Scare stories around the Internet of Things (IoT) conjure up images of bad guys in hoodies, living for hacking and making the lives of other people harder, inventing millions of ways to infiltrate your life through your gadgets. Probably nobody cares about his smart-home security, but what about Smart-City threats, which affect billions people? A huge number of public IoT devices are vulnerable for potential abuse, potentially endangering users’ data, networks of companies they belong to, or both. Based on research of various public devices, such as terminals and cameras, we offer a methodology for security analysis of these devices, which would answer the following questions:
How easy it is to compromise a terminal in the park? What can hackers steal from there? What can be done with hacked device? How can the internal network of the installer organization be penetrated? How to protect public devices from attacks? How to protect public devices from attacks?