Risk mitigation plan for vulnerabilities and threats in an IoT device

Main Article Content

John Fernando Calle Sarmiento
Juan Pablo Cuenca Tapia

Abstract

Introduction. The Internet of Things (IoT) has drastically changed daily life because of the rapid advancement of technology. Webcams, which serve a variety of functions, are, nevertheless, vulnerable to dangers like illegal access, data leakage, and real-time video streaming to other devices. The goal of this investigation is to determine whether the IoT device, the TP-Link Kasa Spot camera, is vulnerable to flaws that could jeopardize data security. Objective. Using specialist software tools, evaluate the dangers and weaknesses inherent in the webcam and its mobile application to maintain the IoT device's confidentiality, integrity, and availability. Methodology. We chose the OWASP methodology to conduct this research since its structure is practical and suited for the procedure. Results. The study aimed to develop a comprehensive risk mitigation strategy to address the vulnerabilities and threats found in the webcam and mobile application. With the goal of increasing user protection, awareness, and confidence in the use of modern technologies. Conclusion. Based on the results, it is considered that the risk mitigation plan's implementation has contributed to improving the experience of using this technology, which in turn helps prevent potential future attacks. General Area of Study: Information Technology. Specific Area of Study: Cybersecurity.

Downloads

Download data is not yet available.

Article Details

How to Cite
Calle Sarmiento , J. F., & Cuenca Tapia, J. P. (2023). Risk mitigation plan for vulnerabilities and threats in an IoT device. ConcienciaDigital, 6(4.2), 141-160. https://doi.org/10.33262/concienciadigital.v6i4.2.2773
Section
Artículos

References

Abdullah, R. M., Abualkishik, A. Z., Isaacc, N. M., Alwan, A. A., & Gulzar, Y. (2022). An investigation study for risk calculation of security vulnerabilities on android applications. Indonesian Journal of Electrical Engineering and Computer Science, 25(3), 1736–1748. https://doi.org/10.11591/ijeecs.v25.i3.pp1736-1748
Álvarez Pezo, A. M. (2023). Diseño de una propuesta de Ciberseguridad para la detección de fuga de información a través de dispositivos IoT en el área de TI de una empresa embotelladora y distribuidora de bebidas en Arequipa- 2021.
Arnau Muñoz, L. (2023). Sistema de detección de anomalías para infraestructuras IoT. 35–39. https://rua.ua.es/dspace/handle/10045/135258
Bellasmil, A. I., & Zúñiga, J. L. (2018). Diseño e implementación de un timbre inteligente basado en el Internet de las Cosas (IoT) para fortalecer la seguridad contra robos en viviendas sociales. 101. http://www.academia.edu/9523397/COLUMNAS_UNIVERSIDAD_NACIONAL_PEDRO_RUIZ_GALLO_COLUMNAS
Bozzini, D., & Bozzini, P. D. (2023). How Vulnerabilities Became Commodities. The Political Economy of Ethical Hacking (1990-2020). To cite this version: HAL Id: hal-04068476 How Vulnerabilities Became Commodities the Political Economy of Ethical Hacking (1990 – 2020).
Castro García, Á. de. (2023). Herramienta para el despliegue de laboratorios virtuales mediante Docker.
Cerasela Pana, A. (2021). La seguridad cibernética y los derechos humanos. Los límites de la restricción de derechos humanos para la protección del espacio cibernético. La Seguridad Cibernética y Los Derechos Humanos. Los Límites de La Restricción de Derechos Humanos Para La Protección Del Espacio Cibernético. https://doi.org/10.5682/9786062813604
Chiluiza, L., & Enciso, L. (2023). Detección y solución de vulnerabilidades con Greenbone Security Assistant. Revista Ibérica de Sistemas e Tecnologías de Informação, E57, 560–570.
Cruz Vega Mario, Oliete Vivas Pablo, Morales Ríos Christian, & González Carlos. (2015). Las tecnologías IoT dentro de la industria conectada 4.0. Fundación EOI. https://www.eoi.es/es/savia/publicaciones/21125/las-tecnologias-iot-dentro-de-la-industria-conectada-40
Díaz, R. M. (2022). Ciberseguridad en cadenas de suministros inteligentes en América Latina y el Caribe. Cepal. https://repositorio.cepal.org/bitstream/handle/11362/48065/1/S2200203_es.pdf
Li, Y., & Mogos, G. (2023). Digital forensics on Tencent QQ-instant messaging service in China. Indonesian Journal of Electrical Engineering and Computer Science, 29(1), 412–420. https://doi.org/10.11591/ijeecs.v29.i1.pp412-420
Lluís, L. A., & Robles, A. (2022). Estudio de los ataques y su defensa en la ingeniería social. Pág. 1-132. http://e-spacio.uned.es/fez/eserv/bibliuned:master-ETSInformatica-II-Lagil/Gil_Lluis_Luis_TFM.pdf
Lyon, G. F. (2008). Nmap network scanning: official Nmap project guide to network discovery and security scanning. Insecure. https://nmap.org/book/
Millán-Rojas, E. E., Gallego-Torres, A. P., & Chico-Vargas, D. C. (2016). Simulación de una red Grid con máquinas virtuales para crear un entorno de aprendizaje de la computación de alto desempeño. Revista Facultad de Ingeniería, 25(41), 85–92. https://doi.org/10.19053/01211129.4140
Ortiz Padilla, G. A., Flores Urgilés, C. H., Padilla Cruz, I. N., & Carrillo Zenteno, J. A. (2022). Análisis de técnicas para pruebas de Ethical Hacking-Pentesting en sitios web. Pro Sciences: Revista de Producción, Ciencias e Investigación, 6(42), 421–444. https://doi.org/10.29018/issn.2588-1000vol6iss42.2022pp421-444
Tp-link. (2023). Comparison of Wireless Technologies (Bluetooth, WiFi, BLE, Zigbee, Z-Wave, 6LoWPAN, NFC, WiFi… - Hackster.io. https://www.hackster.io/news/comparison-of-wireless-technologies-bluetooth-wifi-ble-zigbee-z-wave-6lowpan-nfc-wifi-eece5593d80f

Most read articles by the same author(s)