IoT and OT Hacking

Question 1

In IoT, what is the Internet Layer?

Answer 1

The Internet Layer serves as the main component in carrying out communication between two endpoints, such as device-to-device, device-to-cloud, device-to-gateway, or back-end data sharing

Question 2

In IoT, what is the Access Gateway Layer?

Answer 2

This layer helps to bridge the gap between two endpoints, such as a device and a client. The initial data handling also takes place in this layer. This layer carries out message routing, message identification, and subscribing

Question 3

In IoT, what is the Middleware Layer?

Answer 3

The Middleware Layer is one of the most critical layers that operates in two-way mode. It is responsible for important functions such as data management, device management, and various issues like data analysis, data aggregation, data filtering, device information discovery, and access control

Question 4

In IoT, what is the Edge Technology Layer?

Answer 4

This layer consists of all the hardware components, including sensors, radio-frequency identification (RFID) tags, readers, or other soft sensors, and the device itself

Question 5

What is Contiki?

Answer 5

Contiki is an operating system used in low-power wireless devices such as street lighting, sound monitoring systems, etc

Question 6

Which of the following protocols is used to enable fast and seamless interaction with nearby IoT devices and reveals the list of URLs being broadcasted by nearby devices with BLE beacons?

• LWM2M
• CoAP
• XMPP
• Physical Web

Answer 6

Physical Web - Physical Web is a technology used to enable faster and seamless interaction with nearby IoT devices. It reveals the list of URLs being broadcast by nearby devices with BLE beacons

Question 7

What is CoAP?

Answer 7

Constrained Application Protocol (CoAP) is a web transfer protocol used to transfer messages between constrained nodes and IoT networks. This protocol is mainly used for machine-to-machine (M2M) applications such as building automation and smart energy

Question 8

What is XMPP?

Answer 8

eXtensible Messaging and Presence Protocol (XMPP) is an open technology for real-time communication used for IoT devices. This technology is used for developing interoperable devices, applications, and services for the IoT environment

Question 9

What is LWM2M?

Answer 9

Lightweight Machine-to-Machine (LWM2M) is an application-layer communication protocol used for application-level communication between IoT devices; it is used for IoT device management.

Question 10

In IoT, what is the Back-End Data-Sharing Communication Model?

Answer 10

The Back-End Data-Sharing communication model extends the device-to-cloud communication type such that the data from the IoT devices can be accessed by authorized third parties. Here, devices upload their data onto the cloud, which is later accessed or analyzed by third parties.

Question 11

In IoT, what are the effects of an insecure web interface?

Answer 11

Insecure web interface occurs when certain issues with the web interface arise, such as weak credentials, lack of account lockout mechanism and account enumeration. These issues can result in a loss of data, loss of privacy, lack of accountability, denial of access and even complete device access takeover

Question 12

In IoT, what are the effects of insecure network interfaces?

Answer 12

Insecure network services are prone to various attacks like buffer overflow attacks, which cause a denial-of-service scenario, thus leaving the device inaccessible to the user

Question 13

What is a Sybil Attack?

Answer 13

An attacker uses multiple forged identities to create a strong illusion of traffic congestion, affecting communication between neighboring nodes and networks

Question 14

In IoT, what are the effects of insecure data transfer and storage?

Answer 14

Lack of encryption and access control of data that is in transit or at rest may result in leakage of sensitive information to malicious users.

Question 15

In IoT, what are the effects of Insecure Ecosystem Interfaces?

Answer 15

Insecure ecosystem interfaces such as web, backend API, mobile, and cloud interfaces outside the device lead to compromised security of the device and its components

Question 16

In IoT, what are the effects of insecure default settings?

Answer 16

Insecure or insufficient device settings restrict the operators from modifying configurations to make the device more secure.

Question 17

Which nmap command can be used to identify the IPv6 characteristics of a device?

Answer 17

nmap -6 -n -Pn -sSU -pT:0-65535,U:0-65535 -v -A -oX

Question 18

Using which one of the following tools can an attacker perform BlueBorne or airborne attacks such as replay, fuzzing, and jamming?

• HackRF one
• Foren6
• RIoT vulnerability scanning
• Zigbee framework

Answer 18

HackRF One

Question 19

Out of the following RFCrack commands, which command is used by an attacker to perform jamming?

• python RFCrack.py -i
• python RFCrack.py -r -U “-75” -L “-5” -M MOD_2FSK -F 314350000
• python RFCrack.py -j -F 314000000
• python RFCrack.py -r -M MOD_2FSK -F 314350000

Answer 19

python RFCrack.py -j -F 314000000

• -j - jammer mode
• -F - frequency

Question 20

What are the arguments for RF Crack?

Answer 20

• -j - Jamming Mode
• -F N - Specify Frequency
• -r - Rolling Code
• -M - Modulation Type
• -U - Upper-limit of RSSI
• -L - Lower-limit of RSSI
• -i - Instant Replay - Replay Attack

Question 21

What is Thingful?

Answer 21

Thingful is a search engine for finding and using open IoT data from around the world. It helps organizations make better decisions with external IoT data.

Question 22

Which of the following tools is a smart fuzzer that detects buffer-overflow vulnerabilities by automating and documenting the process of delivering corrupted inputs and watching for an unexpected response from the application?

• Universal Radio Hacker
• RTL-SDR
• Censys
• beSTORM

Answer 22

beSTORM. beSTORM is a dynamic fuzzing solution supporting a variety of software, hardware, and protocols, in IoT, process control, automative and aerospace workspaces.

• RTL-SDR is a software defined radio
• Censys is a continuous discovery and asset management tool, geared towards reducing a company’s attack surface and identifying otherwise unknown risk.
• Universal Radio Hacker (URH) is a complete suite for wireless protocol investigation with native support for many common Software Defined Radios.

Question 23

In order to protect a device against insecure network services vulnerability, which of the following solutions should be implemented?

• End-to-end encryption
• Enable two-factor authentication
• Implement secure password recovery mechanisms
• Disable UPnP

Answer 23

Disable UPnP

Question 24

Which of the following TCP/UDP port is used by the infected devices to spread malicious files to other devices in the network?

• Port 22
• Port 23
• Port 48101
• Port 53

Answer 24

Port 48101

Question 25

What is SeaCat.io?

Answer 25

Seacat is a cyber-security and data privacy platform for mobile and IoT applications.

Question 26

Which of the following is a security consideration for the gateway component of IoT architecture?

• Secure web interface, encrypted storage
• Local storage security, encrypted communications channels
• Multi-directional encrypted communications, strong authentication of all the components, automatic updates
• Storage encryption, update components, no default passwords

Answer 26

Multi-directional encrypted communications, strong authentication of all the components, automatic updates

Question 27

Which of the following tools can be used to protect private data and home networks while preventing unauthorized access using PKI-based security solutions for IoT devices?

• DigiCert IoT security solution
• SeaCat.io
• Firmalyzer Enterprise
• Censys

Answer 27

DigiCert IoT security solution

Question 28

Encrypted communications, strong authentication credentials, secure web interface, encrypted storage, and automatic updates are the security considerations for which of the following components?

• Edge
• Gateway
• Cloud platform
• Mobile

Answer 28

Cloud Platform

Question 29

What is OT?

Answer 29

OT stands for operational technology. These include PLCs and other technology used in manufacturing and other key industrial equipment and workflows.

Question 30

What are the layers of the Purdue Process for Industrial Control Systems?

Answer 30

• Layer 4-5: Enterprise - IT network where business function occurs. This level provides business direction and orchestrates manufacturing operations.
• Layer 3.5: Demilitarized Zone. This contains firewalls and other hardware used to securely separate the OT and IT networks.
• Layer 3: Manufacturing Operations Systems. This is where the production workflow is managed on the manufacturing floor. Customized systems based on operating systems, such as Windows, are used to perform batch management, record data, and manage operations and plant performance
• Layer 2: Control Systems. Supervisory control and data acquisition (SCADA) software is used to supervise, monitor, and control physical processes. SCADA can manage systems over long distances from the physical location of the plants, while the distributed control system (DCS) and programmable logic controllers (PLCs) are usually deployed within the plant
• Layer 1: Basic Controls/Intelligent Devices. Sensing and manipulating physical processes occurs at this level with process sensors, analyzers, actuators, and related instrumentation. To drive efficiencies, sensors are increasingly communicating directly with their vendor monitoring software in the cloud via cellular networks
• Layer 0: Contains/defines the raw, low level physical processes that occur on the most granular level.

Question 31

In Operational Technology, what is a SIS?

Answer 31

A safety instrumented systems (SIS) is an automated control system designed to safeguard the manufacturing environment in case of any hazardous incident in the industrial environment.

Question 32

In OT, what is a DCS?

Answer 32

A DCS (Distributed Control System) is used to control production systems spread within the same geographical location.

Question 33

In OT, what is ISA/IEC 62443?

Answer 33

ISA/IEC 62443 provides a flexible framework for addressing and mitigating current and future security vulnerabilities in industrial automation and control systems.