kth.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Where’s My Car? Ethical Hacking of a Smart Garage
KTH, School of Electrical Engineering and Computer Science (EECS).
2020 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesisAlternative title
Var är min bil? Etisk hackning av ett smart garage (Swedish)
Abstract [en]

IoT products are breaking new ground into widespread industries and introducing potential attack vectors to unprepared environments. Even the new generation of garage openers, called smart garages, have entered into the world of IoT. They are connected to the Internet, and are delivered with the goal of providing more security by merging features from the home surveillance boom. But do they keep what they promise?

This thesis has evaluated the security of one particular smart garage that is being sold worldwide – iSmartgate PRO. Penetration testing was conducted with focus on the web application. A total of eleven vulnerabilities were reported, including a one-click-root attack that combined three of them into providing an unauthenticated remote attacker with a root shell. It was concluded that the product lacked security measures in certain areas.

Abstract [sv]

IoT-produkter bryter ny mark inom spridda branscher, och introducerar potentiella attackvektorer i oförberedda miljöer. Det är inte förvånande att till och med den nya generationen garageöppnare har tagit ett kliv in i världen av IoT. Vilket innebär att garageöppnarna är uppkopplade till Internet, kallas för smarta garage och levereras med målet att bidra till ökad säkerhet med sina nya funktioner tagna från trenden av hemmaövervakning. Men kan de hålla vad de lovar?

Det här examensarbetet har utvärderat säkerheten av ett utvalt smart garage som säljs världen över – iSmartgate PRO. Penetrationstestning genomfördes med fokus på webbapplikationen. Totalt sett rapporterades elva sårbarheter, varav en inkluderade en one-click-root-attack som kombinerade tre sårbarheter till att ge en icke autentisierad fjärrangripare ett root-skal. Den dragna slutsatsen var att produkten hade utrymme för att förbättra säkerheten.

Place, publisher, year, edition, pages
2020. , p. 140
Series
TRITA-EECS-EX ; 2020:435
Keywords [en]
security, smart garage, penetration testing, IoT, threat modeling
Keywords [sv]
säkerhet, smart garage, penerationstestning, IoT, hotmodellering
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:kth:diva-280298OAI: oai:DiVA.org:kth-280298DiVA, id: diva2:1464458
External cooperation
Nixu AB
Subject / course
Computer Science
Educational program
Master of Science - Computer Science
Supervisors
Examiners
Available from: 2020-09-07 Created: 2020-09-07 Last updated: 2022-06-25Bibliographically approved

Open Access in DiVA

fulltext(8907 kB)23463 downloads
File information
File name FULLTEXT01.pdfFile size 8907 kBChecksum SHA-512
57b7e92353dd6ee8c3c0289c8ed32b1dc093b33bb7a4df6ba0f718c24138de63d55e0896334cbd2939a2c4abaa6aac61ffb243dc1a1f98d734087dc212223159
Type fulltextMimetype application/pdf

By organisation
School of Electrical Engineering and Computer Science (EECS)
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 23466 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 3485 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf