Comparison of Vulnerabilities from Smart Home Devices in Chinese and Global Market

Author

Yihe Jiang, William & MaryFollow

Date Thesis Awarded

5-2024

Access Type

Honors Thesis -- Access Restricted On-Campus Only

Degree Name

Bachelors of Science (BS)

Department

Computer Science

Advisor

Adwait Nadkarni

Committee Members

Timothy A. Davis

Gamze Bulut

Abstract

With the development of technology, lots of technology companies have introduced a variety of Internet of Things (IoT) devices to both Chinese and global markets. These devices, including smart lock devices, remote control of home automation system, not only offer convenience but also raise security and privacy concerns. This thesis will provide a comprehensive analysis of the mobile applications provided for smart home devices in the Chinese market, focusing on three aspects: cryptographic misuse, SSL misuse and permission misuse.

Cryptography misuse focuses on the incorrect selection of encryption and hashing methods. This vulnerability has the potential of sensitive data leaks. SSL misuse encompasses both improper validation of SSL certificates and the use of weak protocols, which may threaten the integrity and confidentiality of data in transit. Permission misuse indicates the case where applications request more permission than necessary or use combinations of permissions in a harmful manner, potentially leading to privacy violations and unauthorized access to user data.

The smart home devices are selected based on the criteria of application ranking. This methodology involves a systematic examination of these applications to find previously mentioned vulnerabilities in each category. The examination utilizes static analysis tools to examine the applications, providing a thorough understanding of their security situation.

Next, this thesis will focus on a comparative analysis of the selected applications provided in Chinese and international markets. This comparison aims to find differences in vulnerability types in applications and whether these differences correlate with market-specific regulations and policies. This comparison also reveals a divergent strategy adopted by different companies to prioritize security in their applications.

By detecting vulnerabilities and differences in different markets, this thesis seeks to contribute to IoT security and also provides further insight for developers into the market’s influence on smart home applications. This study provides further recommendations for companies and policymakers to enhance the security standards for smart home applications.

Recommended Citation

Jiang, Yihe, "Comparison of Vulnerabilities from Smart Home Devices in Chinese and Global Market" (2024). Undergraduate Honors Theses. William & Mary. Paper 2155.
https://scholarworks.wm.edu/honorstheses/2155