Ethical hacking for boosting IoT vulnerability management: a first look into bug bounty programs and responsible disclosure

  title={Ethical hacking for boosting IoT vulnerability management: a first look into bug bounty programs and responsible disclosure},
  author={Aaron Yi Ding and Gianluca Limon De Jesus and Marijn Janssen},
  journal={Proceedings of the Eighth International Conference on Telecommunications and Remote Sensing},
The security of the Internet of Things (IoT) has attracted much attention due to the growing number of IoT-oriented security incidents. IoT hardware and software security vulnerabilities are exploited affecting many companies and persons. Since the causes of vulnerabilities go beyond pure technical measures, there is a pressing demand nowadays to demystify IoT "security complex" and develop practical guidelines for both companies, consumers, and regulators. In this paper, we present an initial… Expand
A Survey on Ethical Hacking: Issues and Challenges
The main focus of this paper is to explain the technical and non-technical steps of penetration tests, to make existing systems and their corresponding data more secure, efficient and resilient. Expand
SAFER: Development and Evaluation of an IoT Device Risk Assessment Framework in a Multinational Organization
Users of Internet of Things (IoT) devices are often unaware of their security risks and cannot sufficiently factor security considerations into their device selection. This puts networks,Expand
Users of Internet of Things (IoT) devices are often unaware of their security risks and cannot sufficiently factor security considerations into their device selection. This puts networks,Expand
Towards Resilient Critical Infrastructures – Motivating Users to Contribute to Smart Grid Resilience
This work investigates motivational strategies and tools, including nudging, persuasive technologies, and incentives, that can be leveraged to increase the motivation of citizens and discusses long-term and side effects and ethical and privacy considerations. Expand
Lean Privacy Review: Collecting Users’ Privacy Concerns of Data Practices at a Low Cost
  • Haojian Jin, Hong Shen, Mayank Jain, Swarun Kumar, Jason I. Hong
  • Computer Science
  • ACM Trans. Comput. Hum. Interact.
  • 2021
Lean Privacy Review is introduced, a fast, cheap, and easy-to-access method to help practitioners collect direct feedback from users through the proxy of crowd workers in the early stages of design. Expand
Automatic Symbol Resolution on Embedded Platforms by the Example of Smart TV Device
This article proposed two automatic symbol resolution methods designed for Smart TVs, and an original framework is presented, which automatically locates the desired function in the binaries based on characteristic strings used in or near searched function. Expand


Understanding IoT Security Through the Data Crystal Ball: Where We Are Now and Where We Are Going to Be
This work aims to perform a comprehensive study on reported attacks and defenses in the realm of IoT aiming to find out what the authors know, where the current studies fall short and how to move forward, and identifies open research problems and suggestions towards a secure IoT ecosystem. Expand
an ethical hacker is a computer and network expert who attacks a security system on behalf of its owners, seeking vulnerabilities that a malicious hacker could exploit. Explosive growth of theExpand
Securebox: Toward Safer and Smarter IoT Networks
This paper presents Securebox, an affordable and deployable platform for securing and managing IoT networks that empowers a cloud-assisted "charge for network service" model that is dedicated to budget and resource constrained IoT environments. Expand
Security for the Internet of Things: A Survey of Existing Protocols and Open Research Issues
This survey analyzes existing protocols and mechanisms to secure communications in the IoT, as well as open research issues and analyzes the open challenges and strategies for future research work in the area. Expand
Emerging Issues in Responsible Vulnerability Disclosure
This paper examines the impact of an early discovery, which can be encouraged with proper incentive mechanisms, on the release time of the patch, the grace period, and the social welfare, and explores the several policy implications of the results and their relationship with current disclosure practices. Expand
The Rules of Engagement for Bug Bounty Programs
One way, taken by organizations, to manage bug bounty programs is to create rules that aim to regulate the behavior of white hats, but also bind these organizations to certain actions (e.g., level of bounty payments). Expand
Ethical Hacking and Penetration Testing Guide
Requiring no prior hacking experience, Ethical Hacking and Penetration Testing Guide supplies a complete introduction to the steps required to complete a penetration test, or ethical hack, fromExpand
Real-Time IoT Device Activity Detection in Edge Networks
The results show that IoTguard achieves high accuracy, in differentiating various types of malicious and benign traffic, with low false positive rates, and has low resource footprint and can operate on OpenWRT enabled access points and COTS computing boards. Expand
Banishing Misaligned Incentives for Validating Reports in Bug-Bounty Platforms
An economic framework is developed and a novel approach is introduced, which may improve efficiency by enabling different white hats to exert validation effort at their individually optimal levels. Expand
BlackIoT: IoT Botnet of High Wattage Devices Can Disrupt the Power Grid
This work reveals a new class of potential attacks on power grids called the Manipulation of demand via IoT (MadIoT) attacks that can leverage such a botnet in order to manipulate the power demand in the grid. Expand