K. Thornton, R. Whitfield, S. Reeves
The widespread adoption of Internet of Things devices in residential and commercial environments has increased the risk for cyberattacks, creating an urgent demand for professionals skilled in firmware analysis and embedded systems security. Preparing computer science and cybersecurity students with practical experience in these areas remains a persistent challenge in higher education. This paper presents a structured pedagogical framework comprising five progressive laboratory exercises that guide students through the process of analyzing, testing, and securing a representative smart-home monitoring prototype built on a low-cost microcontroller platform. The exercises employ a combination of static firmware inspection, dynamic behavioral testing, and network traffic analysis to expose vulnerabilities across multiple architectural layers of the web application embedded in the device. By working through these exercises, students gain hands-on competence in firmware extraction, credential exposure analysis, input validation assessment, and protocol-level weakness identification. The framework is designed for integration into undergraduate cybersecurity curricula and uses affordable, readily available hardware to minimize barriers to adoption. A pilot evaluation with upper-division students indicates gains in self-reported competence while highlighting the need for larger studies using objective assessment measures. The laboratory structure, setup requirements, and assessment approach are described to support curricular adoption and replication.
Pearl Academic Publishing. All rights reserved.
Content is licensed under a Creative Commons Attribution 4.0 License (CC-BY).
Privacy Policy | Terms of Service