JC
Back to all projects
Pentesting: Network Assessment for Insecure IoT Devices

Security · 2022

Pentesting: Network Assessment for Insecure IoT Devices

This project involved a comprehensive penetration testing assessment focused on identifying insecure Internet of Things (IoT) devices within a client's network. The primary goal was to evaluate the security of various connected devices, particularly surveillance cameras, and to a

Kali Linux

This project involved a comprehensive penetration testing assessment focused on identifying insecure Internet of Things (IoT) devices within a client's network. The primary goal was to evaluate the security of various connected devices, particularly surveillance cameras, and to assess vulnerabilities associated with default credentials and weak security protocols.

What I delivered:

  • Network Scanning:
  • Vulnerability Assessment:
  • Password Cracking:
  • Lack of Security Protocols:
  • Exploitation of Vulnerabilities:

Result: The pentesting assessment revealed critical vulnerabilities in the IoT devices within the network, particularly regarding default credentials and inadequate security measures. By demonstrating the ease with which an attacker could exploit these weaknesses, the project underscored the necessity for robust security protocols. The recommendations prov

Overview
This project involved a comprehensive penetration testing assessment focused on identifying insecure Internet of Things (IoT) devices within a client's network. The primary goal was to evaluate the security of various connected devices, particularly surveillance cameras, and to assess vulnerabilities associated with default credentials and weak security protocols.

Key Responsibilities & Findings:

  • Network Scanning:
    • Utilized Kali Linux tools, such as Nmap and Angry IP Scanner, to conduct a thorough scan of the network for connected IoT devices.
    • Identified various devices, including IP cameras, smart home systems, and other networked appliances.
  • Vulnerability Assessment:
    • Analyzed discovered devices for common vulnerabilities, focusing on default usernames and passwords.
    • Found that many cameras and IoT devices were still using factory default credentials, making them easily exploitable.
  • Password Cracking:
    • Employed password cracking techniques using tools like Hydra and Medusa to gain unauthorized access to devices with weak passwords.
    • Successfully accessed several devices by leveraging known default credentials and weak password policies, highlighting a lack of secure authentication measures.
  • Lack of Security Protocols:
    • Evaluated the security features of IoT devices, noting the absence of Captcha protocols and other security measures designed to mitigate unauthorized access.
    • Demonstrated that many devices were vulnerable to brute-force attacks due to insufficient lockout mechanisms.
  • Exploitation of Vulnerabilities:
    • Successfully exploited vulnerabilities to gain unauthorized access to video feeds from insecure cameras, showcasing the potential risks associated with poor device security.
    • Assessed the ability to manipulate device settings and configurations, which could lead to further security breaches.
  • Security Recommendations:
    • Provided a detailed report outlining vulnerabilities found, including recommendations for enhancing IoT security, such as:
      • Changing default credentials and implementing strong password policies for all devices.
      • Incorporating Captcha protocols during authentication processes to prevent automated attacks.
      • Regularly updating device firmware to address known vulnerabilities and security flaws.
      • Segmenting IoT devices on separate networks to limit exposure and potential damage from compromised devices.
  • Reporting and Documentation:
    • Compiled a comprehensive report detailing the findings, methodologies, and recommendations.
    • Included technical documentation, logs, and evidence of vulnerabilities to support the findings.

Skills Applied:

  • IoT Security: Expertise in identifying vulnerabilities specific to IoT devices, particularly in networked environments.
  • Penetration Testing Tools: Proficient in using Kali Linux tools for network scanning, vulnerability assessment, and password cracking.
  • Technical Documentation: Ability to create clear, actionable reports for stakeholders, highlighting security risks and improvement strategies.

Outcome
The pentesting assessment revealed critical vulnerabilities in the IoT devices within the network, particularly regarding default credentials and inadequate security measures. By demonstrating the ease with which an attacker could exploit these weaknesses, the project underscored the necessity for robust security protocols. The recommendations provided helped the client enhance their IoT security posture, protecting sensitive data and improving overall network security. This proactive approach contributed to a safer environment for connected devices, minimizing the risk of unauthorized access and potential breaches.