18 - IoT Hacking Flashcards
What is IoT?
A.k.a. Internet of Everything. Refers to the network of devices with an IP address, that have the capability of sensing, collecting, and analyzing data. A thing is referred to as the device implanted on natural man-made or machine-made objects and having the functionality of communicating over the network.
How does IoT work?
- Sensing Technology: Sensors embedded in the device sense a wide variety of info.
- IoT Gateways: Used to bridge the gap between the IoT device (internal network) and the end user (external network) allowing them to communicate with each other.
- Cloud Server/Data Storage: Data is stored in the cloud and undergoes data analysis.
- Remote Control using Mobile App: End user uses remote control in order to monitor, control, retrieve data and take specific action on IoT devices from a remote location.
What is the architecture of IoT?
- Application Layer: Delivery of various apps to different users
- Middleware Layer: Device and information management
- Internet Layer: Connection between endpoints
- Access Gateway Layer: Protocol translation and messaging
- Edge Technology Layer: Sensors, devices, machines, intelligent edge nodes of all types.
What are the different IoT technologies and protocols?
-
Short Range Wireless Communication:
- Bluetooth Low Energy: Wireless personal network
- Light Fidelity (Li-Fi): Household lightbulbs
- Near Field Communication (NFC): Uses magnetic field induction to enable communication between 2 devices.
- QR Codes and Barcodes
- RFID
- WiFi
-
Medium Range Wireless Communication:
- HaLow: Extended range WiFi
- LTE-Advanced
-
Long Range Wireless Communication:
- LPWAN: Low Power Wide Area Network
- Sigfox: Uses in devices that small battery life
- Cellular: Type of communication that is used over a long distance.
-
Wired Communication:
- Ethernet: Type of LAN
- Multimedia over Coax Alliance (MoCa): Provides high def video of home and content.
- Power-Line Communication (PLC): Where electrical wires are used to transmit power and data from one end point to another.
-
IoT Operating Systems:
- RIOT OS: Less resource intensive, uses energy efficiently.
- ARM mbed OS: Mostly used for low powered devices like watches.
- RealSense OS X: Used in Intel’s depth sensing technology.
- Nucleus RTOS: Primarily used in aerospace, medical, and industrial
- Brillo: Android based embedded OS
- Contiki: Used in low power wireless devices.
- Zephyr: Used in low power and resources constrained devices.
- Ubuntu Core: Aka Snappy, used in robots and drones, etc.
- Integrity RTOS: Primarily used in aerospace, medical, and industrial
- Apache Mynewt: Supports devices that work on Bluetooth Low Energy protocol.
What are the IoT Communication Models?
- Device-to-Device Model: Where devices interact with each other through the internet.
- Device-to-Cloud Model: Where devices communicate with the cloud directly.
- Device-to-Gateway Model: Where device communicates with intermediate device called a Gateway which could provide security features.
- Back-end Data-Sharing Model: Extends Device-to-Cloud communication type by allowing IoT devices to be accessed by 3rd parties for analysis.
What are the challenges/concerns of IoT security?
- Lack of privacy and security
- Vulnerable web interfaces
- Legal issues
- default, weak creds
- Clear text protocols and unnecessary open ports
- Coding errors
- Storage issues
- Difficult to update firmware and OS
- Interoperability standard issues
- Physical theft and tampering
- Lack of vendor support
What are the top 10 IoT Vulnerabilities?
- Insecure Web Interface
- Insufficient Authentication/Authorization
- Insecure Network Services
- Lack of transport encryption/Integrity Verification
- Privacy Concerns
- Insecure Cloud Interface
- Insecure Mobile Interface
- Insufficient Security Config
- Insecure Software/Firmware
- Poor Physical Security
What are the IoT attack surface areas?
- Device Memory: Credentials
- Ecosystem Access Control: Implicit trust between components
- Device Physical Interfaces: Privilege escalation, CLI
- Device Web Interface: SQL injection, XSS
- Device Firmware: sensitive data exposure, creds hardcoded
- Device Network Services: Unencrypted/poorly encrypted services.
- Administrative Interface: SQL Injection, XSS
- Local Data Storage: Data encrypted with discovered keys, lack of integrity checks.
What are some IoT threats?
- DDoS Attack: Converts devices into an army of botnet
- Exploiting HVAC: Gain access to a corporate systems.
- Rolling Code: Attacker jams and sniffs the signal to obtain the code transferred to vehicle’s receiver.
- Blue Borne Attack: Attackers exploit vulnerabilities of Bluetooth protocol.
- Jamming Attack: Attacker jams signal between the sender and the receiver.
- Remote Access using Backdoor: Attackers turn device into backdoor.
- Remote Access using Telnet: Attackers exploit an open telnet port to obtain info.
- Sybil Attack: Attacker uses multiple forged identities to create strong illusion of traffic congestion.
- Exploit Kits: Malicious scripts used to exploit poorly patched devices.
- MitM Attack: Attacker pretends to be a legit sender who intercepts all communication between sender and receiver.
- Replay Attack: Attackers send intercepted messages to target device to perform DoS
- Forged Malicious Device: Attackers replace authentic IoT devices with malicious device.
- Side Channel Attack: Attackers extract info about encryption keys by observing the emission signals (side channels) from IoT devices.
- Ransomware Attack: Type of malware that uses encryption to block user’s access to his/her device.
What is the IoT Hacking Methodology?
- Information Gathering
- Vulnerability Scanning
- Launch Attack
- Gain Access
- Maintain Access
How can you defend against IoT Hacking?
- Disable Guest or Demo user accounts
- Use Lockout feature to disable multiple login attempts
- Implement strong authentication mechanisms.
- Implement IPS/IDS in the network
- Implement end-to-end encryption
- Use VPN architecture
- Allow only trusted IP’s to access device from internet
- Disable Telnet
- Disable UPnP port on routers
- Prevent the devices against physical tampering
- Patch vulnerabilities
- Monitor traffic on port 48101 for infected traffic
What are general guidelines for IoT device manufacturing companies?
- SSL/TLS should be used for communications
- Check SSL certs
- Use of strong passwords
- Implement account lockout mechanisms
- Check device for unused tools
- Use secure boot chain
What are the IoT Vulnerabilities?
- Username Enumeration
- Weak Passwords
- Account Lockout
- Unencrypted Services
- 2FA
- Poorly Implemented Encryption
- Update Sent Without Encryption
- Update Location Writable
- Denial of Service
- Removal of Storage Media
- No Manual Update Mechanism
- Obtaining Console Access
What are SDR-Based Attacks on IoT?
Attackers use Software Defined Radio (SDR) to examine the communication signals in the IoT network and sends spam content or texts to the interconnected devices. Can also change the transmission and reception of signals between the devices.
- Replay Attack: The attacker obtains the specific frequency used for sharing information between connected devices and captures the original data when a command is initiated by these devices.
- Cryptanalysis Attack: The attacker uses the same procedure as that followed in a replay attack, along with reverse engineering of the protocol to capture the original signal.
- Reconnaissance Attack: Attacker obtains info about the target device from the device’s specification.
What is DNS rebinding?
A process of gaining access over the victim’s router using a malicious JavaScript code injected on a web page. After that, an attacker can assault any device activated using the default password.