IoT Penetration Testing Cookbook

Book description

Over 80 recipes to master IoT security techniques.

About This Book

  • Identify vulnerabilities in IoT device architectures and firmware using software and hardware pentesting techniques
  • Understand radio communication analysis with concepts such as sniffing the air and capturing radio signals
  • A recipe based guide that will teach you to pentest new and unique set of IoT devices.

Who This Book Is For

This book targets IoT developers, IoT enthusiasts, pentesters, and security professionals who are interested in learning about IoT security. Prior knowledge of basic pentesting would be beneficial.

What You Will Learn

  • Set up an IoT pentesting lab
  • Explore various threat modeling concepts
  • Exhibit the ability to analyze and exploit firmware vulnerabilities
  • Demonstrate the automation of application binary analysis for iOS and Android using MobSF
  • Set up a Burp Suite and use it for web app testing
  • Identify UART and JTAG pinouts, solder headers, and hardware debugging
  • Get solutions to common wireless protocols
  • Explore the mobile security and firmware best practices
  • Master various advanced IoT exploitation techniques and security automation

In Detail

IoT is an upcoming trend in the IT industry today; there are a lot of IoT devices on the market, but there is a minimal understanding of how to safeguard them. If you are a security enthusiast or pentester, this book will help you understand how to exploit and secure IoT devices.

This book follows a recipe-based approach, giving you practical experience in securing upcoming smart devices. It starts with practical recipes on how to analyze IoT device architectures and identify vulnerabilities. Then, it focuses on enhancing your pentesting skill set, teaching you how to exploit a vulnerable IoT device, along with identifying vulnerabilities in IoT device firmware. Next, this book teaches you how to secure embedded devices and exploit smart devices with hardware techniques. Moving forward, this book reveals advanced hardware pentesting techniques, along with software-defined, radio-based IoT pentesting with Zigbee and Z-Wave. Finally, this book also covers how to use new and unique pentesting techniques for different IoT devices, along with smart devices connected to the cloud.

By the end of this book, you will have a fair understanding of how to use different pentesting techniques to exploit and secure various IoT devices.

Style and approach

This recipe-based book will teach you how to use advanced IoT exploitation and security automation.

Table of contents

  1. Preface
    1. What this book covers
    2. What you need for this book
    3. Who this book is for
    4. Sections
      1. Getting ready
      2. How to do it…
      3. How it works…
      4. There's more…
      5. See also
    5. Conventions
    6. Reader feedback
    7. Customer support
      1. Downloading the example code
      2. Downloading the color images of this book
      3. Errata
      4. Piracy
      5. Questions
  2. IoT Penetration Testing
    1. Introduction
    2. Defining the IoT ecosystem and penetration testing life cycle
      1. Penetration testing approaches
        1. Black box
        2. White box
        3. Grey box
    3. Firmware 101
      1. Digging deeper into firmware
      2. Development supply chain of firmware
    4. Web applications in IoT
      1. Web communication
    5. Mobile applications in IoT
      1. Hybrid
      2. Native applications
    6. Device basics
      1. Hardware inputs
    7. Introduction to IoT's wireless communications
      1. Wi-Fi
      2. ZigBee
      3. Z-Wave
      4. Bluetooth
    8. Setting up an IoT pen testing lab
      1. Software tool requirements
        1. Firmware software tools
        2. Web application software tools
        3. Mobile application software tools
          1. Android
          2. iOS
          3. Hardware analysis tool requirements
          4. Hardware tools
          5. Hardware analysis software
        4. Radio analysis tool requirements
        5. Radio analysis hardware
          1. Radio analysis software
  3. IoT Threat Modeling
    1. Introduction
    2. Getting familiar with threat modeling concepts
      1. Getting ready
      2. How to do it...
    3. Anatomy of threat modeling an IoT device
      1. How to do it...
        1. Step 1 - identifying the assets
        2. Step 2 - creating an IoT device architecture overview
        3. Step 3 - decomposing the IoT device
        4. Step 4 - identifying threats
        5. Step 5 - documenting threats
          1. Threat #1
          2. Threat #2
          3. Threat #3
        6. Step 6 - rating the threats
    4. Threat modeling firmware
      1. Getting ready
      2. How to do it...
        1. Step 1 - identifying the assets
        2. Steps 2 and 3 - creating an architecture overview and decomposition
        3. Step 4 - identifying threats
        4. Step 5 - documenting threats
          1. Threat #1
          2. Threat #2
          3. Threat #3
        5. Step 6 - rating the threats
    5. Threat modeling of an IoT web application
      1. How to do it...
        1. Step 1 :Creating an architecture overview and decomposition
        2. Step 2: Identifying threats
        3. Step 3 :Documenting threats
          1. Threat #1
          2. Threat #2
          3. Threat #3
        4. Step 4 : Rating the threats
    6. Threat modeling an IoT mobile application
      1. How to do it...
        1. Step 1: Creating an architecture overview and decomposition
        2. Step 2: Identifying threats
        3. Step 3: Documenting threats
          1. Threat #1
          2. Threat #2
          3. Threat #3
        4. Step 4: Rating the threats
    7. Threat modeling IoT device hardware
      1. How to do it...
        1. Step 1: Creating an architecture overview and decomposition
        2. Step 2: Identifying threats
        3. Step 3: Documenting threats
          1. Threat #1
          2. Threat #2
          3. Threat #3
        4. Step 4: Rating the threats
    8. Threat modeling IoT radio communication
      1. How to do it...
        1. Step 1: Creating an architecture overview and decomposition
        2. Step 2: Identifying threats
        3. Step 3: Documenting threats
          1. Threat #1
          2. Threat #2
          3. Threat #3
        4. Step 4: Rating the threats
  4. Analyzing and Exploiting Firmware
    1. Introduction
    2. Defining firmware analysis methodology
    3. Obtaining firmware
      1. Getting ready
      2. How to do it...
        1. Downloading from the vendor's website
        2. Proxying or mirroring traffic during device updates
        3. Dumping firmware directly from the device
        4. Googling
      3. How it works...
    4. Analyzing firmware
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    5. Analyzing filesystem contents
      1. Getting ready
        1. Manual analysis
        2. Automated tools and scripts
      2. How to do it...
      3. How it works...
      4. There's more...
      5. See also
    6. Emulating firmware for dynamic analysis
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
    7. Getting started with ARM and MIPS
      1. Getting Ready
      2. How to do it...
      3. There's more...
    8. Exploiting MIPS
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
    9. Backdooring firmware with firmware-mod-kit (FMK)
      1. Getting ready
      2. How to do it...
      3. How it works...
  5. Exploitation of Embedded Web Applications
    1. Introduction
    2. Getting started with web app security testing
      1. How to do it...
        1. Web penetration testing methodologies
        2. Choosing your testing tools
    3. Using Burp Suite
      1. Getting ready
      2. How to do it...
      3. How it works...
      4. There's more...
        1. Useful intruder payloads
      5. See also
    4. Using OWASP ZAP
      1. Getting ready
      2. How to do it...
      3. There's more...
    5. Exploiting command injection
      1. Getting ready
      2. How to do it...
      3. See also
    6. Exploiting XSS
      1. Getting ready
      2. How to do it...
        1. Introduction to using BeEF XSS payloads
        2. Basic usage of BeEF when hooking a victim
          1. Proxying traffic through a victim's browser
      3. There's more...
      4. See also
    7. Exploiting CSRF
      1. Getting ready
      2. How to do it...
      3. See also
  6. Exploiting IoT Mobile Applications
    1. Introduction
    2. Acquiring IoT mobile applications
      1. How to do it...
    3. Decompiling Android applications
      1. Getting ready
      2. How to do it...
      3. See also
    4. Decrypting iOS applications
      1. Getting ready
      2. How to do it...
      3. See also
    5. Using MobSF for static analysis
      1. Getting ready
      2. How to do it...
        1. Android static analysis
        2. iOS static analysis
      3. There's more...
    6. Analyzing iOS data storage with idb
      1. Getting ready
      2. How to do it...
      3. There's more...
      4. See also
    7. Analyzing Android data storage
      1. Getting ready
      2. How to do it...
      3. See also
    8. Performing dynamic analysis testing
      1. Getting ready
      2. How to do it...
      3. See also
  7. IoT Device Hacking
    1. Introduction
    2. Hardware exploitation versus software exploitation
    3. Hardware hacking methodology
      1. Information gathering and recon
      2. External and internal analysis of the device
      3. Identifying communication interfaces
      4. Acquiring data using hardware communication techniques
      5. Software exploitation using hardware exploitation methods
    4. Hardware reconnaissance techniques
      1. Opening the device
      2. Looking at various chips present
    5. Electronics 101
      1. Resistor
      2. Voltage
      3. Current
      4. Capacitor
      5. Transistor
      6. Memory types
      7. Serial and parallel communication
      8. There's more...
    6. Identifying buses and interfaces
      1. UART identification
      2. SPI and I2C identification
      3. JTAG identification
      4. There's more...
    7. Serial interfacing for embedded devices
      1. Getting ready
      2. How to do it...
      3. See also
    8. NAND glitching
      1. Getting ready
      2. How to do it...
      3. See also
    9. JTAG debugging and exploitation
      1. Getting ready
      2. How to do it...
      3. See also
  8. Radio Hacking
    1. Introduction
    2. Getting familiar with SDR
      1. Key terminologies in radio
    3. Hands-on with SDR tools
      1. Getting ready
      2. How to do it...
        1. Analyzing FM
        2. RTL-SDR for GSM analysis
        3. Working with GNU Radio
      3. There's more...
    4. Understanding and exploiting ZigBee
      1. Getting ready
      2. How to do it...
      3. There's more...
    5. Gaining insight into Z-Wave
      1. How to do it...
    6. Understanding and exploiting BLE
      1. Getting ready
      2. How to do it...
      3. There's more...
  9. Firmware Security Best Practices
    1. Introduction
    2. Preventing memory-corruption vulnerabilities
      1. Getting ready
      2. How to do it...
      3. See also
    3. Preventing injection attacks
      1. How to do it...
      2. See also
    4. Securing firmware updates
      1. How to do it...
    5. Securing sensitive information
      1. How to do it...
      2. See also
    6. Hardening embedded frameworks
      1. Getting ready
      2. How to do it...
    7. Securing third-party code and components
      1. Getting ready
      2. How to do it...
  10. Mobile Security Best Practices
    1. Introduction
    2. Storing data securely
      1. Getting ready
      2. How to do it...
      3. See also
    3. Implementing authentication controls
      1. How to do it...
      2. See also
    4. Securing data in transit
      1. How to do it...
        1. Android
        2. iOS
      2. See also
    5. Securely using Android and iOS platform components
      1. How to do it...
    6. Securing third-party code and components
      1. How to do it...
      2. See also
    7. Employing reverse engineering protections
      1. How to do it...
      2. There's more...
      3. See also
  11. Securing Hardware
    1. Introduction
    2. Hardware best practices
    3. Uncommon screw types
    4. Antitamper and hardware protection mechanisms
    5. Side channel attack protections
    6. Exposed interfaces
    7. Encrypting communication data and TPM
  12. Advanced IoT Exploitation and Security Automation
    1. Introduction
    2. Finding ROP gadgets
      1. Getting ready
      2. How to do it...
      3. See also
    3. Chaining web security vulnerabilities
      1. How to do it...
        1. Step 1 - identifying assets and entry points
        2. Step 2 - finding the weakest link
        3. Step 3 - reconnaissance
          1. Android application
          2. iOS application
          3. Web application
        4. Step 4 - identifying vulnerabilities
        5. Step 5 - Exploitation -- Chaining vulnerabilities
      2. See also
    4. Configuring continuous integration testing for firmware
      1. Getting ready
      2. How to do it...
      3. See also
    5. Configuring continuous integration testing for web applications
      1. Getting ready
      2. How to do it...
      3. See also
    6. Configuring continuous integration testing for mobile applications
      1. Getting ready
      2. How to do it...
      3. See also

Product information

  • Title: IoT Penetration Testing Cookbook
  • Author(s): Aaron Guzman, Aditya Gupta
  • Release date: November 2017
  • Publisher(s): Packt Publishing
  • ISBN: 9781787280571