The testing was done with two different approaches, penetration testing and threat modelling, covering different parts of the system. Only a small fraction of the system was exploited in the report and overall the security was deemed to be alright. The main vulnerabilities found were that the username and password were found unencrypted when attempting to log into the gateway. The traffic between the battery charger and the gateway was also unencrypted and possibly vulnerable to replay attacks. For evaluation of the penetration testing and threat modelling there were found to be advantages and disadvantages to both methods. For a thoroughly analysis of the methods it would have needed further investigation. The system itself has potential for valuable findings with further investigations as well. / Denna rapport inkluderar säkerhetstestning av ett system med uppkopplade enheter. Antalet uppkopplade enheter (Sakernas Internet) runt om i världen fortsätter att växa med hög hastighet. Det är av stor vikt att se till att enheterna i dessa system har de säkerhetsåtgärder som krävs. Att belysa detta problem är ett utav målen med denna rapport. I rapporten testas ett batteriladdarsystem med tillhörande gateway och cloud-tjänst. Testen utfördes med två olika metoder, penetrationstest och hotmodellering, uppdelat på två olika delar av systemet. På grund av de begränsningar som fanns kunde endast en liten del av systemet testas och exploateras. Till största del ansågs säkerheten vara okej. De främsta sårbarheterna som hittades var bland annat okrypterade användarnamn och lösenord vid försök att logga in på gatewayen. All traffik mellan batteriladdaren och gatewayen var orkypterad och med stor risk för att inte kunna stå emot en replayattack. Utvärdering av de två metoderna som användes konstaterades för och nackdelar med båda metoderna. För att kunna göra en ordentlig jämförelse av metoderna skulle det behövas en djupare undersökning. Det finns även stort värde i en vidare undersökning av systemet. Penetration Testing Threat Modelling Connected Devices Vulnerabilities Hardware Security Penetrationstestning Hotmodellering Uppkopplade Enheter Sårbarheter Hårdvarusäkerhet Computer and Information Sciences Data- och informationsvetenskap
55	Hacking and Evaluating the Cybersecurity of an Internet Connected 3D Printer Backlund, Linus, Ridderström, Linnéa January 2021 (has links) Over the last few years, internet-connectivity hascome to be an expected feature of professional 3D printers.Connectivity does however come at a cost concerning the securityof the device. This project aimed to evaluate the cybersecurityof the Ultimaker S5 3D printer. The system was tested for themost likely and severe vulnerabilities based upon a threat modelmade on the product. The results show that the system’s localwebapplication is vulnerable to some common web-attacks thatallow the attacker to perform actions on the victims printer. / De senaste åren har internetuppkoppling blivit en självklar funktion hos professionella 3D skrivare. Upp-koppling kommer dock ofta på bekostnad av enhetens säkerhet. Detta projekt syftade till att utvärdera cybersäkerheten hos 3D skrivaren Ultimaker S5. En hotmodell gjordes och systemet penetrationstestades baserat på denna. Resultaten visar att enhetens lokala webbapplikationen är sårbar för några vanliga web-attcker som låter attackeraren exekvera oönskade funktioner på offrets skrivare. / Kandidatexjobb i elektroteknik 2021, KTH, Stockholm Cybersecurity Offensive Security Penetration Testing Hacking Internet of Things 3D printer Elektroteknik och elektronik
56	IoT Security Assessment of a Home Security Camera Hjärne, Nina, Kols, Ida January 2021 (has links) The amount of IoT devices in society is increasing.With this increase there is an inherently higher risk of hackersexploiting the vulnerabilities of such a device, accessing sensitivepersonal information. The objective of this project was to assessthe security level of a home security camera through findingvulnerabilities and exploiting them. The method used for thiswas to analyze the system and its communication, threat modelthe system to identify threats, perform vulnerability analysisand exploit the vulnerabilities through penetration testing. Theattacks on the system did not succeed and the system wasdeclared secure in the vulnerability analysis. From the aspectstested in this project, it can be assumed that safety precautionshave been taken to secure the home security camera frommalicious hackers. / Antalet IoT-produkter i samhället ökar ochmed fler och fler uppkopplade produkter i våra hem ökarrisken att hackare utnyttjar produkters sårbarheter för ondaavsikter, till exempel för att komma åt känslig personlig data.Målet med det här projektet var att hitta sårbarheter i ensäkerhetskamera för hemmet, attackera dem och utifrån resultatetbedöma hur säker produkten är. Detta gjordes genomatt analysera systemet och dess kommunikation, göra en hotmodellför att identifiera hot, genomföra sårbarhetsanalys ochsedan penetrationstesta hoten. Hackningsattackerna misslyckadesoch produkten bedömdes som säker i sårbarhetsanalysen.Utifrån de aspekter som testades i projektet kunde det bedömasatt grundläggande säkerhetsåtgärder vidtagits för att skyddasäkerhetskameran från hackare. / Kandidatexjobb i elektroteknik 2021, KTH, Stockholm security camera cyber security ethical hacking vulnerabilities threats penetration testing IoT privacy Elektroteknik och elektronik
57	Representing attacks in a cyber range / Representation av attacker i en cyber range Hätty, Niklas January 2019 (has links) Trained security experts can be a mitigating factor to sophisticated cyberattacks that aim to violate the confidentiality, integrity, and availability of information. Reproducible sessions in a safe training environment is an effective way of increasing the excellence of security experts. One approach to achieving this is by using cyber ranges, which essentially is a set of hardware nodes that can virtually represent a large organization or system. The Swedish Defense Research Agency (FOI) develops and maintains a fully functioning cyber range and has the ability to automatically deploy sophisticated attacks against organizations and systems represented in this cyber range through a system called SVED. In this thesis, the capability to deploy different types of cyberattacks through SVED against virtual organizations in a cyber range, CRATE, is investigated. This is done by building a dataset of publicly disclosed security incidents from a database and attempting to represent each of them in SVED, and subsequently instantiating these attack representations against organizations in CRATE. The results show that the prevalence of at least one CVE-entry (Common Vulnerabilities and Exposures) in the incident description is a key factor to be able to represent an attack in SVED. When such an entry does exist, SVED is likely able to implement a representation of the attack. However, for certain type of attacks a CVE-entry is not enough to determine how an attack was carried out, which is why some attacks are harder to implement in SVED. This was the case for Denial of Service (DoS) attacks, which are too reliant on infrastructure rather than one or more vulnerabilities, and SQL injections, which are more reliant on the implementation of database access. Finally, CRATE is able to handle almost all attacks implemented in SVED, given that the correct vulnerable application software is installed on at least one machine in one of the organizations in CRATE. it-security cyber range information security penetration testing SVED CRATE cyber range it-säkerhet informationssäkerherhet penetrationstestning SVED CRATE Computer Sciences Datavetenskap (datalogi)
58	Μέθοδοι προστασίας ιστοσελίδων στο διαδίκτυο Μπαλαφούτης, Χρήστος 19 October 2012 (has links) Στην παρούσα διπλωματική εργασία παρουσιάζονται βασικές έννοιες και μέθοδοι για την ασφάλεια ιστοσελίδων και ιδιαίτερα των site με web application προσανατολισμό, χωρίς αυτό να σημαίνει ότι αρκετές τεχνικές προστασίας και σφάλματα που θα εντοπίσουμε δεν μπορούν να συναντηθούν και σε άλλου σκοπού ιστοσελίδες. Αρχικά, γίνεται αναφορά στο τι είναι μια εφαρμογή ιστού (web app) και ποια είναι τα στοιχεία που την αποτελούν. Στη συνέχεια, χρησιμοποιώντας έρευνες, παρουσιάζονται κάποιες από τις πιο “δημοφιλείς” επιθέσεις που γίνονται σε ιστοσελίδες και περιγράφεται πιο διεξοδικά ποια αδύνατα σημεία της δομής των ιστοσελίδων εκμεταλλεύονται. Παράλληλα, γίνεται αναφορά στο πως και με ποια εργαλεία μπορούμε να εντοπίσουμε και να κλείσουμε τα κενά ασφαλείας που τυχόν έχει μία εφαρμογή ιστού. Τέλος, παρουσιάζεται η εφαρμογή που αναπτύχθηκε στα πλαίσια της εργασίας με σκοπό να γίνει επίδειξη συγκεκριμένων επιθέσεων και σφαλμάτων που παρατηρούνται στο διαδίκτυο. / In the following pages basic principals and methods are presented in order to secure websites and web applications. I begin by mentioning what is a web application. Moreover, by using statistics and recent researches from various sources i mention the most common web app attack methods and which vulnerabilities can be found in a web app and how to prevent exploiting, something we can accomplish by using various penetration testing tools. Finally, by using a basic web app some web attacks are shown so that it will become more clear how these attacks work. Ασφάλεια ιστοσελίδων Εφαρμογές ιστού Διαδίκτυο 005.8 Web application security Site attacks Web applications Penetration testing Cross-site scripting (XSS) Cross-site request forgeries (CSRF) SQL injection
59	Obrana proti útokům sociálního inženýrství / Defense against social engineering attacks Škopec, Antonín January 2015 (has links) This theses concerns with social engineering and defense against it. Social engineering attacks represents significant threat for organizations and their information systems, especially because they target weakest link in information systems security, its users. That way attacker can easily bypass even highly sophisticated security system. This theses tries to deal with question, how to effectively secure human factor of information system.
60	Automatizace penetračního testování webových aplikací / Web Application Penetration Testing Automation Dušek, Daniel January 2019 (has links) Tato práce má dva cíle - navrhnout obecně aplikovatelný přístup k penetračnímu testování webových aplikací, který bude využívat pouze nedestruktivních interakcí, a dále pak implementovat nástroj, který se tímto postupem bude řídit. Navrhovaný přístup má tři fáze - v první fázi tester posbírá požadavky pro testovací sezení (včetně požadavků na nedestruktivnost) a připraví si nástroje a postupy, kterých při testování využije, následně začne s průzkumem. V druhé fázi využije dodatečných nástrojů pro zpracování informací z předchozí fáze a pro ověření a odhalení zranitelností. Ve třetí fázi jsou všechny informace překovány ve zprávu o penetračním testování. Implementovaný nástroj je postavený na modulech, které jsou schopny odhalení reflektovaného XSS, serverových miskonfigurací, skrytých adresních parametrů a skrytých zajímavých souborů. V porovnání s komerčním nástrojem Acunetix je implementovaný nástroj srovnatelný v detekci reflektovaného XSS a lepší v detekci skrytých zajímavých souborů. Práce také originálně představuje nástroj pro sledování postranního kanálu Pastebin.com s cílem detekce utíkajících informací.

Search results