Abstract | IoT nije bez razloga prozvan 4. industrijskom revolucijom. Definitivno je prisutan u svim poljima, od kućanstva, autoindustrije, financija, zdravstva, pametnih gradova, energetike i brojnih drugih područja. Cilj je IoT-a povezati nepovezano tako da je sve međusobno umreženo, integrirano i dostupno na Internetu. U konačnici, smisao Interneta stvari je omogućiti ljudima putem ICT tehnologija živjeti kvalitetnije, raditi pametnije, generirati prihode i smanjiti troškove. Kroz rad predstaviti će se važnost i značaj Interneta stvari, no inicijalna ideja je sagledati koliko su sigurni i ranjivi sami IoT uređaji. Činjenica je da su IoT uređaji u zadnje vrijeme bili meta cyber napada ili su ih pak napadači koristili kao alate za daljnje napade. Kroz rad izvršeno je testiranje IoT uređaja i provjera ranjivosti neposredno po otvaranju uređaja, a kao primjer IoT uređaja u testiranju korišten je sustav videonadzora, od tri mrežne kamere i mrežnog snimača. Testirani su uređaji na zadane zaporke, napad rječnikom u online modu, automatizirani test na poznate ranjivosti, test napada uskraćivanja usluge ili DoS napad i analiza firmvera. U drugom dijelu praktičnog rada izvršena je analiza sustava videonadzora putem IoT Shodan tražilice. Zaključak testiranja ukazuje na znakovite slabosti unutar sigurnosnog sustava videonadzora. |
Abstract (english) | IoT was not without reason called the 4th Industrial Revolution. It is present in all fields, from a household, auto-industry, finance, healthcare, smart cities, energy, and many other areas. The goal of IoT is to connect unconnected so that everything is networked, integrated and accessible on the Internet. Ultimately, the point of the Internet of Things is to enable people through ICT to live better lives, work smarter, generate revenue and reduce costs. Through the work, the reality and importance of the Internet of Things will be presented, but the initial idea is to find out how secure and vulnerable IoT devices are. IoT devices have been the target of cyberattacks lately or have been used by attackers as tools for further attacks. In this paper, a video surveillance system was used as an IoT example and out of the box tested for vulnerabilities. Three IP cameras and network video recorder were tested for default passwords, dictionary attack in online mode, automated test for known vulnerabilities, denial of service attack test and firmware analysis. In the second part of this paper, an analysis of the video surveillance system was performed through the IoT Shodan search engine. The conclusion of the test points to several weaknesses within IoT video surveillance systems. |