Chapter 14 Cloud Computing and Internet of Things

Denial of service (DoS) and distributed denial of service (DDoS)

A Denial of Service (DoS) attack is intended to overwhelm a system so that it is inaccessible. DoS attacks are executed by flooding the cloud infrastructure, such as CPU and memory, with so many malicious requests that the server stops processing legitimate requests and users are unable to gain access. If the attack is completed using a network of compromised machines (a botnet), then it is a DDoS.

Wrapping attack

A wrapping attack involves duplicating the body of a Simple Object Access Protocol (SOAP) message in the TLS layer, then sending it to the server as a legitimate user.

ARM mbed OS

ARM mbed OS is used primarily with low-power devices such as wearable devices.

Account and service traffic hijacking

Account and service traffic hijacking happens when the hacker exploits application weaknesses to take control of an account. A hacker may then launch a number of attacks, including phishing, sniffing, and man-in-the-middle. Strong passwords and encryption; finding and fixing software flaws continuously.

Cryptanalysis

All potentially sensitive data in the cloud should be protected by encryption. However, if the encryption is weak or flawed, attackers are able to break the encryption and access the data. There are many methods for breaking cryptography.

Apache Mynewt

Apache Mynewt was created specifically for devices that work on the BLE protocol.

Service hijacking through network sniffing

Attacker uses packet sniffers such as Wireshark or Cain and Abel to intercept and monitor traffic transmission between two cloud nodes. The attacker's intent is to discover and then use sensitive data such as passwords, session cookies, and other security configurations such as UDDI, SOAP, and WSDL.

Vulnerability scanning

BeyondTrust, a cybersecurity company, has a product named Retina IoT scanner. Retina IoT scanner gives an attacker's view of all IoT devices and their vulnerabilities across network, web, mobile, cloud, and virtual infrastructures. It uses server banner and header data to determine the make and model of each IoT device. Then Retina IoT performs a test to check whether the devices are using default or hard-coded credentials for Telnet, SSH, or basic HTTP authentication, which are the easiest to hack. Basically, the hacker uses this tool by simply specifying a target IP or an IP range and Retina IoT detects vulnerabilities that can be exploited.

BlazeMeter

BlazeMeter is meant for end-to-end performance and load testing. You can use it with mobile apps, websites, and APIs. BlazeMeter is JMeter compatible. It can simulate up to 1 million users, which makes realistic load tests easier. It also has performance monitoring as well as real-time reporting.

Bluetooh Low Energy (BLE)

Bluetooth Low Energy (BLE), also known as Bluetooth Smart, is a wireless, personal area network protocol. It supports low-power, long-use IoT needs. It can be used in such sectors as healthcare, security, entertainment, and fitness.

Brillo

Brillo is an android-based embedded OS. It's used for low-end devices.

Censys

Censys is a public search engine and data processing company. They get their data by scanning the internet continuously. Censys can detect specific vulnerable devices and networks. It then creates statistical reports on broad usage patterns and trends. Censys monitors the internet non-stop in real time, then analyzes the data it discovers. Censys allows its users to see the extent to which any given network could be exploited. It also finds new threats and assesses their global impact. Another interesting thing about Censys is that it gathers data on hosts and websites by using ZMap and ZGrab to scan the IPv4 address space every day. By doing so, these programs can keep a database of host and website configurations.

Contiki

Contiki is used for low-power wireless devices. Those devices include street lighting and monitoring systems.

Corrective

Corrective controls lessen the aftermath of an incident by limiting the damage.

Middleware

Covers the processes that happen in the cloud. It allows in-depth processing, data management, device management, data aggregation, data filtering, device information discovery, access control, and revision for feedback. This layer acts as the interface between the hardware and application layers; that's why it's called the middleware layer. Once all the quality standards and requirements are met, the processed and analyzed data is ready to be sent back to the devices.

IoT attacks

DDoS attack exploiting HVAC Ransomware attack

Data breach or loss

Data breach or loss can happen in a few different ways. Data can be erased, changed, or decoupled. Encryption keys can be stolen or lost. Data could also be accessed illegally because of weak authentication, authorization, and access controls. Cloud data encryption; strong key generation, storage, and management; design and runtime protection for data.

Natural disasters

Data centers can be affected by floods, lightening, earthquakes, and other natural disasters that could lead to service and data loss. Data center located in safe geographical area; have backups at different locations; mitigation measures; disaster recovery plan.

Clear text protocols and open ports

Data encryption and decryption is an ongoing process. Most IoT network sensors are not capable of supporting this process, which means that most data is being transferred and received as clear text. In addition, many times, ports listening to the internet are left open continuously. Both of these factors make the data extremely weak against theft, breaches, and other malicious acts.

Software as a Service (SaaS)

Delivers software applications to the client either over the internet or on a local area network. SaaS can be: simple multi-tenancy, fine grain multi-tenancy

Denial of service

Denial of service attacks are less likely to happen in a cloud environment, but they still occur and can cause a lot of damage. Implement security best practices; monitor environment for unauthorized activity; secure authentication and access control.

Detective

Detective controls identify and take action as needed when incidents happen.

Deterrent

Deterrent controls make the system more difficult to attack and, therefore, decrease attacks.

Gain remote access

During an attack, the hacker's main goal is to remotely gain access to a device, then launch and control an attack while remaining undetected. Depending on the weaknesses found in the device, the hacker might use the device as a backdoor to gain access to a network without infecting systems protected by a firewall, antivirus software, or an IDS/IPS. Once the hacker has established remote access through an IoT device, it can be used to launch attacks on other devices within the network.

Difficult-to-update firmware and OS

Each device should undergo proper testing before being released to the market, and updates should happen regularly. There are a few reasons why updates happen infrequently, if at all, including: The update might break the device's functionality. Most manufacturers are more concerned with producing and releasing products faster than their competition, so they don't take time to consider updates or security risks. Manufacturers often stop releasing updates and support for devices once they start a new project. Many IoT devices use unsupported legacy Linux kernels.

Ethernet

Ethernet is a group of networking technologies. It's the most commonly used protocol in networking.

National Institute of Standards and Technology Guidelines

Evaluate risks involving the client's data, software, and infrastructure. appropriate deployment model according to the client's needs. Implement audit procedures for data protection and software isolation. Renew SLA to cover security gaps incident detection and reporting know security objectives of the organization. Establish responsibility for data privacy and security issues in the cloud.

Exploiting HVAC

HVAC stands for heating, ventilation, and air conditioning. HVAC includes different systems, machines, and technologies that provide comfort through environmental regulation in most indoor settings. Hackers exploit HVAC systems to retrieve confidential information from users as well as to take over a network.

HaLow

HaLow is a branch of Wi-Fi with extended range. It's most useful in rural areas because it uses low data rates, allowing it to reduce power requirements and cost of transmission.

Information gathering

Hackers look for IP addresses, types of devices, protocols used, open ports, manufacturing company, manufacturing number, device locations, and other details that can help determine weaknesses available for exploitation. Tools such as Shodan, Censys, and Thingful can search the internet and gather information about potential targets. These tools use a process called banner grabbing. Banners are text-based information files that display a lot of system information such as OS version, services, domain and host names, organizations, countries, passwords, port numbers, and so on. These tools go around the internet interrogating ports and collecting these banners. They then display the information gathered on the screen for the hacker. An alternative to banner grabbing is to sniff network communication to detect devices. Some of the best tools for IoT sniffing are Foren6, Zniffer, CloudShark, and Wireshark.

Cloud models

IaaS PaaS SaaS

Session hijacking through session riding

In a session riding attack, the hacker tricks a user with an active computer session into visiting a malicious website. When the user logs in, the malicious website executes the request so that the user can't tell anything is wrong. The hacker then uses the information obtained to steal data.

Session hijacking through XSS attack

In an XSS attack, the hacker uses cross-site scripting to gain elevated access to session cookies, web page content, and other sensitive information.

Gateway system

In order to send data to the cloud, IoT devices need a connection of some kind. They could be connected via cellular, satellite, Wi-Fi, Bluetooth, LPWAN, or Ethernet. Each connection type offers different advantages and disadvantages regarding bandwidth, range, and power consumption. We will talk more in depth about these later in the lesson.

Device-to-cloud

In the device-to-cloud model, devices communicate directly with the cloud when sending data and receiving commands, not the user. Typical communication protocols used with this model are Wi-Fi, Ethernet, and cellular.

Device-to-gateway

In the device-to-gateway model, the device interacts with an intermediate device, or gateway, which then contacts the cloud to send and receive data. There is no direct contact with the cloud or the user. The gateway in this kind of model could be a smart phone or hub. The purpose of the gateway is to provide security and protocol translation. The most commonly used protocols in this model are Zigbee and Z-wave.

DDoS attack

In this attack, the hacker exploits vulnerabilities to take over and use all the devices in the IoT network as a zombie army to target a server or system. When this happens, services on the device are unavailable.

DNS poisoning

In this attack, the hacker replaces legitimate sites on the DNS server or the user's DNS cache with fake websites. When the user enters the URL of a legitimate site, the system is directed to a malicious site.

Cybersquatting

In this attack, the hacker uses a phishing scam that contains a domain name that is almost the same as the cloud service provider in an attempt to direct the user to a malicious website.

Ransomware attack

In this malware attack, the hacker utilizes encryption to deny a user access to the device by locking files or even the screen.

Injection

In this type of attack, a hacker injects malicious code to trick an application into performing actions it wouldn't otherwise perform. Some of the most common injection attacks use Structured Query Language (SQL) and Lightweight Directory Access Protocol (LDAP). SQL injection involves a hacker inserting an SQL malicious statement that exposes content being sent to an application. LDAP works in a similar way, but it targets a directory system. For example, the hacker could insert malicious code into a form that accepts usernames. If the form input is unsecure, it will execute the malicious code and expose the usernames. The best protection against injection attacks is to validate and sanitize data. Validating means to reject suspicious data. Sanitizing means getting rid of suspicious parts of the data. Additionally, setting controls that limit the amount of information that can be exposed by injection can be helpful.

IoT hacking methodology

Info gathering vuln scanning launch attacks gain remote access maintain access

Devices

IoT devices are built with sensors that capture data. These sensors can be included in such devices as cameras, GPS systems, temperature reading equipment, and heart monitoring equipment. The sensors in the device collect data and send it to the cloud.

Poor security or lack of due diligence

Knowledge and understanding of content security policies in a cloud environment are essential. Lacking them creates several risks for operational responsibilities like security, encryption, and incident response among others. Research risks; CSP due diligence; capable resources.

LTE-Advanced

LTE-Advanced is a mobile communication standard. It improves traditional LTE by providing higher capacity for data rate, extended range, efficiency, and performance.

Application

Last one in the IoT architecture. Its primary responsibility is to deliver the analyzed and processed data from the previous step to the end user. Then the user checks the data it receives and manages it with new commands to the devices or sensors. The process then restarts from the beginning.

Li-Fi

Light-Fidelity (Li-Fi) is very similar to Wi-Fi. The two key differences are speed and mode of communication. Li-Fi is a visible light communications (VLC) system. It uses light bulbs to transfer data at a high speed of 224 Gbps.

Security tools for the cloud

LoadStorm LoadStorm is a load-testing tool for web and mobile applications. It's not very expensive, and it is very easy to use. It checks performance while the application is experiencing traffic. It's able to find the breaking point of an application. It's very customizable.

Long-Range Technology and Protocols

Long-range protocols have a range up to several thousand kilometers. The following table describes long-range protocols in use.

Low power wide area networking (LPWAN)

Low power wide area networking (LPWAN) is a wireless telecommunication network. The three protocols associated with LPWAN are: Low power wide area network (LoRaWAN) provides secure two-way communication for IoT devices. Typical applications are mobile, industrial machine-to-machine, smart cities, and healthcare. Sigfox works well for devices with small battery life that need to transfer low-level data. Neul uses a small part of the TV white space spectrum and delivers high-quality, high-power, high-coverage networks at a low cost.

Long range tech and protocols

Low power wide area networking LPWAN very small aperture terminal VSAT Cellular

Malicious insiders

Malicious insiders are usually resentful people who have some kind of connection with a company or cloud service. These people are usually current or former employees, contractors, or business partners. They usually have authorized access to cloud resources and perform malicious acts. Strict supply chain management; comprehensive supplier assessment; HR resource requirements; transparent information security and management; compliance reporting; security breach notification process.

Sensitive data exposure

Man-in-the-middle attacks are possible when sensitive data is not properly secured by applications. Encrypt all sensitive data stored or in transit and avoid caching it as much as possible. Discard sensitive data as soon as possible.

Default, weak, and hardcoded credentials

Many IoT devices allow weak or default passwords, which are easily broken by hackers. One problem is that there's no set regulation for IoT authentication, only guidelines. Some ways to strengthen authentication on IoT devices are two-factor authentication (2FA) and enforcing strong passwords or certificates.

Insufficient logging and monitoring

Many applications don't log or monitor code activity enough. Therefore, it can take weeks or months before a breach is detected. This allows hackers to execute persistent attacks and cause a lot of damage. Implement detailed logging and monitoring. Having an incident response plan is also very helpful.

Medium-Range Technology and Protocols

Medium-range protocols provide connectivity up to 100 meters. The following table describes medium-range protocols in use.

Vulnerable web interfaces

Most IoT devices are made with embedded server technology. Although it's more practical and user friendly, it makes the devices vulnerable to attacks such as ransomware. Implementing secure authentication for both users and apps can help avoid ransomware attacks.

Components with known vulnerabilities

Most web application developers use libraries and frameworks while building their web applications. The libraries and frameworks save time and effort by avoiding redundant work and supplying necessary functionality. However, many hackers look for weaknesses in those libraries and frameworks to perform massive attacks. Most libraries and frameworks are updated and patched regularly to provide better security. The problem is that web application developers sometimes don't have the most recently updated version of the components running on their app. The best way to prevent this problem is for web application developers to remove all unused components from their apps. They should also verify that they are using components from a trusted source and the components are the most recently updated version.

Multimedia over Coax Alliance (MoCA)

Multimedia over Coax Alliance (MoCA) technology uses existing coaxial cables to provide high-definition content.

Short range tech and protocols

NFC RFID BLE li-fi QR/barcodes Thread, Zigbee, Zwave Wifi Wifi direct

Near-field communication (NFC) and radio-frequency identification (RFID)

Near-field communication (NFC) and radio-frequency identification (RFID) are two very simple, low-energy, and versatile protocols. RFID uses two-way radio transmitter receivers to identify and track object tags. NFC uses magnetic field induction to communicate between mobile and standard electronic devices.

Nexpose

Nexpose is used as a vulnerability scanner. It detects weaknesses, misconfigurations, and missing patches. It may be used with firewalls, virtualized systems, and cloud infrastructure. It can be used to detect virus, malware, backdoors, and web services linked to malicious content.

Nucleus and Integrity RTOS

Nucleus and Integrity RTOS are both used in the aerospace, industrial, automotive, and medical sectors.

Data storage

Once the data reaches the cloud, it is processed and analyzed by software. Examples include that the temperature reading is checked, trespassers are detected on the security camera video feed, and your location is determined on a GPS device. After the received data is processed completely, the result or conclusion is sent to the device application server and interface.

Maintain access

Once the hacker has established remote access and attacks are being launched, it becomes imperative to maintain access for as long as possible. The longer the hacker maintains control of a system, the more elaborate his attacks will become. Some ways to remain undetected are clearing the logs, updating firmware, and using tools like Trojans and backdoors. Hackers also use tools like Firmware Mod Kit, Firmalyzer Enterprise, and Firmware Analysis Toolkit to continue exploiting the firmware in the device or devices being hacked. For example, Firmware Mod Kit lets a hacker deconstruct and reconstruct firmware images for several embedded services. This kit focuses more on Linux-based routers. However, it can work with most firmware that uses common formats and file systems like TRX/ulmage and SquashFS/CramFS.

Launch attacks

Once the hacker knows the devices that are available for attack and what vulnerabilities can be exploited, the next step is to launch a planned attack. Some of the most common attacks on IoT devices and systems are DDoS, rolling code, jamming signal, Sybil, Man-in-the-middle, data theft, and identity theft. There are tools that help with launching attacks. For example, the RFCrack tool makes it possible to perform rolling code attacks, replay attacks, and jamming attacks on devices. There's also a tool called KillerBee that specializes in attacking Zigbee and other IEEE 802.15.4 networks. 802.15.4 networks, including Zigbee, are low power, low data rate, and close proximity (personal area) wireless ad hoc networks.

Physical layer

Physical layer security measures focus on data centers, physical resources, and cloud infrastructure. These security measures include physical plant security, fences, walls, barriers, security guards, gates, camera surveillance, and physical authentication mechanisms.

Power Line Communication (PLC)

Power Line Communication (PLC) uses electrical wires to transmit power and data from one point to another. PLC is used in different sectors like automation, industry, and broadband over power lines (BLP).

Preventive

Preventive controls harden the system against attacks, as well as recognize and stop attacks.

Security guidelines for cloud service

Provide rigorous security for data stored in the cloud. Engineer, operate, and integrate the security management process into the operational process. Use symmetric and asymmetric cryptographic algorithms to optimize data security. Quality of Service (QoS) process in order to maintain SLA disaster recovery plan for the stored data. Respond to new requests quickly. Add load balancing to the cloud services to ensure maximum throughput. Invest in higher multi-tenancy architectures to maximize utilization of cloud resources and to better ensure data and application security.

Qualys Cloud Perform

Qualys Cloud Perform is an end-to-end security solution that gives continuous assessment. It's able to see all system assets, no matter where they reside.

QR and barcodes

Quick Response (QR) codes and barcodes are tags attached to products. They are machine readable and contain information about the product. A QR code is two-dimensional and can be scanned using smart phones. Barcode codes are one- or two-dimensional.

IoT OS

RIOT ARM mbed OS RealSense OS X Nucleus and Integrity RTOS Brillo Contiki Zephyr Ubuntu Core Snappy Apache Mynewt

RIOT OS

RIOT OS requires less resources and is energy efficient. It's used on embedded systems, actuator boards, sensors, and similar objects.

RealSense OS X

RealSense OS X is used in Intel's depth sensing technology. It's used with cameras, sensors, and other devices of this nature.

Application layer

Security at the application layer involves putting in place policies that comply with industry standards such as OWASP. Examples of application layer controls are Software Development Life Cycle (SDLC), binary analysis, scanners, firewalls, and so on.

Service hijacking through social engineering

Service hijacking through social engineering entails the attacker using approaches such as pharming, phishing, and exploitation of software to steal credentials from either a Credential Service Provider (CSP) or the client. After stealing a client's credentials, an attacker is able to access the cloud and perpetrate exploits.

Multi-tenancy

Since resources are shared between clients in a multi-tenant environment, this kind of situation can lead to data leak or breach. Sometimes it's accidental, but it is often intentional. End-to-end protection.

Lack of security and privacy

Smart devices collect important data for many reasons, such as improving efficiency, enhancing experience, improving service, and assisting decision-making. The problem is that most IoT devices and services lack the most basic security and privacy policies required to protect all this data. It's imperative to store and process data securely across the network. This means redacting or obfuscating sensitive data before storing it. An alternative is to use data separation to decouple personally identifiable information from data payloads. Data that is not useful or is no longer important should be disposed of in a safe manner as well.

XML external entities (XXE)

Some applications use XML input to load the contents of external files. A hacker could exploit the XML processor by inserting malicious code that makes the processor send the content from the hard drive and other systems to the hacker. One remedy is to turn off the capability of using external entities in the XML processor . It's also a good idea to use Static Application Security Testing (SAST).

Unsecure interfaces and APIs

Some of the risks associated with unsecure interfaces and APIs are credential information leaks, facility breach, inadequate validation for input data, user defined policies being bypassed, passwords and tokens being reused, and having unknown API dependencies. Cloud provider interface's security model analysis; secure authentication and access controls; transit data encryption; API dependency chain analysis.

Back-end data-sharing

The backend data-sharing model is an expanded version of the device-to-cloud model. In this model, the data sent from the IoT device to the cloud can be accessed by authorized third parties.

Cellular

The cellular communication protocol can send and receive data over very long distances. It's used to send high-quality data. However, it's very expensive and consumes a lot of power.

Computation and storage

The cloud provider must have policies and procedures in place to protect data in storage. These policies and procedures could include backups, space availability, continuity of services, and so on. Some of the computation and storage controls include host-based firewalls, Host Intrusion Detection System/Host Intrusion Prevention System (HIDS/HIPS), encryption, and file/log management.

Device-to-device

The device-to-device model is used mostly for systems with devices transferring small data packets to each other at a very low data rate. The devices could include thermostat, light bulbs, door locks, cctv cameras, refrigerators, and wearable devices. These systems mostly use protocols such as Zigbee, Z-wave, or Bluetooth.

Management layer

The management layer involves all administrative tasks to promote continued, uninterrupted, and effective services. Good management controls include Governance, Risk, and Compliance (GRC); Identity and Access Management (IAM); variability-aware virtual memory management (VaVM); and patch management.

Network layer

The network layer implements policies and measures to prevent attackers from activities such as stealing, modifying, viewing, and redirecting data. Some of the network controls are Network Intrusion Detection Systems/Network Intrusion Protection Systems (NIDS/NIPS), deep packet inspection (DPI), firewalls, QoS, anti-Distributed Denial of Service (anti-DDoS), OAuth, and Domain Name System Security Extensions (DNSSEC).

Man-in-the-cloud attack

These attacks are very similar to man-in-the-middle attacks made in non-cloud environments. Man-in-the-middle attacks often involve stealing data from synchronization services such as Dropbox.

Domain snipping

This attack works by registering an elapsed domain name.

Domain hijacking

This attack works by stealing the domain name of the cloud service.

Security misconfiguration

This is a very common and easily detectable vulnerability. If an app implements a lot of default configurations or displays lengthy, detailed error messages, it can be exploited very easily. Remove all unused features in the code and make error messages very general and vague.

Remote control

This is when the user has a chance to interact with the device. App notifications, emails, and texts make the information gathered by the device available to the user. Using predefined rules set up by the user, the device can take action on its own instead of waiting for a command from the user. Another way of interacting with an IoT device is through an interface such as an app that allows the user to check on the system at any time without being prompted by the device itself. Often, users are able to give commands to IoT devices. In most cases, IoT devices can perform certain actions automatically.

Side channel or cross-guest VM breaches

This kind of attack typically puts a malicious virtual machine close to a target cloud server to obtain leaked data from CPU buffer zones and data processing operations. Inside the attack, the hacker runs a virtual machine on the physical host of a user's virtual machine. Then the hacker is able to access the physical resources, such as the cache, to obtain data and perform malicious acts.

Broken access control

This vulnerability has to do with users gaining access to other users' data or performing actions they don't have permissions for. Ensure that authorization tokens are used, and set tight controls on them.

Thread, Zigbee and Z-wave

Thread, Zigbee, and Z-wave are all radio protocols that create low-rate, private area networks. Their advantage is that although they're low-power, they offer high throughput. Thread uses an IPv6-based networking protocol. Zigbee is a short-range communication protocol based on the IEEE 203.15.4 standard. Z-wave is a low-power, short range communication protocol designed for home IoT systems.

Information layer

To protect information from being deleted, modified, or stolen, implement an information security management program (ISMP) that identifies and details physical safeguards, as well as technical and administrative defenses. Some of the information controls include Data Loss Prevention (DLP), Capability Maturity Framework (CMF), cryptography, and database activity monitoring.

Trusted computing

Trusted computing involves a computational environment that provides internal control, auditability, and maintenance so that the cloud is always available. Good security controls for trusted computing include hardware and software Roots of Trust (RoT) and Application Programing Interface (API).

Snappy

Ubuntu Core is used for home control, drones, robots, and industrial applications. Snappy provides a high-speed compression/decompression library.

Unsecure deserialization

Unsecure deserialization affects applications that serialize and deserialize data. This weakness allows a hacker to execute code in an application remotely, change or erase serialized objects, launch injection attacks, and elevate privileges. To avoid these problems, you can restrict the types of objects that are deserialized by the app and never allow the app to deserialize unstructured objects.

Very Small Aperture Terminal (VSAT)

Very Small Aperture Terminal (VSAT) uses small dish antennas to transfer both broadband and narrowband data.

Broken authentication

Weak authentication systems are vulnerable to attackers who steal genuine user identities and use them to access data or compromise a system. Use strong authentication and session management controls to protect user identities. FIDO, 2-factor authentication (2FA), and Rate Limit are good tools to consider.

Hardware failure

When hardware components such as servers or switches fail, cloud data cannot be accessed. Physical security program; pre-installed standby hardware devices.

Wi-Fi Direct

Wi-Fi Direct uses peer-to-peer communication without a set wireless access point. The devices in Wi-Fi Direct start communication only after an access point device has been selected within the system.

Wi-Fi

Wi-Fi is very commonly implemented in wireless local area networking. The most common Wi-Fi standard is the 802.11n standard, which has a maximum speed of 600 Mbps and a range of about 50 meters.

Cross-site scripting (XSS)

XSS vulnerabilities allow an attacker to insert malicious code into a URL path, onto a website, or into an application. They use this malicious code to extract sensitive data, spread malware, or perform other malicious acts. Escape from untrusted HTTP requests and validate or sanitize all content generated by the users. Frameworks such as ReactJS and Ruby on Rails are also helpful against cross-site scripting.

Z-Wave Sniffer

Z-Wave Sniffer (Zniffer) is a hardware tool that finds smart device traffic in a network. Some of its more prominent features are real-time monitoring; packet capture from all Z-wave networks; upgradeable firmware; support for Windows, MAC OS, and Linux; and compatiblity with all Z-wave controllers like Fibaro, Homeseer, Tridium Niagara, Z-Way, SmartThings, Vera.

Zephyr

Zephyr is for devices that are low-power and resource-constrained.

Public cloud

accessed by anyone. Cloud-based computing resources such as platforms, applications, and storage are made available to the general public by a cloud service provider. The service provider may or may not require a fee for using these resources. For example, Google provides many publicly accessible cloud applications, such as Gmail and Google Docs.

Cloud service reduce risk

authenticate all users segregate each organization data verify test apply infrastructure updates Establish formal process of service, breaches and events implement security monitoring implement encryption up to point of use (client browser) probe security holes comply with regulatory measures

beSTORM

beSTORM is a smart fuzzer that finds buffer overflow weaknesses. It automates and documents the process of delivering malicious input and then watches for unpredicted responses from an application. beSTORM can test over 50 protocols and still provide automated binary and textual analysis, advanced debugging, and stack tracing. Because of its automated protocol fuzzing techniques, beSTORM is a black-box auditing tool. It's very intelligent in its approach. First, it tries the most likely scenarios. Then it progresses through virtually every attack combination until it finds application glitches, which mean the combination attack was successful. This is a much faster approach to find security vulnerabilities than most other tools allow. beSTORM can be used with multiple processors or multiple machines to run a parallel processing audit, shortening the testing duration.

IoT hacking tools

censys z-wave sniffer beSTORM

Hybrid cloud

combination of public, private, and community cloud resources from different service providers. The goal behind a hybrid cloud is to expand the functionality of a given cloud service by integrating it with other cloud services.

Platform as a Service (PaaS)

delivers everything a developer needs to build an application. The deployment comes without the cost and complexity of buying and managing the underlying hardware and software layers.

Infrastructure as a Service (IaaS)

delivers infrastructure to the client, such as processing, storage, networks, and virtualized environments. The client deploys and runs software without purchasing servers, data center space, or network equipment.

Community cloud

designed to be shared by several organizations. Access is granted only to the users within the organizations who are sharing the community cloud infrastructure. Community clouds can be hosted internally, with each organization sharing the cost of implementation and maintenance. Because of the expense and expertise required to do so, community clouds are commonly hosted externally by a third party.

Iot Communication models

device to device device to cloud device to gateway back end to data sharing

Primary systems of IoT

devices gateway data storage remote control

Wired tech and protocols

ethernet multimedia over coax alliance MoCA Power line communication PLC

Medium range tech and protocol

halow LTE-advnaced

Edge technology

hardware parts in the IoT system. This means the sensors, RFID tags, readers, and others. This sensor hardware collects the data for the IoT device. The amazing thing about these sensors is that they're capable of converting the sensory information they capture into data for analysis. Some devices, known as acting devices, take action immediately based on the sensory input.

OWASP vuln

injection components with known vuln broken authentication sensitive data exposure XML external entity XXE broken access control security misconfig cross site scripting XSS unsecure deserialization insufficient logging and monitoring

IoT security challenges

lack of security and privacy difficult to update firmware and OS vuln web interfaces default weak and hardcoded credentials cleartext protocols and open ports

Internet

main bridge between two endpoints in an IoT system. It connects devices to other devices, the cloud, the gateway, and backend data sharing. This is when the data that was prepared in the previous step is sent to the middleware layer. Some systems may conduct advanced analytics and pre-processing during this stage.

Private cloud

provides resources to a single organization. Access is granted only to the users within the organization. Private clouds can be hosted internally. But because of the expense and expertise required to do so, they are typically hosted externally by a third party. An organization commonly enters into an agreement with a cloud service provider, which provides secure access to cloud-based resources. The organization's data is kept separate and secure from any other organization using the same service provider.

Cloud implementations

public private community hybird

Cloud advantages

rapid elasticity or scalable provisioning measured service resource pooling on demand computing (ODC) ease of use API availability ability to try out software

Access gateway

very important because the huge amount of information gathered on the first step is collected and then compressed to an optimal size for transmission and processing. This is also the stage when the data is converted to a digital form. This layer takes care of message routing, message identification, and subscription.