SlideShare a Scribd company logo

IOT Exploitation

C
Cysinfo Cyber Security Community

IOT Exploitation

Software
1 of 40
Download to read offline
An Introduction IoT Exploitation
Name : veerababu penugonda IoT enthusiast maintainer at
Agenda: . Introduction to IoT . Information About IoT protocols . Attack Surfaces . IoT Exploitation Methodology . Demo
What is IoT? Network of physical devices, vehicles, buildings and other items-embedded with electronics, software, sensors, actuators, and network connectivity that enable these objects to collect and exchange data (Wikipedia). Bringing together people, process, data, and things to make networked connections more relevant and valuable than ever before-turning information into actions that create new capabilities, richer experiences, and unprecedented economic opportunity for businesses, individuals, and countries. (CISCO)
IoT Protocols CoAP Constrained application MQTT Message Queue Telemetry Transport.
IoT Protocols: CoAP: . Simple to encode: targets 8 bits MCU (Microcontroller Unit). . UDP based, targets low power IP networks. . Two level of QoS (Qulaity of Service): confirmable message or not. . Simple observation mechanism. CoAP Security: . DTLS (TLS on UDP Datagrams) . Pre-shared key or not . DTLS is not really light
Microcontroller:
. Very simple and light protocol on top of TCP. . Good fit for wireless applications. . Publish/Subscribe paradigm. . Websocket support. MQTT : . Uses SSL/TLS on top of the TCP stream. . Pre-shared key encryption is supported. MQTT Security :
IoT Protocols XMPP Extensible Messaging and Presence Protocol AMQP Advanced Message Queuing Protocol
XMPP: XMPP provides a general framework for messaging across a network, which offers a multitude of applications beyond traditional Instant Messaging (IM) and the distribution of Presence data. WhatsApp, Gtalk Facebook Chat Who using this protocol: https://xmpp.org/uses/internet-of-things.htmlFind more info from here:
AMQP: https://www.amqp.org . It is used in one of the world’s largest biometric databases India’s Aadhar project—home to 1.2 billion identities. . It is used in the Ocean Observatories Initiative—an architecture that collects 8 terabytes of data per day. AMQP is a binary wire protocol which was designed for interoperability between different vendors. Where other protocols have failed, AMQP adoption has been strong. Companies like JP Morgan use it to process 1 billion messages a day. find more infor from here:
IoT Attack Surfaces:
OWASP Top 10 for IoT:
What we going to discuss about: I9:Insecure software/firmware:
What is Firmware: Firmware is a type of software that provides control, monitoring and data manipulation of engineered products and systems. Typical examples of devices containing firmware are embedded systems (Wikipedia)
. VoIP . Cars . Drones . Networking devices(routers, firewalls, IDS) . Medical devices(Health monitors) . Mobile phones. . Home security systems . Vehicles . Thermostats, metering systems, consumer electronics Displays what are Embedded devices:
What we need to know? The most common architectures for IoT devices: • ARM (ARM7, ARM9, Cortex) • MIPS
what we required ? Debug interfaces : .UART (Universal Asynchronous Receive & Transmit) .JTAG (Joint Test Action Group) – HW Debug .SPI (Serial Peripheral Interface) .I2C (Inter-Integrated Circuit)
UART Debugger: A UART usually contains the following components: 1.input and output shift registers 2.transmit/receive control 3.read/write control logic 4.First-in, first-out (FIFO) buffer memory (optional) 5.Signals needed by a third party DMA controller (optional)
JTAG Debugger(Joint Test Action Group): -support in-circuit debugging and firmware programming as well as for boundary scan testing. -Modern 8-bit and 16-bit microcontroller chips, such as Atmel AVR and TI MSP430 chips, support JTAG programming and debugging -Almost all FPGAs and CPLDs used today can be programmed via a JTAG port. -Many MIPS and PowerPC processors have JTAG support
• JTAG – Joint Test Action Group – Finding TDI (Test Data In), – Hardware Debugging via OpenOCD / GDB – Jtagulator is awesome for brute-forcing pinout
An Example view of Jtag connection
http://www.grandideastudio.com - On-chip debug (OCD) interfaces can provide chip-level control of a target device and are a primary vector used by engineers, researchers, and hackers to extract program code or data. - JTAGulator is an open source hardware tool that assists in identifying OCD connections from test points, vias, or component pads on a target device.
Operating systems for IoT: • Contiki • RIOT • mbed • TinyOS • NanoRK • Mantis • emb ::6 • Free RTOS
• U-Boot • RedBoot • BareBox • Ubicom bootloader Bootloaders: What are these? .Bootloader is a piece of code that runs before any operating system is running. .Bootloaders usually contain several ways to boot the OS kernel and also contain commands for debugging and/or modifying the kernel environment.
• busybox + uClibc • buildroot • openembedded • crosstool • crossde Are they Compilers..?
Compilers for IoT: The computing environments are developing to the IoT services which exchange a lot of information using various and heterogeneous devices that always connected on networks. Since the data communication and services take places on the various devices including not only traditional computing environments and mobile devices such as smartphone but also household appliances, embedded devices,and sensor nodes, the security requirements is getting more important at this point in time In this paper, the compiler with secure software concept was proposed to develop the secure applications for IoT services
IoT exploitation methodology .. -Identify Device, hardware revisions, document hardware components -Research chip datasheets - figure out features -Identify hardware communication interfaces possibilities -Identifying wireline protocol logic (How the hell do I talk to these chips?) -Hardware tools for accessing interfaces -Firmware Reverse Engineering -Vulnerability Research / Exploitation
"routers & cars & drones are also hackable"
Lets get into our topic : Insecure software/firmware:
Insecure software/firmware • Encryption Not Used to Fetch Updates • Update File not Encrypted • Update Not Verified before Upload • Firmware Contains Sensitive Information • No Obvious Update Functionality
We are targetting the router firmware..? I already have DVRF V3 No practicle device hacking?
For firmware analysis what we required .? Tools for analysis: .Binwalk .Firmwalk .Firmdyne .Firmware-mod-kit .ERESI framework .FRAK - firmware reverse anaysis konsole
What to do? • Get the firmware • Reconnaissance • Unpacking • Localize point of interest • Decompile/compile/tweak/fuzz/pentest/fun! What not to do? • Never try on home or company devices .. when work is going on ..!
Get the DVRF here..? https://github.com/praetorian-inc/DVRF Lets start test and the get the info using Binwalk.! . Download from manufacturer FTP/HTTP site . Device memory dump
Reconnaissance: getting information about the firmware for the And analysing the string values .
Unpacking: . Use binwalk to extract any files that it finds in the firmware image
Localize Point of Interest: This instructs binwalk to search the specified file(s) for executable opcodes common to a variety of CPU architectures. Note that some opcode signatures are short and thus are prone to producing false positive results.
Decompile/compile/tweak/fuzz/pentest/fun! .Running hexdump can help identify the type of firmware build .QEMU emulation is also another way to examine binaries
Any Questions..?

Recommended

Advanced SOHO Router Exploitation XCON
Advanced SOHO Router Exploitation XCONAdvanced SOHO Router Exploitation XCON
Advanced SOHO Router Exploitation XCON
Lyon Yang
 
IoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangaloreIoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangalore
veerababu penugonda(Mr-IoT)
 
Beginners guide on how to start exploring IoT 2nd session
Beginners guide on how to start exploring IoT 2nd sessionBeginners guide on how to start exploring IoT 2nd session
Beginners guide on how to start exploring IoT 2nd session
veerababu penugonda(Mr-IoT)
 
Beginner’s Guide on How to Start Exploring IoT Security 1st Session
Beginner’s Guide on How to Start Exploring IoT Security 1st SessionBeginner’s Guide on How to Start Exploring IoT Security 1st Session
Beginner’s Guide on How to Start Exploring IoT Security 1st Session
veerababu penugonda(Mr-IoT)
 
Firmware analysis 101
Firmware analysis 101Firmware analysis 101
Firmware analysis 101
veerababu penugonda(Mr-IoT)
 
Owasp top 10
Owasp top 10 Owasp top 10
Owasp top 10
veerababu penugonda(Mr-IoT)
 
Practical Security Assessments of IoT Devices and Systems
Practical Security Assessments of IoT Devices and Systems Practical Security Assessments of IoT Devices and Systems
Practical Security Assessments of IoT Devices and Systems
Ollie Whitehouse
 
Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)
Security Weekly
 

Recommended

Advanced SOHO Router Exploitation XCON
Advanced SOHO Router Exploitation XCONAdvanced SOHO Router Exploitation XCON
Advanced SOHO Router Exploitation XCON
Lyon Yang
 
IoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangaloreIoT security zigbee -- Null Meet bangalore
IoT security zigbee -- Null Meet bangalore
veerababu penugonda(Mr-IoT)
 
Beginners guide on how to start exploring IoT 2nd session
Beginners guide on how to start exploring IoT 2nd sessionBeginners guide on how to start exploring IoT 2nd session
Beginners guide on how to start exploring IoT 2nd session
veerababu penugonda(Mr-IoT)
 
Beginner’s Guide on How to Start Exploring IoT Security 1st Session
Beginner’s Guide on How to Start Exploring IoT Security 1st SessionBeginner’s Guide on How to Start Exploring IoT Security 1st Session
Beginner’s Guide on How to Start Exploring IoT Security 1st Session
veerababu penugonda(Mr-IoT)
 
Firmware analysis 101
Firmware analysis 101Firmware analysis 101
Firmware analysis 101
veerababu penugonda(Mr-IoT)
 
Owasp top 10
Owasp top 10 Owasp top 10
Owasp top 10
veerababu penugonda(Mr-IoT)
 
Practical Security Assessments of IoT Devices and Systems
Practical Security Assessments of IoT Devices and Systems Practical Security Assessments of IoT Devices and Systems
Practical Security Assessments of IoT Devices and Systems
Ollie Whitehouse
 
Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)Attacking Embedded Devices (No Axe Required)
Attacking Embedded Devices (No Axe Required)
Security Weekly
 
Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...
Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...
Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...
DefconRussia
 
CODE BLUE 2014 : DeviceDisEnabler : A hypervisor which hides devices to prote...
CODE BLUE 2014 : DeviceDisEnabler : A hypervisor which hides devices to prote...CODE BLUE 2014 : DeviceDisEnabler : A hypervisor which hides devices to prote...
CODE BLUE 2014 : DeviceDisEnabler : A hypervisor which hides devices to prote...
CODE BLUE
 
Android Hacking
Android HackingAndroid Hacking
Android Hacking
antitree
 
IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?
Zoltan Balazs
 
Hacking & Securing of iOS Apps by Saurabh Mishra
Hacking & Securing of iOS Apps by Saurabh MishraHacking & Securing of iOS Apps by Saurabh Mishra
Hacking & Securing of iOS Apps by Saurabh Mishra
OWASP Delhi
 
Is My App Secure ?
Is My App Secure ? Is My App Secure ?
Is My App Secure ?
Herman Duarte
 
iOS Application Pentesting
iOS Application PentestingiOS Application Pentesting
iOS Application Pentesting
n|u - The Open Security Community
 
CODE BLUE 2014 : [Keynote] IDA and digital security by Ilfak Guilfanov
CODE BLUE 2014 : [Keynote] IDA and digital security by Ilfak GuilfanovCODE BLUE 2014 : [Keynote] IDA and digital security by Ilfak Guilfanov
CODE BLUE 2014 : [Keynote] IDA and digital security by Ilfak Guilfanov
CODE BLUE
 
Cracking Into Embedded Devices - Hack in The Box Dubai 2008
Cracking Into Embedded Devices - Hack in The Box Dubai 2008Cracking Into Embedded Devices - Hack in The Box Dubai 2008
Cracking Into Embedded Devices - Hack in The Box Dubai 2008
guest642391
 
NFC: Naked Fried Chicken / Пентест NFC — вот что я люблю
NFC: Naked Fried Chicken / Пентест NFC — вот что я люблюNFC: Naked Fried Chicken / Пентест NFC — вот что я люблю
NFC: Naked Fried Chicken / Пентест NFC — вот что я люблю
Positive Hack Days
 
Dmitry 'D1g1' Evdokimov - BlackBox analysis of iOS apps
Dmitry 'D1g1' Evdokimov - BlackBox analysis of iOS appsDmitry 'D1g1' Evdokimov - BlackBox analysis of iOS apps
Dmitry 'D1g1' Evdokimov - BlackBox analysis of iOS apps
DefconRussia
 
Seminar V2
Seminar V2Seminar V2
Seminar V2
Moustafa Najm
 
Software Attacks on Hardware Wallets
Software Attacks on Hardware WalletsSoftware Attacks on Hardware Wallets
Software Attacks on Hardware Wallets
Riscure
 
A Security Barrier Device That Can Protect Critical Data Regardless of OS or ...
A Security Barrier Device That Can Protect Critical Data Regardless of OS or ...A Security Barrier Device That Can Protect Critical Data Regardless of OS or ...
A Security Barrier Device That Can Protect Critical Data Regardless of OS or ...
CODE BLUE
 
Jailbreaking iOS
Jailbreaking iOSJailbreaking iOS
Jailbreaking iOS
Kai Aras
 
[2.2] Hacking Internet of Things devices - Ivan Novikov
[2.2] Hacking Internet of Things devices - Ivan Novikov[2.2] Hacking Internet of Things devices - Ivan Novikov
[2.2] Hacking Internet of Things devices - Ivan Novikov
OWASP Russia
 
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
PacSecJP
 
How to hide your browser 0-days
How to hide your browser 0-daysHow to hide your browser 0-days
How to hide your browser 0-days
Zoltan Balazs
 
Java Card Security
Java Card SecurityJava Card Security
Java Card Security
Riscure
 
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...
Positive Hack Days
 
Considerations for Operating An OpenStack Cloud
Considerations for Operating An OpenStack CloudConsiderations for Operating An OpenStack Cloud
Considerations for Operating An OpenStack Cloud
Mark Voelker
 
Apache kafka performance(throughput) - without data loss and guaranteeing dat...
Apache kafka performance(throughput) - without data loss and guaranteeing dat...Apache kafka performance(throughput) - without data loss and guaranteeing dat...
Apache kafka performance(throughput) - without data loss and guaranteeing dat...
SANG WON PARK
 

More Related Content

What's hot

CODE BLUE 2014 : DeviceDisEnabler : A hypervisor which hides devices to prote...
CODE BLUE 2014 : DeviceDisEnabler : A hypervisor which hides devices to prote...CODE BLUE 2014 : DeviceDisEnabler : A hypervisor which hides devices to prote...
CODE BLUE 2014 : DeviceDisEnabler : A hypervisor which hides devices to prote...
CODE BLUE
 
NFC: Naked Fried Chicken / Пентест NFC — вот что я люблю
NFC: Naked Fried Chicken / Пентест NFC — вот что я люблюNFC: Naked Fried Chicken / Пентест NFC — вот что я люблю
NFC: Naked Fried Chicken / Пентест NFC — вот что я люблю
Positive Hack Days
 
Dmitry 'D1g1' Evdokimov - BlackBox analysis of iOS apps
Dmitry 'D1g1' Evdokimov - BlackBox analysis of iOS appsDmitry 'D1g1' Evdokimov - BlackBox analysis of iOS apps
Dmitry 'D1g1' Evdokimov - BlackBox analysis of iOS apps
DefconRussia
 
A Security Barrier Device That Can Protect Critical Data Regardless of OS or ...
A Security Barrier Device That Can Protect Critical Data Regardless of OS or ...A Security Barrier Device That Can Protect Critical Data Regardless of OS or ...
A Security Barrier Device That Can Protect Critical Data Regardless of OS or ...
CODE BLUE
 
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
PacSecJP
 
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...
Positive Hack Days
 

What's hot (20)

Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...
Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...
Nikita Abdullin - Reverse-engineering of embedded MIPS devices. Case Study - ...
 
CODE BLUE 2014 : DeviceDisEnabler : A hypervisor which hides devices to prote...
CODE BLUE 2014 : DeviceDisEnabler : A hypervisor which hides devices to prote...CODE BLUE 2014 : DeviceDisEnabler : A hypervisor which hides devices to prote...
CODE BLUE 2014 : DeviceDisEnabler : A hypervisor which hides devices to prote...
 
Android Hacking
Android HackingAndroid Hacking
Android Hacking
 
IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?IoT security is a nightmare. But what is the real risk?
IoT security is a nightmare. But what is the real risk?
 
Hacking & Securing of iOS Apps by Saurabh Mishra
Hacking & Securing of iOS Apps by Saurabh MishraHacking & Securing of iOS Apps by Saurabh Mishra
Hacking & Securing of iOS Apps by Saurabh Mishra
 
Is My App Secure ?
Is My App Secure ? Is My App Secure ?
Is My App Secure ?
 
iOS Application Pentesting
iOS Application PentestingiOS Application Pentesting
iOS Application Pentesting
 
CODE BLUE 2014 : [Keynote] IDA and digital security by Ilfak Guilfanov
CODE BLUE 2014 : [Keynote] IDA and digital security by Ilfak GuilfanovCODE BLUE 2014 : [Keynote] IDA and digital security by Ilfak Guilfanov
CODE BLUE 2014 : [Keynote] IDA and digital security by Ilfak Guilfanov
 
Cracking Into Embedded Devices - Hack in The Box Dubai 2008
Cracking Into Embedded Devices - Hack in The Box Dubai 2008Cracking Into Embedded Devices - Hack in The Box Dubai 2008
Cracking Into Embedded Devices - Hack in The Box Dubai 2008
 
NFC: Naked Fried Chicken / Пентест NFC — вот что я люблю
NFC: Naked Fried Chicken / Пентест NFC — вот что я люблюNFC: Naked Fried Chicken / Пентест NFC — вот что я люблю
NFC: Naked Fried Chicken / Пентест NFC — вот что я люблю
 
Dmitry 'D1g1' Evdokimov - BlackBox analysis of iOS apps
Dmitry 'D1g1' Evdokimov - BlackBox analysis of iOS appsDmitry 'D1g1' Evdokimov - BlackBox analysis of iOS apps
Dmitry 'D1g1' Evdokimov - BlackBox analysis of iOS apps
 
Seminar V2
Seminar V2Seminar V2
Seminar V2
 
Software Attacks on Hardware Wallets
Software Attacks on Hardware WalletsSoftware Attacks on Hardware Wallets
Software Attacks on Hardware Wallets
 
A Security Barrier Device That Can Protect Critical Data Regardless of OS or ...
A Security Barrier Device That Can Protect Critical Data Regardless of OS or ...A Security Barrier Device That Can Protect Critical Data Regardless of OS or ...
A Security Barrier Device That Can Protect Critical Data Regardless of OS or ...
 
Jailbreaking iOS
Jailbreaking iOSJailbreaking iOS
Jailbreaking iOS
 
[2.2] Hacking Internet of Things devices - Ivan Novikov
[2.2] Hacking Internet of Things devices - Ivan Novikov[2.2] Hacking Internet of Things devices - Ivan Novikov
[2.2] Hacking Internet of Things devices - Ivan Novikov
 
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
Ryder robertson security-considerations_in_the_supply_chain_2017.11.02
 
How to hide your browser 0-days
How to hide your browser 0-daysHow to hide your browser 0-days
How to hide your browser 0-days
 
Java Card Security
Java Card SecurityJava Card Security
Java Card Security
 
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...
Exploiting Redundancy Properties of Malicious Infrastructure for Incident Det...
 

Viewers also liked

Considerations for Operating An OpenStack Cloud
Considerations for Operating An OpenStack CloudConsiderations for Operating An OpenStack Cloud
Considerations for Operating An OpenStack Cloud
Mark Voelker
 
Apache kafka performance(throughput) - without data loss and guaranteeing dat...
Apache kafka performance(throughput) - without data loss and guaranteeing dat...Apache kafka performance(throughput) - without data loss and guaranteeing dat...
Apache kafka performance(throughput) - without data loss and guaranteeing dat...
SANG WON PARK
 
Microservices mit Java EE - am Beispiel von IBM Liberty
Microservices mit Java EE - am Beispiel von IBM LibertyMicroservices mit Java EE - am Beispiel von IBM Liberty
Microservices mit Java EE - am Beispiel von IBM Liberty
Michael Hofmann
 
Visualize your data in Data Lake with AWS Athena and AWS Quicksight Hands-on ...
Visualize your data in Data Lake with AWS Athena and AWS Quicksight Hands-on ...Visualize your data in Data Lake with AWS Athena and AWS Quicksight Hands-on ...
Visualize your data in Data Lake with AWS Athena and AWS Quicksight Hands-on ...
Amazon Web Services
 
Cloud Expo New York: OpenFlow Is SDN Yet SDN Is Not Only OpenFlow
Cloud Expo New York: OpenFlow Is SDN Yet SDN Is Not Only OpenFlowCloud Expo New York: OpenFlow Is SDN Yet SDN Is Not Only OpenFlow
Cloud Expo New York: OpenFlow Is SDN Yet SDN Is Not Only OpenFlow
Cohesive Networks
 

Viewers also liked (20)

Considerations for Operating An OpenStack Cloud
Considerations for Operating An OpenStack CloudConsiderations for Operating An OpenStack Cloud
Considerations for Operating An OpenStack Cloud
 
Apache kafka performance(throughput) - without data loss and guaranteeing dat...
Apache kafka performance(throughput) - without data loss and guaranteeing dat...Apache kafka performance(throughput) - without data loss and guaranteeing dat...
Apache kafka performance(throughput) - without data loss and guaranteeing dat...
 
Cisco Network Functions Virtualization Infrastructure (NFVI)
Cisco Network Functions Virtualization Infrastructure (NFVI)Cisco Network Functions Virtualization Infrastructure (NFVI)
Cisco Network Functions Virtualization Infrastructure (NFVI)
 
Introduction to Data Modeling in Cassandra
Introduction to Data Modeling in CassandraIntroduction to Data Modeling in Cassandra
Introduction to Data Modeling in Cassandra
 
Fluentd v1.0 in a nutshell
Fluentd v1.0 in a nutshellFluentd v1.0 in a nutshell
Fluentd v1.0 in a nutshell
 
Security Realism in Education
Security Realism in EducationSecurity Realism in Education
Security Realism in Education
 
Microservices mit Java EE - am Beispiel von IBM Liberty
Microservices mit Java EE - am Beispiel von IBM LibertyMicroservices mit Java EE - am Beispiel von IBM Liberty
Microservices mit Java EE - am Beispiel von IBM Liberty
 
Microsoft Microservices
Microsoft MicroservicesMicrosoft Microservices
Microsoft Microservices
 
Question 7
Question 7Question 7
Question 7
 
Diabetes mellitus
Diabetes mellitusDiabetes mellitus
Diabetes mellitus
 
Interesting Places in Poland
Interesting Places in PolandInteresting Places in Poland
Interesting Places in Poland
 
Stormshield Visibility Center
Stormshield Visibility CenterStormshield Visibility Center
Stormshield Visibility Center
 
What's new in oracle ORAchk & EXAchk 12.2.0.1.2
What's new in oracle ORAchk & EXAchk 12.2.0.1.2What's new in oracle ORAchk & EXAchk 12.2.0.1.2
What's new in oracle ORAchk & EXAchk 12.2.0.1.2
 
Visualize your data in Data Lake with AWS Athena and AWS Quicksight Hands-on ...
Visualize your data in Data Lake with AWS Athena and AWS Quicksight Hands-on ...Visualize your data in Data Lake with AWS Athena and AWS Quicksight Hands-on ...
Visualize your data in Data Lake with AWS Athena and AWS Quicksight Hands-on ...
 
Cloud Expo New York: OpenFlow Is SDN Yet SDN Is Not Only OpenFlow
Cloud Expo New York: OpenFlow Is SDN Yet SDN Is Not Only OpenFlowCloud Expo New York: OpenFlow Is SDN Yet SDN Is Not Only OpenFlow
Cloud Expo New York: OpenFlow Is SDN Yet SDN Is Not Only OpenFlow
 
From 10 Users to 10 Milion in 10 Days - Adam Lev, Tamar Labs - DevOpsDays Tel...
From 10 Users to 10 Milion in 10 Days - Adam Lev, Tamar Labs - DevOpsDays Tel...From 10 Users to 10 Milion in 10 Days - Adam Lev, Tamar Labs - DevOpsDays Tel...
From 10 Users to 10 Milion in 10 Days - Adam Lev, Tamar Labs - DevOpsDays Tel...
 
Elks for analysing performance test results - Helsinki QA meetup
Elks for analysing performance test results - Helsinki QA meetupElks for analysing performance test results - Helsinki QA meetup
Elks for analysing performance test results - Helsinki QA meetup
 
Big Data Europe: Simplifying Development and Deployment of Big Data Applications
Big Data Europe: Simplifying Development and Deployment of Big Data ApplicationsBig Data Europe: Simplifying Development and Deployment of Big Data Applications
Big Data Europe: Simplifying Development and Deployment of Big Data Applications
 
Cloud Security Best Practices - Part 2
Cloud Security Best Practices - Part 2Cloud Security Best Practices - Part 2
Cloud Security Best Practices - Part 2
 
Cloud adoption patterns April 11 2016
Cloud adoption patterns April 11 2016Cloud adoption patterns April 11 2016
Cloud adoption patterns April 11 2016
 

Similar to IOT Exploitation

CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CloudIDSummit
 
Gab 2015 aymeric weinbach azure iot
Gab 2015 aymeric weinbach azure iot Gab 2015 aymeric weinbach azure iot
Gab 2015 aymeric weinbach azure iot
Aymeric Weinbach
 
Analyzing Vulnerabilities in the Internet of Things
Analyzing Vulnerabilities in the Internet of ThingsAnalyzing Vulnerabilities in the Internet of Things
Analyzing Vulnerabilities in the Internet of Things
Ike Clinton
 
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdfNXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
ssuser57b3e5
 

Similar to IOT Exploitation (20)

Null mumbai-reversing-IoT-firmware
Null mumbai-reversing-IoT-firmwareNull mumbai-reversing-IoT-firmware
Null mumbai-reversing-IoT-firmware
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
 
KazHackStan Doing The IoT Penetration Testing - Yogesh Ojha
KazHackStan Doing The IoT Penetration Testing - Yogesh OjhaKazHackStan Doing The IoT Penetration Testing - Yogesh Ojha
KazHackStan Doing The IoT Penetration Testing - Yogesh Ojha
 
Iot development from prototype to production
Iot development from prototype to productionIot development from prototype to production
Iot development from prototype to production
 
Internet of Things.pptx
Internet of Things.pptxInternet of Things.pptx
Internet of Things.pptx
 
Building IoT devices with ARM mbed - RISE Manchester
Building IoT devices with ARM mbed - RISE ManchesterBuilding IoT devices with ARM mbed - RISE Manchester
Building IoT devices with ARM mbed - RISE Manchester
 
IoT Development from Prototype to Production
IoT Development from Prototype to ProductionIoT Development from Prototype to Production
IoT Development from Prototype to Production
 
IoT Security Risks and Challenges
IoT Security Risks and ChallengesIoT Security Risks and Challenges
IoT Security Risks and Challenges
 
Contiki IoT simulation
Contiki IoT simulationContiki IoT simulation
Contiki IoT simulation
 
Eric Theis resume61.1
Eric Theis resume61.1Eric Theis resume61.1
Eric Theis resume61.1
 
Internet of things - The Present & The Future
Internet of things - The Present & The FutureInternet of things - The Present & The Future
Internet of things - The Present & The Future
 
Gab 2015 aymeric weinbach azure iot
Gab 2015 aymeric weinbach azure iot Gab 2015 aymeric weinbach azure iot
Gab 2015 aymeric weinbach azure iot
 
IoT4Devs (1)
IoT4Devs (1)IoT4Devs (1)
IoT4Devs (1)
 
Designing Internet of things
Designing Internet of thingsDesigning Internet of things
Designing Internet of things
 
Null mumbai-iot-workshop
Null mumbai-iot-workshopNull mumbai-iot-workshop
Null mumbai-iot-workshop
 
Analyzing Vulnerabilities in the Internet of Things
Analyzing Vulnerabilities in the Internet of ThingsAnalyzing Vulnerabilities in the Internet of Things
Analyzing Vulnerabilities in the Internet of Things
 
Developers’ mDay u Banjoj Luci - Janko Isidorović, Mainflux – Unified IoT Pl...
Developers’ mDay u Banjoj Luci - Janko Isidorović, Mainflux – Unified IoT Pl...Developers’ mDay u Banjoj Luci - Janko Isidorović, Mainflux – Unified IoT Pl...
Developers’ mDay u Banjoj Luci - Janko Isidorović, Mainflux – Unified IoT Pl...
 
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdfNXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
NXP'S-PORTFOLIO-FOR-ADDRESSING-IOT-SECURITY.pdf
 
Intels presentation at blue line industrial computer seminar
Intels presentation at blue line industrial computer seminarIntels presentation at blue line industrial computer seminar
Intels presentation at blue line industrial computer seminar
 
BKK16-500K2 CTO talk - The End to End Story
BKK16-500K2 CTO talk - The End to End StoryBKK16-500K2 CTO talk - The End to End Story
BKK16-500K2 CTO talk - The End to End Story
 

More from Cysinfo Cyber Security Community

More from Cysinfo Cyber Security Community (20)

Understanding Malware Persistence Techniques by Monnappa K A
Understanding Malware Persistence Techniques by Monnappa K AUnderstanding Malware Persistence Techniques by Monnappa K A
Understanding Malware Persistence Techniques by Monnappa K A
 
Understanding & analyzing obfuscated malicious web scripts by Vikram Kharvi
Understanding & analyzing obfuscated malicious web scripts by Vikram KharviUnderstanding & analyzing obfuscated malicious web scripts by Vikram Kharvi
Understanding & analyzing obfuscated malicious web scripts by Vikram Kharvi
 
Getting started with cybersecurity through CTFs by Shruti Dixit & Geethna TK
Getting started with cybersecurity through CTFs by Shruti Dixit & Geethna TKGetting started with cybersecurity through CTFs by Shruti Dixit & Geethna TK
Getting started with cybersecurity through CTFs by Shruti Dixit & Geethna TK
 
Emerging Trends in Cybersecurity by Amar Prusty
Emerging Trends in Cybersecurity by Amar PrustyEmerging Trends in Cybersecurity by Amar Prusty
Emerging Trends in Cybersecurity by Amar Prusty
 
A look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
A look into the sanitizer family (ASAN & UBSAN) by Akul PillaiA look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
A look into the sanitizer family (ASAN & UBSAN) by Akul Pillai
 
Closer look at PHP Unserialization by Ashwin Shenoi
Closer look at PHP Unserialization by Ashwin ShenoiCloser look at PHP Unserialization by Ashwin Shenoi
Closer look at PHP Unserialization by Ashwin Shenoi
 
Unicorn: The Ultimate CPU Emulator by Akshay Ajayan
Unicorn: The Ultimate CPU Emulator by Akshay AjayanUnicorn: The Ultimate CPU Emulator by Akshay Ajayan
Unicorn: The Ultimate CPU Emulator by Akshay Ajayan
 
The Art of Executing JavaScript by Akhil Mahendra
The Art of Executing JavaScript by Akhil MahendraThe Art of Executing JavaScript by Akhil Mahendra
The Art of Executing JavaScript by Akhil Mahendra
 
Reversing and Decrypting Malware Communications by Monnappa
Reversing and Decrypting Malware Communications by MonnappaReversing and Decrypting Malware Communications by Monnappa
Reversing and Decrypting Malware Communications by Monnappa
 
DeViL - Detect Virtual Machine in Linux by Sreelakshmi
DeViL - Detect Virtual Machine in Linux by SreelakshmiDeViL - Detect Virtual Machine in Linux by Sreelakshmi
DeViL - Detect Virtual Machine in Linux by Sreelakshmi
 
Analysis of android apk using adhrit by Abhishek J.M
Analysis of android apk using adhrit by Abhishek J.M Analysis of android apk using adhrit by Abhishek J.M
Analysis of android apk using adhrit by Abhishek J.M
 
Understanding evasive hollow process injection techniques monnappa k a
Understanding evasive hollow process injection techniques monnappa k aUnderstanding evasive hollow process injection techniques monnappa k a
Understanding evasive hollow process injection techniques monnappa k a
 
Security challenges in d2d communication by ajithkumar vyasarao
Security challenges in d2d communication by ajithkumar vyasaraoSecurity challenges in d2d communication by ajithkumar vyasarao
Security challenges in d2d communication by ajithkumar vyasarao
 
S2 e (selective symbolic execution) -shivkrishna a
S2 e (selective symbolic execution) -shivkrishna aS2 e (selective symbolic execution) -shivkrishna a
S2 e (selective symbolic execution) -shivkrishna a
 
Dynamic binary analysis using angr siddharth muralee
Dynamic binary analysis using angr siddharth muraleeDynamic binary analysis using angr siddharth muralee
Dynamic binary analysis using angr siddharth muralee
 
Bit flipping attack on aes cbc - ashutosh ahelleya
Bit flipping attack on aes cbc - ashutosh ahelleyaBit flipping attack on aes cbc - ashutosh ahelleya
Bit flipping attack on aes cbc - ashutosh ahelleya
 
Security Analytics using ELK stack
Security Analytics using ELK stack Security Analytics using ELK stack
Security Analytics using ELK stack
 
Linux Malware Analysis
Linux Malware Analysis Linux Malware Analysis
Linux Malware Analysis
 
Introduction to Binary Exploitation
Introduction to Binary Exploitation Introduction to Binary Exploitation
Introduction to Binary Exploitation
 
ATM Malware: Understanding the threat
ATM Malware: Understanding the threat ATM Malware: Understanding the threat
ATM Malware: Understanding the threat
 

Recently uploaded

%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
masabamasaba
 
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
chiefasafspells
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
Papp Krisztián
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
masabamasaba
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
 

Recently uploaded (20)

%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
 
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
 
WSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - KeynoteWSO2Con204 - Hard Rock Presentation - Keynote
WSO2Con204 - Hard Rock Presentation - Keynote
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
WSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security Program
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto
 
Artyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxArtyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptx
 
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
 
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaS
 

IOT Exploitation

  • 2. Name : veerababu penugonda IoT enthusiast maintainer at
  • 3. Agenda: . Introduction to IoT . Information About IoT protocols . Attack Surfaces . IoT Exploitation Methodology . Demo
  • 4. What is IoT? Network of physical devices, vehicles, buildings and other items-embedded with electronics, software, sensors, actuators, and network connectivity that enable these objects to collect and exchange data (Wikipedia). Bringing together people, process, data, and things to make networked connections more relevant and valuable than ever before-turning information into actions that create new capabilities, richer experiences, and unprecedented economic opportunity for businesses, individuals, and countries. (CISCO)
  • 6. IoT Protocols: CoAP: . Simple to encode: targets 8 bits MCU (Microcontroller Unit). . UDP based, targets low power IP networks. . Two level of QoS (Qulaity of Service): confirmable message or not. . Simple observation mechanism. CoAP Security: . DTLS (TLS on UDP Datagrams) . Pre-shared key or not . DTLS is not really light
  • 8. . Very simple and light protocol on top of TCP. . Good fit for wireless applications. . Publish/Subscribe paradigm. . Websocket support. MQTT : . Uses SSL/TLS on top of the TCP stream. . Pre-shared key encryption is supported. MQTT Security :
  • 9. IoT Protocols XMPP Extensible Messaging and Presence Protocol AMQP Advanced Message Queuing Protocol
  • 10. XMPP: XMPP provides a general framework for messaging across a network, which offers a multitude of applications beyond traditional Instant Messaging (IM) and the distribution of Presence data. WhatsApp, Gtalk Facebook Chat Who using this protocol: https://xmpp.org/uses/internet-of-things.htmlFind more info from here:
  • 11. AMQP: https://www.amqp.org . It is used in one of the world’s largest biometric databases India’s Aadhar project—home to 1.2 billion identities. . It is used in the Ocean Observatories Initiative—an architecture that collects 8 terabytes of data per day. AMQP is a binary wire protocol which was designed for interoperability between different vendors. Where other protocols have failed, AMQP adoption has been strong. Companies like JP Morgan use it to process 1 billion messages a day. find more infor from here:
  • 13. OWASP Top 10 for IoT:
  • 14. What we going to discuss about: I9:Insecure software/firmware:
  • 15. What is Firmware: Firmware is a type of software that provides control, monitoring and data manipulation of engineered products and systems. Typical examples of devices containing firmware are embedded systems (Wikipedia)
  • 16. . VoIP . Cars . Drones . Networking devices(routers, firewalls, IDS) . Medical devices(Health monitors) . Mobile phones. . Home security systems . Vehicles . Thermostats, metering systems, consumer electronics Displays what are Embedded devices:
  • 17. What we need to know? The most common architectures for IoT devices: • ARM (ARM7, ARM9, Cortex) • MIPS
  • 18. what we required ? Debug interfaces : .UART (Universal Asynchronous Receive & Transmit) .JTAG (Joint Test Action Group) – HW Debug .SPI (Serial Peripheral Interface) .I2C (Inter-Integrated Circuit)
  • 19. UART Debugger: A UART usually contains the following components: 1.input and output shift registers 2.transmit/receive control 3.read/write control logic 4.First-in, first-out (FIFO) buffer memory (optional) 5.Signals needed by a third party DMA controller (optional)
  • 20. JTAG Debugger(Joint Test Action Group): -support in-circuit debugging and firmware programming as well as for boundary scan testing. -Modern 8-bit and 16-bit microcontroller chips, such as Atmel AVR and TI MSP430 chips, support JTAG programming and debugging -Almost all FPGAs and CPLDs used today can be programmed via a JTAG port. -Many MIPS and PowerPC processors have JTAG support
  • 21. • JTAG – Joint Test Action Group – Finding TDI (Test Data In), – Hardware Debugging via OpenOCD / GDB – Jtagulator is awesome for brute-forcing pinout
  • 22. An Example view of Jtag connection
  • 23. http://www.grandideastudio.com - On-chip debug (OCD) interfaces can provide chip-level control of a target device and are a primary vector used by engineers, researchers, and hackers to extract program code or data. - JTAGulator is an open source hardware tool that assists in identifying OCD connections from test points, vias, or component pads on a target device.
  • 24. Operating systems for IoT: • Contiki • RIOT • mbed • TinyOS • NanoRK • Mantis • emb ::6 • Free RTOS
  • 25. • U-Boot • RedBoot • BareBox • Ubicom bootloader Bootloaders: What are these? .Bootloader is a piece of code that runs before any operating system is running. .Bootloaders usually contain several ways to boot the OS kernel and also contain commands for debugging and/or modifying the kernel environment.
  • 26. • busybox + uClibc • buildroot • openembedded • crosstool • crossde Are they Compilers..?
  • 27. Compilers for IoT: The computing environments are developing to the IoT services which exchange a lot of information using various and heterogeneous devices that always connected on networks. Since the data communication and services take places on the various devices including not only traditional computing environments and mobile devices such as smartphone but also household appliances, embedded devices,and sensor nodes, the security requirements is getting more important at this point in time In this paper, the compiler with secure software concept was proposed to develop the secure applications for IoT services
  • 28. IoT exploitation methodology .. -Identify Device, hardware revisions, document hardware components -Research chip datasheets - figure out features -Identify hardware communication interfaces possibilities -Identifying wireline protocol logic (How the hell do I talk to these chips?) -Hardware tools for accessing interfaces -Firmware Reverse Engineering -Vulnerability Research / Exploitation
  • 29. "routers & cars & drones are also hackable"
  • 30. Lets get into our topic : Insecure software/firmware:
  • 31. Insecure software/firmware • Encryption Not Used to Fetch Updates • Update File not Encrypted • Update Not Verified before Upload • Firmware Contains Sensitive Information • No Obvious Update Functionality
  • 32. We are targetting the router firmware..? I already have DVRF V3 No practicle device hacking?
  • 33. For firmware analysis what we required .? Tools for analysis: .Binwalk .Firmwalk .Firmdyne .Firmware-mod-kit .ERESI framework .FRAK - firmware reverse anaysis konsole
  • 34. What to do? • Get the firmware • Reconnaissance • Unpacking • Localize point of interest • Decompile/compile/tweak/fuzz/pentest/fun! What not to do? • Never try on home or company devices .. when work is going on ..!
  • 35. Get the DVRF here..? https://github.com/praetorian-inc/DVRF Lets start test and the get the info using Binwalk.! . Download from manufacturer FTP/HTTP site . Device memory dump
  • 36. Reconnaissance: getting information about the firmware for the And analysing the string values .
  • 37. Unpacking: . Use binwalk to extract any files that it finds in the firmware image
  • 38. Localize Point of Interest: This instructs binwalk to search the specified file(s) for executable opcodes common to a variety of CPU architectures. Note that some opcode signatures are short and thus are prone to producing false positive results.
  • 39. Decompile/compile/tweak/fuzz/pentest/fun! .Running hexdump can help identify the type of firmware build .QEMU emulation is also another way to examine binaries