Ethical Hacking of an IoT camera

Abstract: With the fast growing popularity of IoT devices, a new entry point for cyber attacks is emerging. As IoT devices such as security cameras become more widely used in settings where security and privacy can be considered a key concern, more research about these devices must be done to ensure that the security requirements are met. In this thesis the home security camera Reolink E1 Zoom has been evaluated. The security of the device was evaluated with a 7 step method which consisted of pre-engagement, information gathering, threat modeling, vulnerability analysis, exploitation, post exploitation, and reporting. The threat modeling and penetration testing was conducted on the IoT device with a focus on the web application. The result of the penetration testing was that one vulnerability was discovered, an XSS attack, with many other security issues not directly leading to an exploit also being discovered. The vulnerability discovered was reported to the manufacturer as detailed in the thesis. The conclusion is that the security of the IoT device was lacking in certain areas.