| dc.contributor.author | Allen, Ashley | |
| dc.contributor.author | Mylonas, Alexios | |
| dc.contributor.author | Vidalis, Stilianos | |
| dc.contributor.author | Gritzalis, Dimitris | |
| dc.contributor.editor | Talamo, Maurizio | |
| dc.date.accessioned | 2024-09-10T12:00:03Z | |
| dc.date.available | 2024-09-10T12:00:03Z | |
| dc.date.issued | 2024-08-23 | |
| dc.identifier.citation | Allen , A , Mylonas , A , Vidalis , S , Gritzalis , D & Talamo , M (ed.) 2024 , ' Security Evaluation of Companion Android Applications in IoT: The Case of Smart Security Devices ' , Sensors , vol. 24 , no. 17 , 5465 . https://doi.org/10.3390/s24175465 | |
| dc.identifier.issn | 1424-3210 | |
| dc.identifier.other | Jisc: 2242137 | |
| dc.identifier.other | publisher-id: sensors-24-05465 | |
| dc.identifier.other | ORCID: /0000-0001-8819-5831/work/167438522 | |
| dc.identifier.uri | http://hdl.handle.net/2299/28157 | |
| dc.description | © 2024 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/). | |
| dc.description.abstract | Smart security devices, such as smart locks, smart cameras, and smart intruder alarms are increasingly popular with users due to the enhanced convenience and new features that they offer. A significant part of this convenience is provided by the device’s companion smartphone app. Information on whether secure and ethical development practices have been used in the creation of these applications is unavailable to the end user. As this work shows, this means that users are impacted both by potential third-party attackers that aim to compromise their device, and more subtle threats introduced by developers, who may track their use of their devices and illegally collect data that violate users’ privacy. Our results suggest that users of every application tested are susceptible to at least one potential commonly found vulnerability regardless of whether their device is offered by a known brand name or a lesser-known manufacturer. We present an overview of the most common vulnerabilities found in the scanned code and discuss the shortcomings of state-of-the-art automated scanners when looking at less structured programming languages such as C and C++. Finally, we also discuss potential methods for mitigation, and provide recommendations for developers to follow with respect to secure coding practices. | en |
| dc.format.extent | 19 | |
| dc.format.extent | 289500 | |
| dc.language.iso | eng | |
| dc.relation.ispartof | Sensors | |
| dc.subject | cybersecurity | |
| dc.subject | Android | |
| dc.subject | smart home | |
| dc.subject | software development | |
| dc.subject | IoT | |
| dc.subject | SAST | |
| dc.subject | Analytical Chemistry | |
| dc.subject | Information Systems | |
| dc.subject | Atomic and Molecular Physics, and Optics | |
| dc.subject | Biochemistry | |
| dc.subject | Instrumentation | |
| dc.subject | Electrical and Electronic Engineering | |
| dc.title | Security Evaluation of Companion Android Applications in IoT: The Case of Smart Security Devices | en |
| dc.contributor.institution | Cybersecurity and Computing Systems | |
| dc.contributor.institution | Department of Computer Science | |
| dc.contributor.institution | School of Physics, Engineering & Computer Science | |
| dc.contributor.institution | Centre for Computer Science and Informatics Research | |
| dc.description.status | Peer reviewed | |
| dc.identifier.url | http://www.scopus.com/inward/record.url?scp=85203866452&partnerID=8YFLogxK | |
| rioxxterms.versionofrecord | 10.3390/s24175465 | |
| rioxxterms.type | Journal Article/Review | |
| herts.preservation.rarelyaccessed | true | |
