Internet of Things security and privacy : exploration of vulnerabilities and extension of an existing honeypot

Internet of things (IoT) is the new trend in this connected world. The number of devices used for this purpose is exploding since several years. In addition, new protocols, hardware designs and Operating Systems emerged and are still emerging to respond effectively to the needs of this new trend. These innovations, as a lot of new vulnerabilities make their appearance, turn out to be a true opportunity for attackers to put their knowledge into practice and allowing them to do what they do best: obtain, destroy, or even reveal information without authorized access or permission. In a first step, this thesis aims at presenting common IoT technologies by making a survey of them and exposing some of the vulnerabilities they present grouped into well-known attacks. In a second step, the goal is to extend a low interaction honeypot based on MQTT by improving its level of interaction, trying to identify new kinds of attacks on the protocol and exposing the way of proceeding from an attacker viewpoint. The results obtained from the interactions with the honeypot are not in great numbers. However, they allow to understand the basic process conducted by attackers targeting MQTT. As the excitement for IoT is predicted to grow even more in the future, the one for MQTT should also follow the trend. For this reason, the honeypot might come in very handy in the process of fooling attackers that want to interact with the protocol and gathering interesting knowledge about their actions.