3.8 Attacks & exploits: Attacks on Specialized Systems Flashcards
Internet of Things (IoT) Devices: what is it? is it secure?
▪ A group of objects that can be electronic or not, which are all connected to the wider internet by using embedded electronic components
▪ IoT devices are not always secured
Internet of Things (IoT) Devices: what protocols the IoT use (7)? Explain each of them
▪ Wi-Fi: can be operated in either infrastructure mode or ad hoc mode to create a local area network or a personal area network
▪ Bluetooth: short-range wireless networking technology that can be used by IoT devices
▪ Radio Frequency ID (RFID): Used to interconnect badges and card keys to the network
▪ Near Field Communication (NFC): Enables two electronic devices to communicate when they come within about 4 cm of each other
▪ Infrared: Used for devices that need to communicate using a line of sight communication using light beams inside of the infrared spectrum. Infrared only covers a distance on a relatively low bandwidth solution
▪ Zwave: A short range, low latency data transfer technology that uses less power and has lower data rates than Wi-Fi
▪ ANT+: A technology used for the collection of sensor data from different IoT devices
Internet of Things (IoT) Devices: how IoT devices communicate with each others (2)?
▪ Machine to Machine (M2M): Involves communication between the IoT device and some other traditional system like a server or a gateway
▪ Machine to Person (M2P): Involves communication between an IoT device and the end user
Internet of Things (IoT) Vulnerabilities: what is the most used OS in IoT devices? is there an issue with the hardware component?
o Most IOT devices use an embedded version of Linux or Android as their OS
o Many manufacturers use outdated or insecure hardware components
Internet of Things (IoT) Vulnerabilities: how to prevent vulnerabilities on IoT devices?
Properly install, secure, and segment IOT devices into their own subnet, VLAN, or network outside of the normal IT production network
Internet of Things (IoT) Vulnerabilities: what are the group of vulnerability (5) and give precise vulnerability for each group?
1/ Insecure defaults:
● Default login credentials
● No password set
● Number of open ports
● Unauthorized connection
● Firewall being turned off
2/ Hard-coded configurations:
● Self-registering device
● Usernames and passwords in plain text
● Unchangeable settings
3/ Cleartext communication
● Sending data in plain text
4/ Data leakage
5/ Attackers also monitor Bluetooth frequencies being transmitted and conduct eavesdropping: Data modification, Data exfiltration
Internet of Things (IoT) Vulnerabilities: what issue can you have when exploit a vulnerability on IoT?
Be careful in which exploits you use since you can inadvertently cause the device to go offline, crash, or malfunction
Embedded Systems: what is an Embedded Systems?
▪ A computer system that is designed to perform a specific, dedicated function
▪ Embedded systems can be a simple device or fully complex with the use of operating systems
Embedded Systems: what is Programmable Logic Controller (PLC)?
▪ A type of computer designed for deployment in an industrial or outdoor setting that can automate and monitor mechanical systems
▪ PLC firmware can be patched and reprogrammed to fix vulnerabilities
Embedded Systems: what is a Programmable Logic Controller (PLC)?
▪ A type of computer designed for deployment in an industrial or outdoor setting that can automate and monitor mechanical systems
▪ PLC firmware can be patched and reprogrammed to fix vulnerabilities
Embedded Systems: what is a System-on-Chip (SoC)?
▪ A processor that integrates the platform functionality of multiple logical controllers onto a single chip
▪ System-on-Chip are power efficient and used with embedded systems
Embedded Systems: what is a Real-Time Operating System (RTOS)?
▪ A type of OS that prioritizes deterministic execution of operations to ensure consistent response for time-critical tasks
▪ Embedded systems typically cannot tolerate reboots or crashes and must have response times that are predictable to within millisecond tolerances
ICS and SCADA Devices: what is an Operational Technology (OT)?
▪ Designed to implement an industrial control system rather than business and data networking systems
▪ Technology that interacts with the real world
Embedded Systems: what is a Field Programmable Gate Array (FPGA)?
▪ A processor that can be programmed to perform a specific function by a customer rather than at the time of manufacture
▪ End customer can configure the programming logic to run a specific application instead of using an ASIC (application-specific integrated circuit)
ICS and SCADA Devices: what is Industrial Control System (ICS)?
● Provides the mechanisms for workflow and process automation by using embedded devices
● Interconnected ICSs create a distributed control system (DCS)
ICS and SCADA Devices: what is Fieldbus?
Links different programmable logic controllers together