The Internet of Things (IoT) has become pervasive in modern life, with an ever-expanding market. These devices serve a variety of purposes, aiding and accompanying users in daily activities. However, as they frequently communicate with other devices, such as smartphones running companion apps, they present a significant attack surface. Furthermore, their constrained resources—limited computational power, battery capacity, and cryptographic support—make them attractive targets for malicious actors. For instance, adversaries could compromise the privacy of fitness trackers by leaking sensitive health data, undermine the security of FIDO2 authenticators, or jeopardize the availability and safety of electric scooters, potentially resulting in hazardous outcomes such as fire risks.
Conventional security solutions used in the web domain, such as TLS and certificate-based authentication, are often unsuitable for IoT connectivity. Instead, IoT devices typically rely on vendor-specific, application-layer protocols operating over standard transport layers such as Bluetooth, Bluetooth Low Energy (BLE), NFC, or USB. These protocols reinvent standard security mechanisms—such as key agreement, authentication, session management, and encryption—with varying degrees of success, often introducing significant vulnerabilities. Gaining a comprehensive understanding of these protocols typically requires extensive reverse engineering and manual analysis.
In this thesis, we examine a diverse range of IoT devices, spanning various levels of complexity and security robustness. We introduce Smart Testing tools designed to facilitate security assessments of these devices. Our evaluation focuses on the ecosystems of Xiaomi and Fitbit fitness trackers, Xiaomi electric scooters, and FIDO2 authenticators. Regardless of whether their underlying protocols are open-source (e.g., FIDO2) or proprietary (e.g., Xiaomi), or whether their hardware capabilities vary significantly (e.g., fitness trackers vs. electric scooters), we uncovered multiple protocol-level vulnerabilities. These weaknesses allowed us to compromise the security, privacy, availability, and safety of the devices, with tangible real-world consequences for both users and the broader vendor ecosystems.
Our Smart Testing tools not only enable the detection of these vulnerabilities but also provide advanced features that support future research. These include capabilities such as fitness tracker impersonation, firmware binary analysis for electric scooters, and the development of virtual environments for FIDO2 devices.
 
 
 
     
                       
                      