Vulnerability Analysis of IoT Protocols Based on CVE glossary and Penetration Testing Techniques

Abstract

This article provides a comprehensive study of the vulnerabilities of Internet of Things (IoT) platforms and protocols using penetration testing methods. The work includes both analysis of publicly available vulnerability databases (in particular, the CVE database) and practical testing of IoT systems using the example of an air quality monitoring network using the LoRaWAN protocol and Wi-Fi (WPA2). An algorithm for the automatic collection and processing of vulnerability data has been implemented, and a web interface for interactive visualization and filtering of information has been developed. During the practical experiment, critical vulnerabilities were identified both in wireless networks (LoRaWAN, Wi-Fi WPA2) and in IoT devices themselves, such as using standard passwords, transmitting unencrypted data, and the possibility of Replay, Brute Force, and Deauthentication attacks. Based on the results of the analysis, recommendations have been formed to eliminate vulnerabilities and requirements for new device authentication schemes have been outlined. The obtained developments can be used by developers to improve the security of IoT systems.