INVESTIGATION OF VULNERABILITIES IN INTERNET OF THINGS PLATFORMS AND PROTOCOLS USING PENETRATION TESTING METHODS

The paper presents research findings related to the security of widespread Internet of Things (IoT) platforms and protocols, based on the analysis of existing vulnerability databases and practical penetration testing of IoT device networks using modern methods. An algorithm for collecting and extracting relevant data from the Common Vulnerabilities and Exposures (CVE) database has been developed. Additionally, a web interface for an interactive CVE table was created, facilitating the processing and visualization of large volumes of data in a convenient and clear format. The conducted analysis aimed to identify the most critical vulnerabilities that should be minimized through the introduction of a new authentication protocol for IoT devices and to define specific requirements for the protocol targeting identified vulnerabilities. During penetration testing of wireless networks, significant vulnerabilities were discovered in the examined IoT devices and the LoRaWAN wireless network. As a result, a dataset containing a list of IoT system vulnerabilities extracted from the CVE glossary, including descriptions of attack vectors and severity based on the Common Vulnerability Scoring System (CVSS), was compiled, along with practical recommendations for mitigating the vulnerabilities.

1. Evaluating critical security issues of the IoT world: Present and future challenges / М. Frustaci et al // IEEE Internet of things journal. – 2017. – V.5, № 4. – P. 2483-2495.

2. Goranin N. A Bibliometric Review of Intrusion Detection Research in IoT: Evolution, Collaboration, and Emerging Trends / N. Goranin, S.K. Hora, H.A. Čenys // Electronics. – 2024. – Vol. 13. – P. 3210. https://doi.org/10.3390/electronics13163210.

3. Advancing IoT Security: A Review of Intrusion Detection Systems Challenges and Emerging Solutions / Т. Zhukabayeva et al // Proceeding of the 11th International Conference on Software Defined Systems. – 2024. – P. 115-122.

4. A method of vulnerability analysis in wireless internet of things networks for smart city infrastructures / Т. Zhukabayeva et al // Scientific Journal of Astana IT University. – 2024. – Vol. 20. – P. 48-61.

5. Comprehensive Vulnerability Analysis and Penetration Testing Approaches in Smart City Ecosystems / Т. Zhukabayeva et al // Proceeding of the 8th International Symposium on Innovative Approaches in Smart Technologies. – 2024. – P.1-6.

6. Security vulnerabilities in LoRaWAN / Х. Yang et al // Proceeding of the Third International Conference on Internet-of-Things Design and Implementation. – 2018. – P. 129-140.

7. Automated Conversion of CVE Records into an Expert System, Dedicated to Information Security Risk Analysis, Knowledge-Base Rules / D. Benetis et al // Electronics. – 2024. – Vo. 13. – P. 2642. https://doi.org/10.3390/electronics13132642.

8. Kühn P. Common vulnerability scoring system prediction based on open source intelligence information sources / P. Kühn, D.N. Relke, C. Reuter // Computer Security. – 2023. – Vol. 131. – P. 103286.

9. Ethical hacking for IoT: Security issues, challenges, solutions and recommendations / J.P.A. Yaacoub et al // Internet of Things and Cyber-Physical Systems. – 2023. – V. 3. – P. 280-308.

10. An IoT-based Air Pollution Monitoring System for Smart City / А. Aubakirov et al // Proceedings of 4th IEEE International Conference on Computer Systems. – 2024. – P. 156-161.