MOD 18 - Iot and OT Hacking Flashcards

1
Q

SDR-Based attacks on IoT

A

SDR=Software Defined Radio. This is a method of using software (instead of hardware) to generate radio communications and processing radio signals.
URH (Universal Radio Hacker) is free software for doing wireless attacks against IoT and other wireless devices. Review the 3 attacks here: Replay, Cryptanalysis, and Reconnaissance attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  • HMI-based attack
A

HMI=Human Machine Interface. This is a common type of control system for OT networks. Attackers try to gain access to the HMI to cause damage or steal data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  • Power/Clock/Reset Glitching
A

Attackers inject faults or glitches into the power supply and clock network of the chip.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Defend against IoT hacking

A

Monitor port 48101 as infected devices often attempt to spread malware on this port. The famous Mirai botnet used this to infect IoT devices in 2016, according to CISA: https://us-cert.cisa.gov/ncas/alerts/TA16-288A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

FCC ID Search

A

Used to look up a device’s basic information, such as Vendor, Product ID, and granted FCC certification. Using this info, you can search for vulnerabilities on that device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

OT Network

A

Operational Technology - Hardware or software that monitors or controls Industrial Control Systems (SCADA, for example)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

nmap script enip-info

A

Enumerates Rockwell PLC devices and collects device name and type, Vendor name, Product name and code, IP address, etc. (Ethernet/IP Info)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Flowmon

A

OT security tool to ensure the reliability of industrial networks in order to avoid downtime and disruption of service continuity. Does continuous monitoring to detect anomalies, incidents, zero-days, cyber espionage, malware, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  • Censys
A

IoT search engine (like Shodan) that can give you info about a target IoT device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
  • IoTSeeker
A

Tool that can discover IoT devices that are using default credentials

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Replay Attack (SDR Attack)

A

Obtain specific frequency, used for sharing info between devices, captures original data, then segregates command sequence and injects into the IoT network which replays it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Dyn Attack

A

(Mirai) piece of malware that deliberately finds the IoT devices to infect them. Mirai on Port 48101

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

HMI

A

Human Machine Interface

How well did you know this?
1
Not at all
2
3
4
5
Perfectly