Cybersecurity evaluation of IoT systems
Sjölund, Johan (2020)
Sjölund, Johan
2020
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2020051511583
https://urn.fi/URN:NBN:fi:amk-2020051511583
Tiivistelmä
As the amount of devices connected to Internet is increasing on a daily basis, the need for
cybersecurity is now higher than ever and not only the personal computer and server but
also Internet-of-things or IoT devices must be protected. While PCs have security software
and settings, the IoT devices are lacking in this regard. Hence, the object of this thesis is to
gather information about the potential attack surfaces of IoT environment and define
guidelines on how to secure an IoT device and/or environment and evaluate an IoT device.
The research was made as a case study, focusing on current issues identified and reported
in relation to IoT. The cases used in this thesis are from widely known companies such as
Microsoft, F-Secure and OWASP IoT Project.
Based on the cases, the most common issues were selected. The issues were categorized
from low to critical depending on the effect the vulnerability might have in case it is
exploited. Potential recommendations and guidelines on how to avoid the problems and
how to evaluate a device for them.
The conclusion of this study is that there is a high amount of issues. Some of them
identified more often than others such as default passwords. Many of the issues are still
easily avoidable and solvable while others require more effort but is not impossible to
resolve. By following the recommendations from this thesis manufacturers can create more
secure IoT devices.
cybersecurity is now higher than ever and not only the personal computer and server but
also Internet-of-things or IoT devices must be protected. While PCs have security software
and settings, the IoT devices are lacking in this regard. Hence, the object of this thesis is to
gather information about the potential attack surfaces of IoT environment and define
guidelines on how to secure an IoT device and/or environment and evaluate an IoT device.
The research was made as a case study, focusing on current issues identified and reported
in relation to IoT. The cases used in this thesis are from widely known companies such as
Microsoft, F-Secure and OWASP IoT Project.
Based on the cases, the most common issues were selected. The issues were categorized
from low to critical depending on the effect the vulnerability might have in case it is
exploited. Potential recommendations and guidelines on how to avoid the problems and
how to evaluate a device for them.
The conclusion of this study is that there is a high amount of issues. Some of them
identified more often than others such as default passwords. Many of the issues are still
easily avoidable and solvable while others require more effort but is not impossible to
resolve. By following the recommendations from this thesis manufacturers can create more
secure IoT devices.