物联网移动应用渗透测试-研究方法和结果

IF 8.9 1区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

IEEE Internet of Things Journal Pub Date : 2025-02-10 DOI:10.1109/JIOT.2025.3540305

Jan Adamski;Marek Janiszewski;Marcin Rytel

{"title":"物联网移动应用渗透测试-研究方法和结果","authors":"Jan Adamski;Marek Janiszewski;Marcin Rytel","doi":"10.1109/JIOT.2025.3540305","DOIUrl":null,"url":null,"abstract":"This article describes the methodology of pentesting mobile applications used to control Internet of Things (IoT) devices, which is part of a comprehensive methodology for testing the security of IoT solutions. This article shows the importance of mobile applications in the context of IoT security and what elements constitute the essential pillars for the security of users and their devices. The authors describe the methods of the pentesting process step by step depending on the application being tested and the complications encountered. This article also includes the most popular security flaws of this type of application, along with a description of how they pose a threat to their users. It also shows the complexity of conducting pentests of IoT solutions due to the variety of procedures and test areas that must be intertwined in order to obtain reliable and complete results. This article concludes with a description of vulnerabilities discovered and reported to the relevant authorities thanks to research conducted in accordance with the described methodology.","PeriodicalId":54347,"journal":{"name":"IEEE Internet of Things Journal","volume":"12 11","pages":"18209-18219"},"PeriodicalIF":8.9000,"publicationDate":"2025-02-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"IoT Mobile Applications Pentesting Methodology and Results of Research\",\"authors\":\"Jan Adamski;Marek Janiszewski;Marcin Rytel\",\"doi\":\"10.1109/JIOT.2025.3540305\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This article describes the methodology of pentesting mobile applications used to control Internet of Things (IoT) devices, which is part of a comprehensive methodology for testing the security of IoT solutions. This article shows the importance of mobile applications in the context of IoT security and what elements constitute the essential pillars for the security of users and their devices. The authors describe the methods of the pentesting process step by step depending on the application being tested and the complications encountered. This article also includes the most popular security flaws of this type of application, along with a description of how they pose a threat to their users. It also shows the complexity of conducting pentests of IoT solutions due to the variety of procedures and test areas that must be intertwined in order to obtain reliable and complete results. This article concludes with a description of vulnerabilities discovered and reported to the relevant authorities thanks to research conducted in accordance with the described methodology.\",\"PeriodicalId\":54347,\"journal\":{\"name\":\"IEEE Internet of Things Journal\",\"volume\":\"12 11\",\"pages\":\"18209-18219\"},\"PeriodicalIF\":8.9000,\"publicationDate\":\"2025-02-10\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Internet of Things Journal\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10878964/\",\"RegionNum\":1,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Internet of Things Journal","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10878964/","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

本文描述了用于控制物联网（IoT）设备的渗透测试移动应用程序的方法，这是测试物联网解决方案安全性的综合方法的一部分。本文展示了移动应用程序在物联网安全背景下的重要性，以及哪些元素构成了用户及其设备安全的基本支柱。作者根据被测试的应用程序和遇到的复杂情况，一步一步地描述了渗透测试过程的方法。本文还包括这类应用程序最常见的安全缺陷，以及它们如何对用户构成威胁的描述。它还显示了对物联网解决方案进行渗透测试的复杂性，因为为了获得可靠和完整的结果，必须交织在一起的各种程序和测试区域。本文最后描述了根据所描述的方法进行的研究发现并报告给有关当局的漏洞。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

IoT Mobile Applications Pentesting Methodology and Results of Research

This article describes the methodology of pentesting mobile applications used to control Internet of Things (IoT) devices, which is part of a comprehensive methodology for testing the security of IoT solutions. This article shows the importance of mobile applications in the context of IoT security and what elements constitute the essential pillars for the security of users and their devices. The authors describe the methods of the pentesting process step by step depending on the application being tested and the complications encountered. This article also includes the most popular security flaws of this type of application, along with a description of how they pose a threat to their users. It also shows the complexity of conducting pentests of IoT solutions due to the variety of procedures and test areas that must be intertwined in order to obtain reliable and complete results. This article concludes with a description of vulnerabilities discovered and reported to the relevant authorities thanks to research conducted in accordance with the described methodology.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

IEEE Internet of Things Journal Computer Science-Information Systems

CiteScore

17.60

自引率

13.20%

发文量

1982

期刊介绍： The EEE Internet of Things (IoT) Journal publishes articles and review articles covering various aspects of IoT, including IoT system architecture, IoT enabling technologies, IoT communication and networking protocols such as network coding, and IoT services and applications. Topics encompass IoT's impacts on sensor technologies, big data management, and future internet design for applications like smart cities and smart homes. Fields of interest include IoT architecture such as things-centric, data-centric, service-oriented IoT architecture; IoT enabling technologies and systematic integration such as sensor technologies, big sensor data management, and future Internet design for IoT; IoT services, applications, and test-beds such as IoT service middleware, IoT application programming interface (API), IoT application design, and IoT trials/experiments; IoT standardization activities and technology development in different standard development organizations (SDO) such as IEEE, IETF, ITU, 3GPP, ETSI, etc.