IoT Hackers Handbook is officially out!!
Written in a way in which anyone even starting out would be able to get started with IoT Exploitation. 300 pages covering all different aspects of Internet of Things and Smart Devices exploitation.
Contents covered in the book include:
- Attack Surface mapping
- Firmware analysis
- Hardware Hacking and Embedded Device exploitation
- UART, JTAG and SPI Exploitation
- Exploiting Mobile, web and Network for IoT
- Software Defined Radio
- ZigBee and BLE Exploitation
Since IoT exploitation requires access to various hardware and tools, it is HIGHLY RECOMMENDED to get the IoT Exploitation Learning kit
along with this. DETAILED TABLE OF CONTENTS:
1. Introduction to the Internet of Things
This chapter will get you started with the Internet of Things, understanding the entire ecosystem and get you in a security mindset for the chapters to follow. It ensures that even if you are completely new to the IoT ecosystem, you can get started and learn about the security issues and vulnerabilities using the book.
2. Performing an IoT Pentest
How do you structure an IoT pentest? What are the different things to keep in mind while performing a pentest? How to perform the threat modeling in IoT devices? This chapters answers all of that and more. At the completion of this chapter, you will be able to look at an IoT device, and create a complete architectural diagram including the various threat vectors that are possible for that device.
3. Analyzing Hardware
Analyzing Hardware chapter is where the fun begins! You will be taking apart hardware and performing external and internal inspection to understand the device from a security perspective. You will also look at the internal circuitry and try to understand what is the purpose of various chips and how they could be used for hardware exploitation.
4. UART Communication
Serial communication is one of the most common techniques used for hardware and embedded device exploitation in IoT devices. This chapter explains how you can get started, identify the UART pinouts, understand the functionality of each pins and connect to it to access sensitive information including debug logs and finally getting access as root.
5. Exploitation using I2C and SPI
This chapter answers one of the most important questions in IoT device exploitation - how would you analyze a firmware if the vendor has not made the firmware public? Well, one of the ways to do that is dump the firmware from one of the Flash chips. For this, we will need to understand I2C and SPI, and then connect our exploitation device to the target, and dump the entire firmware (or keys, private certificates and other sensitive information).
6. JTAG Debugging and Exploitation
JTAG (Joint Test Action Group) is one of the keywords which some people are scared of. This chapter breaks it down so that you actually understand what JTAG is, how to use it to debug target devices, how to identify the pinouts and perform even more exploitation. It also shows how to use JTAG debugging to manipulate a process runtime or perform attacks such as authentication bypasssing.
7. Firmware Reverse Engineering and Exploitation
Firmware holds the keys of the kingdom. Reversing and extracting file system from the firmware can give you access to tonnes of sensitive information including certificates, keys, staging URLs, functionality mechanism and more. This chapter showcases some of the ways in which you could perform Firmware analysis and exploitation.
8. Exploiting Mobile, Web and Network for IoT
Any IoT device uses a number of components including mobile applications, web dashboards/backend and network availability. These also are one of the possible entry points in order to compromise a given device. This chapter explains how you could reverse engineer a mobile/web application and its communication to access sensitive information such as how the device communicates with the mobile app, spoof that communication and more.
9. Software Defined Radio
Radio in IoT is one of the attack vectors with which you can compromise an IoT device remotely. In this chapter, we will gain understanding of Software Defined Radio, capturing signals, replaying them, reversing them and more. We will also be creating our own radio processing blocks using tools such as GNURadio.
10. Exploiting ZigBee and BLE
The two most common protocols in the IoT ecosystem are Bluetooth (Low Energy) and ZigBee. However, as you might imagine, these communication channels are not often extremely secure and could be used to compromise the device using techniques such as capturing the packets, understanding what values are being written, writing them manually to perform device takeover attacks and more.
11. Final Chapter
Concluding chapter and Author remarks