Ethical hacking for boosting IoT vulnerability management: a first look into bug bounty programs and responsible disclosure

  title={Ethical hacking for boosting IoT vulnerability management: a first look into bug bounty programs and responsible disclosure},
  author={Aaron Yi Ding and Gianluca Limon De Jesus and Marijn Janssen},
  journal={Proceedings of the Eighth International Conference on Telecommunications and Remote Sensing},
The security of the Internet of Things (IoT) has attracted much attention due to the growing number of IoT-oriented security incidents. IoT hardware and software security vulnerabilities are exploited affecting many companies and persons. Since the causes of vulnerabilities go beyond pure technical measures, there is a pressing demand nowadays to demystify IoT "security complex" and develop practical guidelines for both companies, consumers, and regulators. In this paper, we present an initial… 

Figures from this paper

Effective Cyber Security Using IoT to Prevent E-Threats and Hacking During Covid-19

In order to prevent cyber threats and hacking activities like SQL injection, Phishing, and DoS, this research paper has proposed a newer technique of the encryption process by using the python codes and shown the difference between typical conventional system and proposed system for understanding both the system in a better way.

A Survey on Ethical Hacking: Issues and Challenges

The main focus of this paper is to explain the technical and non-technical steps of penetration tests, to make existing systems and their corresponding data more secure, efficient and resilient.

SAFER: Development and Evaluation of an IoT Device Risk Assessment Framework in a Multinational Organization

Users of Internet of Things (IoT) devices are often unaware of their security risks and cannot sufficiently factor security considerations into their device selection. This puts networks,


Users of Internet of Things (IoT) devices are often unaware of their security risks and cannot sufficiently factor security considerations into their device selection. This puts networks,

Towards Resilient Critical Infrastructures – Motivating Users to Contribute to Smart Grid Resilience

This work investigates motivational strategies and tools, including nudging, persuasive technologies, and incentives, that can be leveraged to increase the motivation of citizens and discusses long-term and side effects and ethical and privacy considerations.

Analysis of Tizen Security Model and Ways of Bypassing It on Smart TV Platform

The article focuses on developing an algorithm that will allow us to gain root access to the smart TV and uses CVE-2014-1303 and CVE-2015-1805 bugs to bypass or disable security mechanisms in Tizen OS and finally gainRoot access.

Lean Privacy Review: Collecting Users’ Privacy Concerns of Data Practices at a Low Cost

Lean Privacy Review is introduced, a fast, cheap, and easy-to-access method to help practitioners collect direct feedback from users through the proxy of crowd workers in the early stages of design.

Automatic Symbol Resolution on Embedded Platforms by the Example of Smart TV Device

This article proposed two automatic symbol resolution methods designed for Smart TVs, and an original framework is presented, which automatically locates the desired function in the binaries based on characteristic strings used in or near searched function.



Understanding IoT Security Through the Data Crystal Ball: Where We Are Now and Where We Are Going to Be

This work aims to perform a comprehensive study on reported attacks and defenses in the realm of IoT aiming to find out what the authors know, where the current studies fall short and how to move forward, and identifies open research problems and suggestions towards a secure IoT ecosystem.


The ethics behind ethical hacking is explored and whether there are problems that lie with this new technology, which has brought many good things but also dark side: criminal hackers.

Securebox: Toward Safer and Smarter IoT Networks

This paper presents Securebox, an affordable and deployable platform for securing and managing IoT networks that empowers a cloud-assisted "charge for network service" model that is dedicated to budget and resource constrained IoT environments.

Security for the Internet of Things: A Survey of Existing Protocols and Open Research Issues

This survey analyzes existing protocols and mechanisms to secure communications in the IoT, as well as open research issues and analyzes the open challenges and strategies for future research work in the area.

Emerging Issues in Responsible Vulnerability Disclosure

This paper examines the impact of an early discovery, which can be encouraged with proper incentive mechanisms, on the release time of the patch, the grace period, and the social welfare, and explores the several policy implications of the results and their relationship with current disclosure practices.

The Rules of Engagement for Bug Bounty Programs

One way, taken by organizations, to manage bug bounty programs is to create rules that aim to regulate the behavior of white hats, but also bind these organizations to certain actions (e.g., level of bounty payments).

Ethical Hacking and Penetration Testing Guide

Requiring no prior hacking experience, Ethical Hacking and Penetration Testing Guide supplies a complete introduction to the steps required to complete a penetration test, or ethical hack, from

Real-Time IoT Device Activity Detection in Edge Networks

The results show that IoTguard achieves high accuracy, in differentiating various types of malicious and benign traffic, with low false positive rates, and has low resource footprint and can operate on OpenWRT enabled access points and COTS computing boards.

Banishing Misaligned Incentives for Validating Reports in Bug-Bounty Platforms

An economic framework is developed and a novel approach is introduced, which may improve efficiency by enabling different white hats to exert validation effort at their individually optimal levels.

BlackIoT: IoT Botnet of High Wattage Devices Can Disrupt the Power Grid

This work reveals a new class of potential attacks on power grids called the Manipulation of demand via IoT (MadIoT) attacks that can leverage such a botnet in order to manipulate the power demand in the grid.