Hackers of India

COMMSEC: IoT Hacking Simplified

By  Aseem Jakhar  on 14 Apr 2017 @ Hitb Sec Conf

This talk covers following tools where the speaker has contributed or authored
EXPLIOT

Presentation Material

Abstract

IoT is an emerging field and exploding with new products and innovation. The security of IoT products is still lagging behind for various reasons. One of the important reasons from security researcher’s perspective is the availability of security tools. If you have been pen testing IoT products you would agree that there are too many different tools required for the job and there is no single silver bullet. And when it comes to Smart Infrastructure, we do not have any existing solution similar IT penetration testing tools.

We starting looking at the learning curve and tools required for IoT security research and decided to create a framework that will enable the research community to speed up their research and pentesting effort. Say hello to “expliot” – IoT Exploit development Framework, right now in Beta phase, it will provide the building block for writing exploits and other IoT security assessment test cases with ease. Expliot will support most IoT communication protocols, firmware analysis, hardware interfacing functionality and test cases that can be used from within the framework to quickly map and exploit an IoT product or IoT Infrastructure.

In the presentation we will start with the problem statement followed by the architecture of expliot, how one can create test case with ease. We will then focus on IoT protocols such as mqtt, CoAP, etc describing the protocol internals, specific attacks along with demos from Rogue device perspective for example, sending malicious payloads in telemetry data, disconnecting legitimate sensors, using protocol discovery mechanisms and other standard options to map the network and services. After that we will talk about hardware interfacing test cases such as baud rate detection of device UART serial connection. In the end we will discuss the future roadmap for expliot that will include capabilities for radio protocol analysis and attacks such as BLE, Zigbee and hardware interaction including SPI, I2C, JTAG, etc protocols.

As an attendee you would get a first hand view of the internals of the framework and how/when/where to use it. If you have similar interests, please join us for the session and help us shape the future of expliot with your valuable suggestions for improvements.