A Security vulnerability scanner prototype for IoT devices on Wi-Fi and Bluetooth networks

Abstract

The Internet of Things (IoT) is significantly changing everyday experiences by connecting various devices that can communicate and exchange information. This interconnectivity improves efficiency and convenience across homes, businesses, and numerous industries. However, with the rapid expansion of IoT devices, security vulnerabilities have emerged as a significant concern. Many IoT devices are susceptible to attacks due to weak passwords, unprotected open ports, and unencrypted data transfers. Current vulnerability scanners for IoT devices, such as the Mirai Scanner and Firmalyzer, address some of these risks but exhibit notable limitations: they are often costly, require additional hardware, and lack support for Bluetooth-connected devices. This dissertation aims to develop a comprehensive and user-friendly vulnerability scanner prototype for IoT devices that address these gaps. By adopting the Rapid Application Development (RAD) methodology, the study iteratively focused on the design, development, and refinement of the tool that enables security administrators to scan and detect vulnerabilities across multiple connection types. This consisted of key components, including a network scanning engine, a vulnerability assessment module and a report generation system. The network scanning engine identified connected IoT devices and analyzed communication protocols including Wi-Fi and Bluetooth. The vulnerability assessment module cross-references the identified devices against a database of security weaknesses, detecting common threats such as open ports and default credentials. The report generation module provided downloadable reports, providing recommendations to remedy the identified vulnerability. To validate the effectiveness of the scanner, the study employed a series of controlled experiments. These were to assess the scanner’s accuracy, ability to detect a range of vulnerabilities, and ease of use in comparison to existing solutions. The results from the validation phase were to demonstrate the tool’s potential to improve IoT security by providing an accessible, cost-effective solution for proactive vulnerability management. The scanner successfully identified vulnerabilities across the IoT devices connected via Wi-Fi and Bluetooth in the test environment, demonstrating detection accuracy, risk assessment, and security reporting.

Keywords: Security, Internet of Things, Rapid Application Development