EXPLIOT
Presentation Material
Abstract
IoT is an emerging field and exploding with new products and innovation. The security of IoT products is still lagging behind for various reasons. One of the important reasons from security researcherโs perspective is the availability of security tools. If you have been pen testing IoT products you would agree that there are too many different tools required for the job and there is no single silver bullet. And when it comes to Smart Infrastructure, we do not have any existing solution similar IT penetration testing tools.
We starting looking at the learning curve and tools required for IoT security research and decided to create a framework that will enable the research community to speed up their research and pentesting effort. Say hello to โexpliotโ โ IoT Exploit development Framework, right now in Beta phase, it will provide the building block for writing exploits and other IoT security assessment test cases with ease. Expliot will support most IoT communication protocols, firmware analysis, hardware interfacing functionality and test cases that can be used from within the framework to quickly map and exploit an IoT product or IoT Infrastructure.
In the presentation we will start with the problem statement followed by the architecture of expliot, how one can create test case with ease. We will then focus on IoT protocols such as mqtt, CoAP, etc describing the protocol internals, specific attacks along with demos from Rogue device perspective for example, sending malicious payloads in telemetry data, disconnecting legitimate sensors, using protocol discovery mechanisms and other standard options to map the network and services. After that we will talk about hardware interfacing test cases such as baud rate detection of device UART serial connection. In the end we will discuss the future roadmap for expliot that will include capabilities for radio protocol analysis and attacks such as BLE, Zigbee and hardware interaction including SPI, I2C, JTAG, etc protocols.
As an attendee you would get a first hand view of the internals of the framework and how/when/where to use it. If you have similar interests, please join us for the session and help us shape the future of expliot with your valuable suggestions for improvements.
AI Generated Summary
The talk addressed the challenges of conducting security assessments on Internet of Things (IoT) ecosystems, highlighting the fragmented attack surface encompassing devices, cloud services, and mobile applications. A core problem identified was the lack of integrated, mature tools for IoT penetration testing, forcing testers to use numerous disparate and often immature utilities.
Key findings from extensive IoT penetration tests revealed common vendor issues: rushed development leading to poor software hygiene, inappropriate protocol selection, hard-coded cryptographic keys, and inadequate hardware security awareness. The attack surface was analyzed in three layers: the device (firmware, services, hardware interfaces), the cloud (communication, storage, business logic), and the mobile application. The cloud was emphasized as a particularly high-risk component due to its aggregation of sensor data and potential for widespread compromise.
To address the tooling gap, the speaker introduced a custom IoT exploitation and penetration testing framework named Exploit II. Its design goals were simplicity, extensibility, and a focus exclusively on IoT. The framework structures all activities as modular test cases (e.g., scans, exploits) and currently supports protocols like CoAP and MQTT. Demonstrated techniques included a UART baud rate scanner, an MQTT client ID hijacking denial-of-service, and a cloud injection attack where malicious payloads (e.g., XSS) were sent via sensor data to compromise a cloud-hosted user interface.
Practical implications are that IoT security testing requires a unified approach to manage the complex, multi-layered ecosystem. The framework aims to reduce time spent on tool selection and custom scripting. The talk advocated for a strategic shift in focus from compromising individual hardware devices to attacking cloud and protocol layers, as compromising the cloud can potentially control entire product lines. The framework is intended as a research tool to evolve with emerging smart infrastructure, and the speaker solicited community contributions of exploits and test cases.