<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Publishing DTD v1.3 20210610//EN" "JATS-journalpublishing1-3.dtd">
<article article-type="research-article" dtd-version="1.3" xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xml:lang="ru"><front><journal-meta><journal-id journal-id-type="publisher-id">kaz44</journal-id><journal-title-group><journal-title xml:lang="ru">Вестник Университета Шакарима. Серия технические науки</journal-title><trans-title-group xml:lang="en"><trans-title>Bulletin of Shakarim University. Technical Sciences</trans-title></trans-title-group></journal-title-group><issn pub-type="ppub">2788-7995</issn><issn pub-type="epub">3006-0524</issn><publisher><publisher-name>«Шәкәрім университеті» КеАҚ</publisher-name></publisher></journal-meta><article-meta><article-id pub-id-type="doi">10.53360/2788-7995-2025-2(18)-8</article-id><article-id custom-type="elpub" pub-id-type="custom">kaz44-1802</article-id><article-categories><subj-group subj-group-type="heading"><subject>Research Article</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="ru"><subject>АВТОМАТИЗАЦИЯ И ИНФОРМАЦИОННЫЕ ТЕХНОЛОГИИ (ОРИГИНАЛЬНАЯ СТАТЬЯ)</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="en"><subject>AUTOMATION AND INFORMATION TECHNOLOGY (ORIGINAL ARTICLE)</subject></subj-group></article-categories><title-group><article-title>ИССЛЕДОВАНИЕ УЯЗВИМОСТЕЙ ПЛАТФОРМ И ПРОТОКОЛОВ ИНТЕРНЕТА ВЕЩЕЙ С ИСПОЛЬЗОВАНИЕМ МЕТОДОВ ТЕСТИРОВАНИЯ НА ПРОНИКНОВЕНИЕ</article-title><trans-title-group xml:lang="en"><trans-title>INVESTIGATION OF VULNERABILITIES IN INTERNET OF THINGS PLATFORMS AND PROTOCOLS USING PENETRATION TESTING METHODS</trans-title></trans-title-group></title-group><contrib-group><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0000-0003-3315-798X</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Сагиндыков</surname><given-names>К. М.</given-names></name><name name-style="western" xml:lang="en"><surname>Sagindykov</surname><given-names>K.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Каким Молдабекович Сагиндыков – кандидат технических наук, доцент кафедры «Информационная безопасность», </p><p>010000, г. Астана, улица К. Сатпаева, 2</p></bio><bio xml:lang="en"><p>Kakim Sagindykov – Candidate of Technical Sciences, associate Professor of the Information Security Department,</p><p>010000, Astana, 2 Satbayev Street</p></bio><email xlink:type="simple">sagindykov_km@enu.kz</email><xref ref-type="aff" rid="aff-1"/></contrib><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0000-0003-0291-4685</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Сатыбалдина</surname><given-names>Д. Ж.</given-names></name><name name-style="western" xml:lang="en"><surname>Satybaldina</surname><given-names>D.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Дина Жагыпаровна Сатыбалдина – кандидат физико-математических наук, ассоциированный профессор, </p><p>010000, г. Астана, проспект Мангилик Ел, 54</p></bio><bio xml:lang="en"><p>Dina Satybaldina – Candidate of Physical and Mathematical Sciences, Associate Professor,  </p><p>010000, Astana, Mangilik El Avenue, 54</p></bio><email xlink:type="simple">satybaldina_dzh@enu.kz</email><xref ref-type="aff" rid="aff-2"/></contrib><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0000-0002-7373-4692</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Тебуева</surname><given-names>Ф. Б.</given-names></name><name name-style="western" xml:lang="en"><surname>Tebueva</surname><given-names>F.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Фариза Биляловна Тебуева – доктор физико-математических наук, профессор кафедры вычислительной математики и кибернетики, </p><p>355017, г. Ставрополь, ул. Пушкина, 1</p></bio><bio xml:lang="en"><p>Fariza Tebueva – Doctor of Physical and Mathematical Sciences, Professor of the Computational Mathematics and Cybernetics Department, </p><p>355017, 1 Pushkin Street, Stavropol </p></bio><email xlink:type="simple">ftebueva@nfcu.ru</email><xref ref-type="aff" rid="aff-3"/></contrib><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0009-0005-3327-9719</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Айдынов</surname><given-names>Т. А.</given-names></name><name name-style="western" xml:lang="en"><surname>Aidynov</surname><given-names>T.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Төлеген Айдынұлы Айдынов – докторант кафедры «Информационная безопасность», </p><p>010000, г. Астана, улица К. Сатпаева, 2</p></bio><bio xml:lang="en"><p>Tolegen Aydynov – PhD student of the Information Security Department, </p><p>010000, Astana, 2 Satbayev Street</p></bio><email xlink:type="simple">tolegen.ch@gmail.com</email><xref ref-type="aff" rid="aff-1"/></contrib><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0000-0001-6006-4813</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Шайханова</surname><given-names>А. К.</given-names></name><name name-style="western" xml:lang="en"><surname>Shaikhanova</surname><given-names>A.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Айгуль Кайрулаевна Шайханова – PhD, профессор кафедры «Информационная безопасность», </p><p>010000, г. Астана, улица К. Сатпаева, 2</p></bio><bio xml:lang="en"><p>Aigul Shaykhanova – PhD, Professor of the Information Security Department,</p><p>010000, Astana, 2 Satbayev Street</p></bio><email xlink:type="simple">aigul.shaikhanova@gmail.com</email><xref ref-type="aff" rid="aff-1"/></contrib></contrib-group><aff-alternatives id="aff-1"><aff xml:lang="ru">Евразийский национальный университет им. Л.Н. Гумилева<country>Казахстан</country></aff><aff xml:lang="en">L.N. Gumilyov Eurasian National University<country>Kazakhstan</country></aff></aff-alternatives><aff-alternatives id="aff-2"><aff xml:lang="ru">ТОО "KazHackStan"<country>Казахстан</country></aff><aff xml:lang="en">KazHackStan LLP<country>Kazakhstan</country></aff></aff-alternatives><aff-alternatives id="aff-3"><aff xml:lang="ru">ФГАОУ ВО «Северо-Кавказский федеральный университет»<country>Россия</country></aff><aff xml:lang="en">North Caucasus Federal University<country>Russian Federation</country></aff></aff-alternatives><pub-date pub-type="collection"><year>2025</year></pub-date><pub-date pub-type="epub"><day>08</day><month>07</month><year>2025</year></pub-date><volume>0</volume><issue>2(18)</issue><fpage>65</fpage><lpage>74</lpage><permissions><copyright-statement>Copyright &amp;#x00A9; Сагиндыков К.М., Сатыбалдина Д.Ж., Тебуева Ф.Б., Айдынов Т.А., Шайханова А.К., 2025</copyright-statement><copyright-year>2025</copyright-year><copyright-holder xml:lang="ru">Сагиндыков К.М., Сатыбалдина Д.Ж., Тебуева Ф.Б., Айдынов Т.А., Шайханова А.К.</copyright-holder><copyright-holder xml:lang="en">Sagindykov K., Satybaldina D., Tebueva F., Aidynov T., Shaikhanova A.</copyright-holder><license xml:lang="ru" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>Данная работа распространяется под лицензией Creative Commons Attribution 4.0.</license-p></license><license xml:lang="en" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>This work is licensed under a Creative Commons Attribution 4.0 License.</license-p></license></permissions><self-uri xlink:href="https://tech.vestnik.shakarim.kz/jour/article/view/1802">https://tech.vestnik.shakarim.kz/jour/article/view/1802</self-uri><abstract><p>В работе представлены результаты исследования безопасности распространенных платформ и протоколов Интернета вещей на основе анализа известных баз данных уязвимостей, а также практического эксперимента по аудиту сети устройств Интернета вещей с использованием современных методов тестирования на проникновение. Реализован алгоритм сбора и извлечения релевантных данных из базы Common Vulnerabilities and Exposures (CVE). Разработан веб-интерфейс интерактивной CVE таблицы, который реализует задачи обработки и представления больших объемов данных в удобном и наглядном формате. Анализ проведен для выявления наиболее критичных уязвимостей, которые должны быть минимизированы новым протоколом аутентификации устройств Интернета вещей и для формирования конкретных требований к протоколу, направленных на минимизацию выявленных уязвимостей. В ходе тестирования беспроводных сетей на проникновение были выявлены критические уязвимости в исследованных устройствах Интернета вещей и беспроводной сети LoRaWAN. В результате исследований получен датасет, включающий список уязвимостей систем Интернета вещей, извлеченных из CVE глоссария с описанием векторов атак и критичности по шкале Common Vulnerability Scoring System (CVSS), сформулированы рекомендации по устранению уязвимостей.</p></abstract><trans-abstract xml:lang="en"><p>The paper presents research findings related to the security of widespread Internet of Things (IoT) platforms and protocols, based on the analysis of existing vulnerability databases and practical penetration testing of IoT device networks using modern methods. An algorithm for collecting and extracting relevant data from the Common Vulnerabilities and Exposures (CVE) database has been developed. Additionally, a web interface for an interactive CVE table was created, facilitating the processing and visualization of large volumes of data in a convenient and clear format. The conducted analysis aimed to identify the most critical vulnerabilities that should be minimized through the introduction of a new authentication protocol for IoT devices and to define specific requirements for the protocol targeting identified vulnerabilities. During penetration testing of wireless networks, significant vulnerabilities were discovered in the examined IoT devices and the LoRaWAN wireless network. As a result, a dataset containing a list of IoT system vulnerabilities extracted from the CVE glossary, including descriptions of attack vectors and severity based on the Common Vulnerability Scoring System (CVSS), was compiled, along with practical recommendations for mitigating the vulnerabilities.</p></trans-abstract><kwd-group xml:lang="ru"><kwd>атака</kwd><kwd>Интернет вещей</kwd><kwd>кибербезопасность</kwd><kwd>протокол</kwd><kwd>уязвимость</kwd><kwd>тестирование на проникновение (пентестинг)</kwd></kwd-group><kwd-group xml:lang="en"><kwd>attack</kwd><kwd>Internet of Things</kwd><kwd>cybersecurity</kwd><kwd>protocol</kwd><kwd>vulnerability</kwd><kwd>penetration testing (pentesting)</kwd></kwd-group><funding-group xml:lang="ru"><funding-statement>Данное исследование финансируется Комитетом науки Министерства науки и высшего образования Республики Казахстан (грант № AP 26198843).</funding-statement></funding-group></article-meta></front><back><ref-list><title>References</title><ref id="cit1"><label>1</label><citation-alternatives><mixed-citation xml:lang="ru">Evaluating critical security issues of the IoT world: Present and future challenges / М. Frustaci et al // IEEE Internet of things journal. – 2017. – V.5, № 4. – P. 2483-2495.</mixed-citation><mixed-citation xml:lang="en">Evaluating critical security issues of the IoT world: Present and future challenges / М. Frustaci et al // IEEE Internet of things journal. – 2017. – V.5, № 4. – P. 2483-2495.</mixed-citation></citation-alternatives></ref><ref id="cit2"><label>2</label><citation-alternatives><mixed-citation xml:lang="ru">Goranin N. A Bibliometric Review of Intrusion Detection Research in IoT: Evolution, Collaboration, and Emerging Trends / N. Goranin, S.K. Hora, H.A. Čenys // Electronics. – 2024. – Vol. 13. – P. 3210. https://doi.org/10.3390/electronics13163210.</mixed-citation><mixed-citation xml:lang="en">Goranin N. A Bibliometric Review of Intrusion Detection Research in IoT: Evolution, Collaboration, and Emerging Trends / N. Goranin, S.K. Hora, H.A. Čenys // Electronics. – 2024. – Vol. 13. – P. 3210. https://doi.org/10.3390/electronics13163210.</mixed-citation></citation-alternatives></ref><ref id="cit3"><label>3</label><citation-alternatives><mixed-citation xml:lang="ru">Advancing IoT Security: A Review of Intrusion Detection Systems Challenges and Emerging Solutions / Т. Zhukabayeva et al // Proceeding of the 11th International Conference on Software Defined Systems. – 2024. – P. 115-122.</mixed-citation><mixed-citation xml:lang="en">Advancing IoT Security: A Review of Intrusion Detection Systems Challenges and Emerging Solutions / Т. Zhukabayeva et al // Proceeding of the 11th International Conference on Software Defined Systems. – 2024. – P. 115-122.</mixed-citation></citation-alternatives></ref><ref id="cit4"><label>4</label><citation-alternatives><mixed-citation xml:lang="ru">A method of vulnerability analysis in wireless internet of things networks for smart city infrastructures / Т. Zhukabayeva et al // Scientific Journal of Astana IT University. – 2024. – Vol. 20. – P. 48-61.</mixed-citation><mixed-citation xml:lang="en">A method of vulnerability analysis in wireless internet of things networks for smart city infrastructures / Т. Zhukabayeva et al // Scientific Journal of Astana IT University. – 2024. – Vol. 20. – P. 48-61.</mixed-citation></citation-alternatives></ref><ref id="cit5"><label>5</label><citation-alternatives><mixed-citation xml:lang="ru">Comprehensive Vulnerability Analysis and Penetration Testing Approaches in Smart City Ecosystems / Т. Zhukabayeva et al // Proceeding of the 8th International Symposium on Innovative Approaches in Smart Technologies. – 2024. – P.1-6.</mixed-citation><mixed-citation xml:lang="en">Comprehensive Vulnerability Analysis and Penetration Testing Approaches in Smart City Ecosystems / Т. Zhukabayeva et al // Proceeding of the 8th International Symposium on Innovative Approaches in Smart Technologies. – 2024. – P.1-6.</mixed-citation></citation-alternatives></ref><ref id="cit6"><label>6</label><citation-alternatives><mixed-citation xml:lang="ru">Security vulnerabilities in LoRaWAN / Х. Yang et al // Proceeding of the Third International Conference on Internet-of-Things Design and Implementation. – 2018. – P. 129-140.</mixed-citation><mixed-citation xml:lang="en">Security vulnerabilities in LoRaWAN / Х. Yang et al // Proceeding of the Third International Conference on Internet-of-Things Design and Implementation. – 2018. – P. 129-140.</mixed-citation></citation-alternatives></ref><ref id="cit7"><label>7</label><citation-alternatives><mixed-citation xml:lang="ru">Automated Conversion of CVE Records into an Expert System, Dedicated to Information Security Risk Analysis, Knowledge-Base Rules / D. Benetis et al // Electronics. – 2024. – Vo. 13. – P. 2642. https://doi.org/10.3390/electronics13132642.</mixed-citation><mixed-citation xml:lang="en">Automated Conversion of CVE Records into an Expert System, Dedicated to Information Security Risk Analysis, Knowledge-Base Rules / D. Benetis et al // Electronics. – 2024. – Vo. 13. – P. 2642. https://doi.org/10.3390/electronics13132642.</mixed-citation></citation-alternatives></ref><ref id="cit8"><label>8</label><citation-alternatives><mixed-citation xml:lang="ru">Kühn P. Common vulnerability scoring system prediction based on open source intelligence information sources / P. Kühn, D.N. Relke, C. Reuter // Computer Security. – 2023. – Vol. 131. – P. 103286.</mixed-citation><mixed-citation xml:lang="en">Kühn P. Common vulnerability scoring system prediction based on open source intelligence information sources / P. Kühn, D.N. Relke, C. Reuter // Computer Security. – 2023. – Vol. 131. – P. 103286.</mixed-citation></citation-alternatives></ref><ref id="cit9"><label>9</label><citation-alternatives><mixed-citation xml:lang="ru">Ethical hacking for IoT: Security issues, challenges, solutions and recommendations / J.P.A. Yaacoub et al // Internet of Things and Cyber-Physical Systems. – 2023. – V. 3. – P. 280-308.</mixed-citation><mixed-citation xml:lang="en">Ethical hacking for IoT: Security issues, challenges, solutions and recommendations / J.P.A. Yaacoub et al // Internet of Things and Cyber-Physical Systems. – 2023. – V. 3. – P. 280-308.</mixed-citation></citation-alternatives></ref><ref id="cit10"><label>10</label><citation-alternatives><mixed-citation xml:lang="ru">An IoT-based Air Pollution Monitoring System for Smart City / А. Aubakirov et al // Proceedings of 4th IEEE International Conference on Computer Systems. – 2024. – P. 156-161.</mixed-citation><mixed-citation xml:lang="en">An IoT-based Air Pollution Monitoring System for Smart City / А. Aubakirov et al // Proceedings of 4th IEEE International Conference on Computer Systems. – 2024. – P. 156-161.</mixed-citation></citation-alternatives></ref></ref-list><fn-group><fn fn-type="conflict"><p>The authors declare that there are no conflicts of interest present.</p></fn></fn-group></back></article>
