Security Analysis of the Internet of Things Using Digital Forensic and Penetration Testing Tools

We exist in a universe where everything is related to the internet or each other like smart TVs, smart telephones, smart thermostat, cars and more. Internet of Things has become one of the most talked about technologies across the world and its applications range from the control of home appliances in a smart home to the control of machines on the production floor of an industry that requires less human intervention in performing basic daily tasks. Internet of Things has rapidly developed without adequate attention given to the security and privacy goals involved in its design and implementation. This document contains three research projects all centered on how to improve user\u27s data privacy and security in the Internet of Things. The first research provides a detailed analysis of the Internet of Things architecture, some security vulnerabilities, and countermeasures. We went on to discuss some solutions to these issues and presented some available Internet of Things simulators that could be used to test Internet of Things systems. In the second research, we explored privacy and security challenges faced by consumers of smart devices in this case we used an Amazon Echo Dot as our case study. During this research, we were able to compare two different digital forensic tools to see which performed better at extracting information from the device and if the device observes best practices for user data privacy. In the third research project, we used a tool called GATTacker to exploit security vulnerabilities of a Bluetooth Low Energy device and provide security awareness to users

EXPLORING USER PRIVACY BASED ON HUMAN BEHAVIOR WITH INTERNET OF THINGS DEVICES AT HOME (FORMATIVE RESEARCH)

The proposed research initiative is aimed at investigating potential security and privacy vulnerabilities in home based Internet of Things (IoT) smart devices, such as Amazon Echo, Google Home, and smart home appliances, by analyzing the type, nature, and frequency of its encrypted, network communications. Such communications may reveal private information about the activities occurring within a home, as well as behaviors, relationships, and habits. Regardless of the quality of encryption used for network communications, digital messages expose certain information in much the same way as a sealed envelope sent via the postal service. The results of this formative research initiative will encourage better design of future home based IoT smart devices for security and privacy, as well as educate consumers on risks

Vulnerability Analysis of Content Management Systems to SQL Injection Using SQLMAP

There are over 1 billion websites today, and most of them are designed using content management systems. Cybersecurity is one of the most discussed topics when it comes to a web application and protecting the confidentiality, integrity of data has become paramount. SQLi is one of the most commonly used techniques that hackers use to exploit a security vulnerability in a web application. In this paper, we compared SQLi vulnerabilities found on the three most commonly used content management systems using a vulnerability scanner called Nikto, then SQLMAP for penetration testing. This was carried on default WordPress, Drupal and Joomla website pages installed on a LAMP server (Iocalhost). Results showed that each of the content management systems was not susceptible to SQLi attacks but gave warnings about other vulnerabilities that could be exploited. Also, we suggested practices that could be implemented to prevent SQL injections