Replay attack on Bluetooth communication with software defined radio in the IoT based smart home

IoT smart home devices make it easier for people to monitor their home just by checking on their smartphones. Rather than physical risk, connecting smart home devices to the internet results in new security and privacy problems, such as confidentiality, integrity and authenticity of data exchange by the devices. Smart home devices are highly vulnerable to different security attacks that make a smart home unsecure to live. Therefore, it is necessary to evaluate the security risks to judge the situation of smart home devices. As homes are increasingly computerized and smart home devices being widely used, potential security attacks and their impact need to be investigated. The methodologies used in this report are implemented and design from OWASP Firmware Testing Methodology and OCTAVE aimed at two stages of replay attack which are Preliminary attack and Revamp attack of the chosen smart home devices: Hampton Bay Smart Doorbell and Wi-Fi August Smart Lock and conducting security analysis based on proposed penetration testing guideline. The research finds that the Hampton Smart Doorbell is vulnerable towards both preliminary and revamp stage while the Wi-Fi August Smart Lock is secured towards both attacks conducted. The findings in this thesis will assist in detecting vulnerabilities in smart home devices system when it comes to the specification of security criteria.
Keywords: Internet of Things (IoT), Smart Home Device, Smart Doorbell, Smart Lock, Detecting Vulnerabilities, Penetration Testing Guideline, Replay Attack.