Penetration testing of Sesame Smart door lock

Abstract: The Internet of things (IoT) device has been widely used in various fields, and its market is expanding rapidly. However, the growing usage of IoT devices also brings more security concerns. The smart door lock is one of the smart home IoT devices that need to be designed securely. This thesis work aims to evaluate and investigate the security aspect of the newest smart door lock. This thesis first provides an introduction and background of penetration testing and creates the threat model. Based on the threat model, some testings are conducted, including state consistency, Man-In-The-Middle (MITM) attack, replay attack, reverse engineering, GPS spoofing, Denial of service (DoS) attack. The result indicates that penetration tests reveal some security problems on the tested device, especially in the access log, traffic between application and server, and the ability of resistance disruption on the WiFi access point.