Projecte llegit
Títol: Security assessment of package locker
Estudiants que han llegit aquest projecte:
HUARTE DOMEC, ARÁN (data lectura: 04-07-2025)- Cerca aquest projecte a Bibliotècnica

Director/a: LEÓN ABARCA, OLGA
Departament: ENTEL
Títol: Security assessment of package locker
Data inici oferta: 25-02-2025 Data finalització oferta: 25-02-2025
Estudis d'assignació del projecte:
GR ENG TELEMÀTICA
Tipus: Individual | |
Lloc de realització: ERASMUS | |
Paraules clau: | |
Security assessment, cybersecurity, encryption, BLE, reverse engineering | |
Descripció del contingut i pla d'activitats: | |
Overview (resum en anglès): | |
This report presents a security assessment of SwipBox's Infinity parcel locker system, with a focus on the Bluetooth Low Energy communication between user's mobile device and the unmanned lockers.
The assessment employed reverse engineering and static code analysis of SwipBox's SDK for android applications to understand the communication flow. While Bluetooth Low Energy traffic analysis revealed that the system lacks standard pairing and encryption protocols. A test bed consisting of three nRF52820 microcontrollers was developed to emulate a phone, locker and an attacker. Testing demonstrated that Man-in-the-Middle attacks could successfully intercept authentication challenges and parcel tokens, which would enable potential unauthorized access to parcels. Proposed mitigation strategies include timeout mechanisms, preshared secret keys for nonce signing, and use of signed certificates. While some of solutions may conflict with low-energy requirements, implementation of appropriate countermeasures may be needed to address identified vulnerabilities. The findings highlight a potentially critical security gap. Future research should include direct testing of the actually system to validate these theoretical vulnerabilities. |