"What if someone steals it?" - Hands-on evaluation of the software security work of a networked embedded system

Abstract: As information technology has grown and evolved, so has the need of securing the information. It is important to evaluate both the security of systems and the methods which are used for the evaluation. One method for finding security vulnerabilities in a system is penetration testing. The goal of this thesis is to evaluate some tools and methods for penetration testing. The methods were examined by performing a penetration test on a network horn speaker. The penetration test followed the state-of-the-art methodologies and was performed in three steps: reconnaissance, scanning and exploitation. Free open-source tools were used to perform attacks. The testing evaluated the security of the speaker, considering both a network attacker and an attacker with physical access to the speaker. The security work done by the company that develops the speaker was evaluated by comparing the results from the testing with the vulnerabilities found by the security work. A conclusion can be drawn that penetration testing should not be the only method for securing a system, and that threat modeling is a good way of finding vulnerabilities and attacks. An important conclusion from the testing is how a penetration tester should use tools to conduct attacks. The thesis shows the importance of using multiple tools for the same attack as well as the importance of not blindly trusting tools. Most penetration tests described in the literature from the field are performed on websites or entire organizations; this thesis contributes with knowledge about how to evaluate the security of a network embedded system.