Testing the Security ESP32 Internet of Things Devices

Abstract

The physical model of a handmade IoT system that includes device for measuring temperature based on ESP32, WiFi home network and web interface was proposed and implemented upon laboratory scale. The result of the experiment based on this model to attempt to gain unauthorized access to the transmitted data was successful. Attack scenario was formulated and consist of four stages: gaining unauthorized access to a network, network traffic interception and analysis, create fake ESP32 client and disconnecting original ESP32 from a server. It is shown that the attacker, who has the basic knowledge and skills in working with common wireless network hacking tools and a basic knowledge of ESP32 and ESP32 programming skills can access the system and send fake information to the web interface. To reduce the probability of the proposed scenario it is recommended to use TCP instead of UDP.