We want to help end-users identify vulnerable IoT devices in their network, offering users comprehensive risk assessment and easy-to-apply countermeasures. For this, we propose a mobile app called IoTdroid that (a) scans IoT devices in a network for known vulnerabilities such as insecure network connections or authentication, (b) acts as a WiFi hotspot to investigate network traffic between IoT devices and remote cloud servers for insecurities and privacy leaks and (c) identifies vulnerable IoT control apps installed on the user’s mobile device.
We propose an Android application called IoTdroid. IoTdroid allows inexperienced end-users to explore and analyze IoT devices in their perimeter. IoTdroid identifies insecure and privacy leaking devices and provides comprehensible risk assessment and easy-to-apply countermeasures. For this, the end-user installs IoTdroid on his/her Android device. It will then scan the user’s perimeter for available IoT devices and perform a set of security analyses. IoTdroid will also scan the user’s Android device for installed and vulnerable IoT control applications. With IoTdroid acting as a gateway to the internet, it is able to investigate traffic generated by connected IoT devices and probe exposed connections. This allows for the isolation of IoT devices suspected to expose security weaknesses. Investigating the device in an isolated environment allows for the identification of security risks before the device is introduced to the user’s perimeter. For performed analyses, we suggest a number of well known security weaknesses in IoT devices. A port-scan for example would expose devices with unsecured ports that are listening for telnet connections, an attack vector common in IoT devices.
Botnets targeting IoT devices often utilize known default login credentials to compromise devices via SSH. Testing a connected device with a list of known credentials can reveal insecure defaults and highlights the need for change. In addition to simple probing, the app can also perform more in-depth exploration of in and outgoing connections. Showing the origin of remote connections to the devices and by inspecting the TLS setup, end-users can discover privacy violations before sensitive data is exchanged. Final results from the analyses are presented to the end-user in a way that is understandable without in-depth knowledge. Additionally, information about possible risks is provided to underline the dangers of insecure IoT devices.