The Internet of things (IoT) products, which have been widely adopted, still pose challenges in the modern cybersecurity landscape. Many IoT devices are resource-constrained and almost constantly online. Furthermore, the security features of these devices are less often of concern, and fewer methods, standards, and guidelines are available for testing them. Although a few approaches are available to assess the security posture of IoT products, the ones in use are mostly based on traditional non-IoT-focused techniques and generally lack the attackers' perspective. This study provides a four-stage IoT vulnerability research methodology built on top of four key elements: logical attack surface decomposition, compilation of top 100 weaknesses, lightweight risk scoring, and step-by-step penetration testing guidelines. Our proposed methodology is evaluated with multiple IoT products. The results indicate that PatrIoT allows cyber security practitioners without much experience to advance vulnerability research activities quickly and reduces the risk of critical IoT penetration testing steps being overlooked.

Connected devices have become an integral part of modern homes and household devices, such as vac-uum cleaners and refrigerators, are now often connected to networks. This connectivity introduces an entry point for cyber attackers. The plethora of successful cyber attacks against household IoT indicates that the security of these devices, or the security of applications related to these devices, is often lacking. Existing penetration testing studies usually focus on individual devices, and recent studies often men-tion the need for more extensive vulnerability assessments. Therefore, this study investigates the cyber security of devices commonly located in connected homes. Systematic penetration tests were conducted on 22 devices in five categories related to connected homes: smart door locks, smart cameras, smart car adapters/garages, smart appliances, and miscellaneous smart home devices. In total, 17 vulnerabilities were discovered and published as new CVEs. Some CVEs received critical severity rankings from the National Vulnerability Database (NVD), reaching 9.8/10. The devices are already being sold and used worldwide, and the discovered vulnerabilities could lead to severe consequences for residents, such as an attacker gaining physical access to the house. In addition to the published CVEs, 52 weaknesses were discovered that could potentially lead to new CVEs in the future. To our knowledge, this is the most comprehensive study on penetration testing of connected household products.

This paper investigates methods to secure Remote Terminal Units (RTUs) which are the building blocks of a smart grid systems - the next generation version to replace the power grid systems that are being used today. RTUs are identified as the heart of automation and control (SCADA) systems by the systems engineers. As such, security and maintaining nominal operability of such devices has prime importance, especially for the industrial automation networks such as the smart grid. A way of measuring the security of systems and networks is executing a series of cybersecurity weakness assessment tests called penetration testing. Another way of such an assessment is called vulnerability analysis by threat modelling which involves careful investigation and modelling of each and every component of a network/system under investigation. This article, aims at marrying these two methodologies for the vulnerability assessment of the RTUs in a methodological and scientific way.

Entering the era of the Internet of Things, the traditional Computer Forensics is no longer as trivial as decades ago with a rather limited pool of possible computer components. It has been demonstrated recently how the complexity and advancement of IoT are being used by malicious actors attack digital and physical infrastructures and systems. The investigative methodology, therefore, faces multiple challenges related to the fact that billions of interconnected devices generate tiny pieces of data that easily comprehend the Big Data paradigm. As a result, Computer Forensics is no longer a simple methodology of the straightforward process. In this paper, we study the complexity and readiness of community-accepted devices in a smart application towards assistance in criminal investigations. In particular, we present a clear methodology and involved tools related to Smart Applications. Relevant artefacts are discussed and analysed using the prism of the Digital Forensics Process. This research contributes towards increased awareness of the IoT Forensics in the Edge, corresponding challenges and opportunities.

Connectivity as a whole and the Internet of Things (IoT) has influenced a great many things in the past decade. Among those, the most prominent is our daily life routines, which have increasingly started to depend on technology. A Smart Home, being a central part, has gained more importance from a forensic perspective since it affects many lives and can be an easy target for cybercrimes. In this work in progress paper, we explore the feasibility of conducting forensic analysis on different Smart Plugs and what sort of challenges are encountered in such a forensic investigation. We also review current related work for forensic analysis of Smart Plugs.