Publication: PENTOS: Penetration testing tool for Internet of Thing devices
Issued Date
2017-12-19
Resource Type
ISSN
21593450
21593442
21593442
Other identifier(s)
2-s2.0-85044187794
Rights
Mahidol University
Rights Holder(s)
SCOPUS
Bibliographic Citation
IEEE Region 10 Annual International Conference, Proceedings/TENCON. Vol.2017-December, (2017), 2279-2284
Suggested Citation
Vasaka Visoottiviseth, Phuripat Akarasiriwong, Siravitch Chaiyasart, Siravit Chotivatunyu PENTOS: Penetration testing tool for Internet of Thing devices. IEEE Region 10 Annual International Conference, Proceedings/TENCON. Vol.2017-December, (2017), 2279-2284. doi:10.1109/TENCON.2017.8228241 Retrieved from: https://repository.li.mahidol.ac.th/handle/20.500.14594/42310
Research Projects
Organizational Units
Authors
Journal Issue
Thesis
Title
PENTOS: Penetration testing tool for Internet of Thing devices
Other Contributor(s)
Abstract
© 2017 IEEE. The Internet of Thing (IoT) technology has been growing rapidly with many implementations. However, because of its ability to perform tasks and handle the sensitive information and also the paucity of user security awareness, IoT devices contain many potential risks and are the new target of attacks. In this paper, we develop a penetration testing system for IoT devices called PENTOS in order to increase the user security awareness. The system comes with the GUI running on Kali Linux which is specifically designed for ethical hacking. PENTOS automatically gathers the information of the target IoT device through the wireless communication, which are WiFi and Bluetooth. The system allows users to perform various kinds of penetration testing on their IoT devices such as the password attack, web attack, and wireless attack in order to gain the privilege access by multiple algorithms. Moreover, the system also provides the basic security guidance according to the OWASP's Top 10 IoT Vulnerabilities to educate users and increase the security awareness. After the penetration testing, the system then summarizes the results of all attacking modules and gives the recommendations for the secure deployment to avoid possible threats.