18. IoT Hacking
Steps Pen Testing IoT devices
1. discover IoT devices 2. hardware analysis 3. firmware and OS analysis 4. wireless protocol analysis 5. mobile application testing 6. web application testing 7. cloud services testing 8. document all the findings
OWASP Top 10 IoT Vulnerabilities
1. insecure Web interface 2. Insufficient authentication/ authorization 3. insecure network services 4. lack of transport encryption/ integrity verification 5. privacy concerns 6. insecure cloud interface 7. insecure mobile interface 8. insufficient security configuribility 9. insecure software/ firmware 10. poor physical security
IoT Architecture
Application Layer Middleware Layer Internet Layer Access Gateway Layer Edge Technology Layer
Exploit Kits
Attacker uses malicious script to exploit poorly patched vulnerabilities in an IoT device
Side Channel Attack
Attackers extract info about encryption keys by observing the emission of signal
Forged Malicious Devices
Attackers replace authentic IoT devices with malicious devices, if they have physical access to the network.
Sybil Attack
Attackers uses multiple forged identities to create a strong illusion of traffic congestion, effecting communication between neighboring nodes and networks
Short-range Wireless Communication
Bluetooth low energy Light-fidelity LiFi Near Field Communication QR Codes and Barcodes Radio Frequency Identification Thread Wifi Wifi Direct z-wave ZigBee
IoT Pen Testing
Close unused ports and unnecessary /unknown open ports Disable unnecessary service Provide protection against unauthorized access and usage of the device Design a mechanism for uninterrupted flow of info between two endpoints Provide protection against elevation of privileges Enhanced the device's data encryption policy Enhance the security of web application and provide data privacy Harden the overall device's security
IoT Threats
DDoS attacks Attack on HVAC systems Rolling code attack BlueBorn attack Jamming attack Remote access using backdoor Remote access using Telnet Sybil attack Exploit kits MITM Replay attack Forged malicious device Side channel attack Ransomware
IoT Attack Surface Areas
Device memory Ecosystem access control Device physical interfaces Device web interface Device firmware Device network services Administrative interface Local data storage Cloud web interface Update mechanism Third party backend APIs Mobile application Vendor backend APIs Ecosystem communication Network traffic
IoT Communication Models
Device-to-Device Model Device-to-Cloud Model Device-to-Gateway Model Back-End Data-Sharing Model
IoT Framework Security Considerations
Edge communications encryption storage encryption update components no default passwords Gateway multi-directional encrypted communications strong authentication of all the components automatics updates Cloud Platform encrypted communications secure web interface authentication encryption storage automatic updates Mobile local storage security encrypted communications channels multi-factor authentication account lockout mechanism
Wired Communication
Ethernet Multimedia over Coax Alliance MoCA Power-line Communication PLC
Medium-range Wireless Communication
Ha-low LTE advanced
IoT Hacking Methodology
Information gathering Vulnerability scanning Launch attacks Gain Access Maintain access
Challenges of IoT
Lack of security and privacy Vulnerable web interfaces Legal regulatory and rights issues Default, weak, and hardcoded credentials Clear text protocol and unnecessary open ports Coding errors Storage issues Difficult to update firmware and OS Interoperability standard issues Physical theft and tampering Lack of vendor support for fixing vulnerabilities Emerging economy and development issues
Long-range Wireless communication
Low-power Wide-area Networking LPWAN -loRa WAN -Sigfox -Neul Very small aperture terminal VSAT Cellular
Exploit HVAC
Many organizations use internet connected heating, ventilation, and air conditioning systems without implementing security mechanisms, giving attackers a gateway to hack corporate systems HVAC systems have many security vulnerabilities that are exploited by attackers to steal login credentials, gain access to HVAC system and perform further attack on the organization's network
BlueBorne Attack
Performed on Bluetooth connections to gain access and take full control of the target device It is a collection of various techniques based on the known vulnerabilities of Bluetooth protocol BlueBorne is compatible with all software versions and does not require any user interaction or precondition or configuration except that the Bluetooth being active After gaining access to one device, an attacker can penetrate into any corporate network using that device to steal critical information about the organization and spread malware to the nearby devices
IoT Operating Systems
RIOT OS ARM mbed OS RealSense OS X Nucleus RTOS Brillo Contiki Zephyr Ubuntu Core Integrity RTOS Apache Mynewt
IoT Internet of Things
Refers to the network of devices with an IP address that have the capability of sensing, collecting and sending data using embedded sensors, communication hardware and processors
Components of IoT
Sensing technology IoT Gateways Cloud Server/ Data Storage Remote Control using Mobile App
Jamming Attack
Type of attack in which the communication between wireless IoT devices are jammed in order to compromise it An attacker transmits radio signal randomly with a frequency as the sensor nodes are sending signals for communication As a result the network gets jammed making endpoints unable to send or receive any message
Rolling Code Attack
Use locking smart system that includes RF signal transmitted in the form of a code from a modern key fob that locks or unlocks the vihicle This code which locks or unlocks a car or a garage is called as Rolling Code or Hopping code Attacker using jammer to thwart the transmission of a code from the key fob to the receiver in the vehicle After obtaining the code, an attacker can use t o unlock can use it to unlock and steal the vehicle