Enhancing IoT Security in Smart Homes Using Kali Linux for Penetration Testing
Shrestha, Sujata; Fatoyinbo, Esther (2025)
2025
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2025060420205
https://urn.fi/URN:NBN:fi:amk-2025060420205
Tiivistelmä
This thesis examines the security challenges related to Internet of Things (IoT) devices utilized in smart homes. The swift expansion of these beneficial devices has markedly improved convenience, automation, and energy efficiency. The world is expected to see an increased prevalence of IoT systems in the forthcoming years. This increasing interconnectivity is accompanied by considerable cybersecurity challenges. This research aimed to examine the security status of select consumer-grade IoT devices via ethical penetration testing utilizing Kali Linux. The study concentrated on the Airam SmartHome temperature and humidity sensor and a generic humidity sensor, bought online, simulating realistic attack scenarios within a controlled setting.
This study employed tools including Nmap, Hydra, Metasploit, Wireshark, and Tcpdump to identify critical vulnerabilities, such as open and misconfigured services, outdated firmware, weak authentication, and unsecured communication protocols. Through the application of Service Enumeration, Operating System (OS) fingerprinting, brute-force testing, and packet capture techniques, the study identified methods by which malicious actors could exploit these systems.
Significant findings indicate the common occurrence of outdated Linux kernels, unencrypted web interfaces, and the use of legacy protocols such as Universal Plug and Play (UPnP) and Point-to-Point Tunneling Protocol (PPTP). Manufacturers, users, researchers, and policymakers are advised to enhance IoT security through secure-by-design engineering, firmware patching, and the implementation of robust authentication measures. This study highlights the necessity of ongoing security evaluations and user awareness to protect the integrity and privacy of smart home systems.
This study employed tools including Nmap, Hydra, Metasploit, Wireshark, and Tcpdump to identify critical vulnerabilities, such as open and misconfigured services, outdated firmware, weak authentication, and unsecured communication protocols. Through the application of Service Enumeration, Operating System (OS) fingerprinting, brute-force testing, and packet capture techniques, the study identified methods by which malicious actors could exploit these systems.
Significant findings indicate the common occurrence of outdated Linux kernels, unencrypted web interfaces, and the use of legacy protocols such as Universal Plug and Play (UPnP) and Point-to-Point Tunneling Protocol (PPTP). Manufacturers, users, researchers, and policymakers are advised to enhance IoT security through secure-by-design engineering, firmware patching, and the implementation of robust authentication measures. This study highlights the necessity of ongoing security evaluations and user awareness to protect the integrity and privacy of smart home systems.