With the advancements made in the field of data science, smart IoT devices are be-coming increasingly common. Consequently, this creates an increased number of targets for hackers to potentially exploit. This is a study about ethically hacking a robot vacuum, the Roborock S7, and evaluating the security of the target system. The DREAD and Stride threat models are used in order to find potential exploits. These exploits are then tested on the vacuum. Four tests were done on the system: scan-ning, denial-of-service attack, man-in-the-middle sniffing and man-in-the-middle tampering. The study found that the vacuum is relatively secure against web threats with weaknesses found surrounding its handling of its own network and lack of re-sistance to denial-of-service attacks on the DHCP protocol. / Med de framsteg som sker inom datavetenskap och teknologi blir IoT-enheter allt vanligare i hemmen. Detta medför en ökad mängd enheter med potentiella sårbar-heter som hackare kan utnyttja. Denna rapport handlar om att etiskt hacka en ro-botdammsugare av modell Roborock S7 och utvärdera dess säkerhet mot internet-hot. DREAD och STRIDE används som hotmodeller för att hitta sårbarheter. Sår-barheterna testas sedan på dammsugaren. Fyra tester utfördes på system: scanning, denial-of-service-attack, man-in-the-middle-avlyssning och man-in-the-middle-av-lyssning med manipulering. Rapporten hittade att dammsugaren är resonabelt säker mot internethot men med svagheter i hur enheten hanterar sitt egna nätverk samt ett bristande motstånd mot en denial-of-service-attack genom DHCP-protokollet.
Identifer | oai:union.ndltd.org:UPSALLA1/oai:DiVA.org:kth-313693 |
Date | January 2022 |
Creators | Dahlberg Sundström, Tobias, Nilsson, Johan |
Publisher | KTH, Hälsoinformatik och logistik |
Source Sets | DiVA Archive at Upsalla University |
Language | English |
Detected Language | English |
Type | Student thesis, info:eu-repo/semantics/bachelorThesis, text |
Format | application/pdf |
Rights | info:eu-repo/semantics/openAccess |
Relation | TRITA-CBH-GRU ; 2022:059 |
Page generated in 0.0016 seconds