Ethical hacking of a premium robot vacuum : Penetration testing of the Roborock S7 robot vacuum cleaner

Abstract: With the advancements made in the field of data science, smart IoT devices are be-coming increasingly common. Consequently, this creates an increased number of targets for hackers to potentially exploit. This is a study about ethically hacking a robot vacuum, the Roborock S7, and evaluating the security of the target system. The DREAD and Stride threat models are used in order to find potential exploits. These exploits are then tested on the vacuum. Four tests were done on the system: scan-ning, denial-of-service attack, man-in-the-middle sniffing and man-in-the-middle tampering. The study found that the vacuum is relatively secure against web threats with weaknesses found surrounding its handling of its own network and lack of re-sistance to denial-of-service attacks on the DHCP protocol.