Automated Security Audit Testbed For IP-Based IoT Devices Without Physical Access

The need for the Internet of Things (IoT) is increasing, and various manufacturers produce devices to cater to the demand. The manufacturers produce the device by considering the performance and cost but do not concentrate on security. Hence, security auditing of the device is required before or while using it in a real-time environment. This paper proposes a security audit testbed to test the security of IoT devices from protocol to the application perspective without accessing the device physically. The proposed testbed includes reconnaissance and penetration testing to identify the vulnerability of the devices. The audit results of multiple IoT devices are presented to show the impact of the proposed testbed in identifying the vulnerabilities. The comparison of security audit testbeds shows that the proposed testbed has more coverage to provide better audit results than others.