Hackers of India

IoT Pentesting The Right Way

By  Yogesh Ojha  on 14 Oct 2019 @ Hitb Sec Conf

Presentation Material

Abstract

As IoT becomes more integral to our lives, the need to secure them grows. One thing the security industry isn’t talking very often is - IoT security. We talk very often about application security but very rarely we talk about security in Hardware or in particular security in IoT. With application security, you as a penetration tester is confronted with a Windows or a Linux server, or a web application or even a TCP/UDP protocols. But with IoT penetration testing, you have very uncommon architectures like ARM, PowerPC, MIPS, etc. Sometimes, you are even confronted with communication protocols like ZigBee, BLE, NFC, RFID, etc and to make it more complex, many times hardware device manufacturers do have their custom RF frequencies. These require new expertise and severals toolsets which are very uncommon. It is no wonder that traditional penetration testers can get completely lost in the world of embedded devices security and their protocols. This talk is going to be a helpful resource to help you become IoT Penetration tester. In this talk, attendees will get an opportunity to learn about the potential risks and vulnerabilities carried by IoT systems. They will also get to learn about IoT security best practice and guidelines. You will learn how to build & secure a connected IoT platform and attack from a hacker’s perspective. Also, I will be sharing the secrets that no one tells you about penetrating the IoT device, which I have learned over the years working as IoT and Mobile application security analyst.

AI Generated Summarymay contain errors

The speaker appears to be discussing various tools and techniques used in IoT (Internet of Things) hacking, security testing, in multiple domains such as:

  1. Binary analysis: Using tools like disassemblers (e.g., IDA Pro), binary analysis frameworks (e.g., Capstone), and other extraction tools (e.g., Beanstalk) to reverse-engineer firmware.
  2. Network protocol analysis: Utilizing tools like Wireshark, Tcpdump, or packet sniffers for capturing and analyzing network traffic.
  3. RF (Radio Frequency) hacking: Employing tools such as Ubertooth One, Anlogic Sniffers, or CC2531 Sniffers to capture RF packets.

The speaker also mentions various hardware pieces required for IoT hacking, including:

  1. Channel toolkits: Soldering irons, multimeters, screwdrivers, connectors, cables, and wires.
  2. Protocol-specific tools: USB-to-UART converters, flash dumpers, and other specialized devices.

Additionally, the speaker recommends resources for further learning, such as:

  1. 85: A research group based in India focused on IoT hacking.
  2. Pen Testing Hardware: A talk by Mark, which can be found online.
  3. IoT Hacking tutorials and courses: Available online, which can help individuals get started with IoT hacking.

During the Q&A session, the speaker answers questions about dumping firmware from a 5D device, explaining that it involves finding vendor documentation, using FTP sites, or reverse-engineering mobile applications to obtain the firmware. They also discuss common issues encountered during this process, such as soldering and desoldering difficulties with small chipsets.

The second question addresses glitching, which the speaker explains is a technique used to manipulate voltage or current to induce errors in a device, potentially revealing debug information or other sensitive data.