The majority of smart home solutions begin with downloading a mobile app to manage the smart home products. The mobile apps controlling the smart homes may provide convenience to quickly manage the security camera, garage door, house alarm, etc. However, do they hold up against modern malicious actors?

We can confirm the security of these mobile apps with open source tools to guide our security testing. Just as Metasploit brought us convenience in security testing, we now have mobile security testing tools like MobSF, Genymotion, Burp Suite, Postman, JADX, APKLeaks, etc.

In this presentation, I will outline a process to utilize the various tools to evaluate smart home products. I will review the process and details discovered during my testing of the smart home products in my house.

This presentation will focus on mobile apps as well as the APIs involved. API security testing requires more custom testing. We have some automated testing features but there is plenty of hunting needed for API testing.