MOD 18 - Iot and OT Hacking Flashcards
SDR-Based attacks on IoT
SDR=Software Defined Radio. This is a method of using software (instead of hardware) to generate radio communications and processing radio signals.
URH (Universal Radio Hacker) is free software for doing wireless attacks against IoT and other wireless devices. Review the 3 attacks here: Replay, Cryptanalysis, and Reconnaissance attacks
- HMI-based attack
HMI=Human Machine Interface. This is a common type of control system for OT networks. Attackers try to gain access to the HMI to cause damage or steal data.
- Power/Clock/Reset Glitching
Attackers inject faults or glitches into the power supply and clock network of the chip.
Defend against IoT hacking
Monitor port 48101 as infected devices often attempt to spread malware on this port. The famous Mirai botnet used this to infect IoT devices in 2016, according to CISA: https://us-cert.cisa.gov/ncas/alerts/TA16-288A
FCC ID Search
Used to look up a device’s basic information, such as Vendor, Product ID, and granted FCC certification. Using this info, you can search for vulnerabilities on that device
OT Network
Operational Technology - Hardware or software that monitors or controls Industrial Control Systems (SCADA, for example)
nmap script enip-info
Enumerates Rockwell PLC devices and collects device name and type, Vendor name, Product name and code, IP address, etc. (Ethernet/IP Info)
Flowmon
OT security tool to ensure the reliability of industrial networks in order to avoid downtime and disruption of service continuity. Does continuous monitoring to detect anomalies, incidents, zero-days, cyber espionage, malware, etc.
- Censys
IoT search engine (like Shodan) that can give you info about a target IoT device
- IoTSeeker
Tool that can discover IoT devices that are using default credentials
Replay Attack (SDR Attack)
Obtain specific frequency, used for sharing info between devices, captures original data, then segregates command sequence and injects into the IoT network which replays it.
Dyn Attack
(Mirai) piece of malware that deliberately finds the IoT devices to infect them. Mirai on Port 48101
HMI
Human Machine Interface