CPPJ

Cybersecurity Pedagogy and Practice Journal

Volume 2

V2 N2 Pages 39-67

Sep 2023


IoT Security Vulnerabilities Analysis by Reverse Engineering: A Face-recognition IoT Application-based Lab Exercises


Sam Elfrink
Southeast Missouri State University
Cape Girardeau, MO USA

Qiuyu Han
Heilongjiang University
Harbin, Heilongjiang, CN

Mario Alberto Garcia
Southeast Missouri State University
Cape Girardeau, MO USA

Xuesong Zhang
Southeast Missouri State University
Cape Girardeau, MO USA

Zhouzhou Li
Southeast Missouri State University
Cape Girardeau, MO USA

Abstract: The rapid growth of the Internet users and the proliferation of IoT devices in recent years has created a significant need for vulnerability detection and mitigation in these devices and their applications. Exposing computer science and cybersecurity students to these skills can help them strengthen their competencies in the industry. One approach that can be used to achieve this objective is reverse engineering, which involves gaining a thorough understanding of the relationship between the individual components of an IoT application. This paper presents lab exercises that teach students the concepts and practical techniques of reverse engineering for the purpose of detecting and mitigating vulnerabilities in IoT devices. The lab exercises are based on a real facial recognition web application hosted on a small IoT device, and they use both manual exploration and automated tools to provide students with a systematic and comprehensive understanding of reverse engineering. These well-designed, hands-on labs can meet the practical needs of cybersecurity education and inspire heuristic learning on difficult cybersecurity topics such as reverse engineering.

Download this article: CPPJ - V2 N2 Page 39.pdf


Recommended Citation: Elfrink, S., Han, Q., Garcia, M., Zhang, X., Li, Z., (2023). IoT Security Vulnerabilities Analysis by Reverse Engineering: A Face-recognition IoT Application-based Lab Exercises. Cybersecurity Pedagogy and Practice Journal2(2) pp 39-67. http://CPPJ.org/2023-2/ ISSN : 2832-1006.