Blog

Stay up to date with Payatu blog
Payatu IoT MasterClass Blog Series
Level up with expert-curated content
Payatu brings you the IoT Masterclass Blog Series aimed towards industry novices to help them kickstart their journey in IoT Security. Gear yourself up with the critical fundamentals you will need to prosper in the cybersecurity industry, with content developed by some of the industry's most knowledgeable professionals.
Payatu IoT MasterClass Blog Series
Level up with expert-curated content
Payatu brings you the IoT Masterclass Blog Series aimed towards industry novices to help them kickstart their journey in IoT Security. Gear yourself up with the critical fundamentals you will need to prosper in the cybersecurity industry, with content developed by some of the industry's most knowledgeable professionals.
Payatu IoT Blog Series
Masterclass
IoT Security – Part 1 (101 – IoT Introduction and Architecture)
Admin-Payatu 10/08/2017 | 15 min read
Educate yourself with the basics of IoT in this first installment of the series as we go over concepts like IoT hardware, its usage, and architecture.
Chapter 2
IoT Security – Part 2 (101 – IoT Attack surface)
Admin-Payatu 08/09/2017 | 15 min read
We provide holistic overview of different attack surfaces in an IoT ecosystem ranging from various hardware, mobile, and cloud along with communication interfaces.
IoT Security – Part 3 (101 – IoT Top Ten Vulnerabilities)
Admin-Payatu 19/01/2018 | 15 min read
Carrying the torch forward from OWASP, Payatu has formulated its own list of Top 10 vulnerabilities in the IoT ecosystem.
Chapter 4
IoT Security – Part 4 (Bluetooth Low Energy – 101)
Arun-Magesh 22/10/2018 | 15 min read
In this blog segment, we dive into the essential fundamentals of Bluetooth Low Energy (BLE), method of configuration, and its subtypes along with concepts like GAP and GATT.
IoT Security – Part 5 (ZigBee Protocol - 101)
dattatray 11-June-2020 | 15 min read
In this installment of the series, we get a rundown of Zigbee, its protocols, topologies, and application framework, in addition to device types, ZDOs, Network layers, and other basic principles.
Chapter 6
IoT Security – Part 6 (ZigBee Security - 101)
dattatray 11-June-2020 | 15 min read
Picking it up from the previous blogpost, we encapsulate the Zigbee Security Architecture, including security modes, keys, and protocols, together with implementation vulnerabilities present in them.
IoT Security – Part 7 (Reverse Engineering an IoT Firmware)
munawwar 19-June-2020 | 15 min read
This blog focuses on the brains of an IoT device, Firmware, Firmware. We provide a run-through of the different components involved in building Firmware like interface and operating systems, coupled with reliable open-source tools used for reverse engineering.
Chapter 8
IoT Security – Part 8 (Introduction to software defined radio)
appar 24-June-2020 | 15 min read
We zero-in on the nitty-gritty of Software Defined Radio and the requisite hardware tools needed to get started with an SDR assessment.
IoT Security – Part 9 (Introduction to software defined radio)
appar 25-June-2020 | 15 min read
Carrying on from the previous blog, we now look into the software tool requisites for an SDR assessment, other points of interest, and methods of approaching an RF target.
Chapter 10
IoT Security - Part 10 (Introduction To MQTT Protocol and Security)
aseem 26-June-2020 | 15 min read
This installment of the series focuses Message Queueing Telemetry Transport (MQTT), one of the most prominent IoT protocols. We dive into learning how it works, its usage, methods of assessment, and a general synopsis of the concept.
IoT Security - Part 11 (Introduction To CoAP Protocol And Security)
aseem 27-July-2020 | 15 min read
This blog focuses an IETF standard protocol named CoAP. It contains a comprehensive run-through of the CoAP protocol its features, use, communication and discovery mechanisms, along with security methods to conduct an attack.
Chapter 12
IoT Security - Part 12 (MQTT Broker Security - 101)
dattatray 30-August-2020 | 15 min read
We provide you an insight into the security mechanisms used to secure an MQTT connection between a client and a broker. We go over client authentication, connection security methods in addition to methods of access restriction and certificate revocation.
IoT Security-Part 13 (Introduction to Hardware Recon)
shakir 1-September-2020 | 15 min read
In this blog, we educate you with the fundamentals of Hardware Recon, its importance, tools, components, and methods of analysis. Additionally, we equip you with the basic knowledge required to get into hardware hacking.
Chapter 14
IoT Security-Part 14 (Introduction to and Identification of Hardware Debug Ports)
shakir 25-September-2020 | 15 min read
Applying the knowledge gained from the previous blogpost, we give you an overview of how you can use ExplIoT products, like the Bus Auditor and DIVA Board, to help you better perform hardware assessments.
IoT Security - Part 15 (101 - Hardware Attack Surface : SPI)
asmita-jha 26-September-2020 | 15 min read
In this installment of the series, we teach you the basics of SPI protocol, its application, possible attack scenarios, methods of conducting an attack and how to prevent one.
Chapter 16
IoT Security - Part 16 (101 - Hardware Attack Surface: I2C)
asmita-jha 27-September-2020 | 15 min read
This blog aims to educate you with the fundamentals of Inter-Integrated Circuit (I2C) Protocol, its application, potential attack scenarios, attack vectors as well as preventive measures you can implement.
IoT Security - Part 17 (101 - Hardware Attack Surface: UART)
asmita-jha 27-September-2020 | 15 min read
We provide you information about the Universal Asynchronous Receiver-Transmitter (UART) Interface, its applications, possible attack scenarios, and methods of recon in addition to attack methods.
Chapter 18
IoT Security - Part 18 (101 - Hardware Attack Surface: JTAG, SWD)
asmita-jha 14-October-2020 | 15 min read
This blogpost intents to tutor you on the essentials of industrial standards such as Joint Test Action Group (JTAG) and debug ports namely Serial Wire Debug (SWD), the JTAG/SWD Interface, potential attack scenarios, and methods of attack.
IoT Security - Part 19 (101 - Introduction to Side Channel Attacks (SCA))
asmita-jha 8-December-2020 | 15 min read
This blog is part of the IoT Security series, where we discuss the basic concepts about the IoT/IIoT ecosystem and its security. If you have not gone through the previous blogs in the series, I will u...
Chapter 20
IoT Security - Part 20 (101 - Introduction to Fault Injection Attack (FI))
asmita-jha 12-December-2020 | 15 min read
Side Channel Attack Basics This blog is part of the IoT Security series, where we discuss the basic concepts about the IoT/IIoT ecosystem and its security. If you have not gone through the previous blogs in the series, I will urge you to go through those first. In case you are only interested in the fault injection (FI) introduction, feel free to continue.
IoT Security - Part 21 (Famous IoT Attacks & Vulnerabilities)
asmita-jha 29-December-2020 | 15 min read
This blog is part of the IoT Security series, where we discuss the basic concepts about the IoT/IIoT ecosystem and its security.If you have not gone through the previous blogs in the series, I will urge you to go through those first. In case you are only interested in reading about a few famous IoT attacks and vulnerabilities, feel free to continue.
Payatu Iot Blog Series
Masterclass
Chapter 1
IoT Security – Part 1 (101 – IoT Introduction and Architecture)
Admin-Payatu 10/08/2017 | 15 min read
The problem with every new and complex technology for security researchers is not knowing where to start and how/where to attack. This is a common problem and has a common solution i.e. breaking the technology into small components and start learning each component individually. This process makes you master each component and guides you to focus on the most interesting components according to the researcher. If you have read till here, I’m assuming you are going to stick around and read through. So, without any delay let’s start : ) . Note: 1. The information in this blog series is generic and can be applied to the security research of IoT products in any domain irrespective of their usage including Home automation, Industrial Control Systems, Healthcare, Transportation etc. 2. I will use the words device, hardware and sensor interchangeably to mean the same thing unless specifically mentioned with explanation. 3. I mention IoT ecosystem to mean an IoT product or a solution due to the nature of the IoT technology that comprises of different technologies. IoT != Hardware
Chapter 2
IoT Security – Part 2 (101 – IoT Attack surface)
Admin-Payatu 08/09/2017 | 15 min read
Welcome! I hope you have gone through the previous blog post “IoT Security – Part 1” If not, I would urge you to go through it to understand the meaning of IoT and IoT architecture. Now we will start getting into security and try to define a way to understand and create a structured process to perform security research or penetration testing of IoT. If we look at the architecture defined in the previous post, it now becomes clear and easy for us to segregate the components of IoT and try to define the attack surface for each one of them individually and then combine them to create a holistic overview of the IoT ecosystem attack surface. I call it IoT ecosystem instead of IoT product because it indeed is an ecosystem of different components talking to each other and solving a particular real world problem. Let’s go ahead and define the attack surface of IoT ecosystem and discuss each component’s attack surface in detail. The attack surface by components can be divided into three or four( if we include communication as an attack surface) major areas as follows: Mobile Cloud Communication
Chapter 3
IoT Security – Part 3 (101 – IoT Top Ten Vulnerabilities)
Admin-Payatu 19/01/2018 | 15 min read
When talking about Top Ten vulnerabilities, the first thing that comes to our mind is OWASP. Why not, after all they are the pioneers in defining top 10 vulnerabilities for web and mobile. I’m an OWASP fan, simply because of the work the OWASP community has done over the years to define Application security issues, provide free tutorials and open source tools for the Industry to mitigate the risks and vulnerabilities. It would be highly unlikely that you haven’t heard of OWASP or read content from their website, however if you have not, I strongly suggest that you go through their website  https://www.owasp.org OWASP has also started the IoT security initiative where the community has defined the IoT attack surface and the IoT Top 10 vulnerabilities in addition to web and mobile. They are in the right direction and soon enough it will be an excellent place for IoT security content. The content relevant to the reader for IoT security on OWASP website is as follows: 1. OWASP Web Top 10 project: – https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project 2. OWASP Mobile Top 10 Project: https://www.owasp.org/index.php/OWASP_Mobile_Security_Project 3. OWASP Internet of things project: https://www.owasp.org/index.php/OWASP_Internet_of_Things_Project
Chapter 4
IoT Security – Part 4 (Bluetooth Low Energy – 101)
Arun-Magesh 22/10/2018 | 15 min read
If you haven’t read through Part 1 to Part 3 of our IoT Security Blog series I would urge you to go through them first unless you are already familiar with the basics of IoT. Link to the previous blog – IoT security – Part 3 Bluetooth has been a buzz-word as people wanted all their devices to be smart and which basically implies that you get to control things across the devices and not needing to carry wire around. Bluetooth has been in the market for more than a decade. If you’re a millennial, you would have used those classic fancy Nokia phone which has Bluetooth in it. Bluetooth was invented by Ericsson and other vendors have started using Bluetooth. Soon after that, all the major vendors created a consortium called as Bluetooth Special Interest Group – SIG which governs how the standard should be and the interoperability between different versions. We are not going to talk about Bluetooth. Bluetooth by itself is a massive stack and their specification is around 2000+ pages.  In this blog, I will be covering only the Bluetooth Low Energy more famously known as BLE. With the advent of connecting all the things to the internet, there comes the problem of power and resource. As I mentioned early, Bluetooth is a huge stack. Implementing it in an end device like a fitness band would take more power and resource. So in the Bluetooth 4.0 standard, they introduced something called Low energy which is specially targeted for IoT and smart devices which runs on memory and power constrained devices. Bluetooth SIG started selling the standard as Bluetooth Smart. Which has two components, Bluetooth smart devices are end devices which have only the Bluetooth Low Energy component and Bluetooth smart Ready are the device which is capable of doing both the Bluetooth LE and the EDR-Bluetooth classic component which could be your central device, ie, mobile phone or laptop.
Chapter 5
IoT Security – Part 5 (ZigBee Protocol - 101)
dattatray 11-June-2020 | 15 min read
ZigBee Protocol 101 This blog is part of the “IoT Security” Series. If you haven’t read the previous blogs (part 1- 4) in the series, I urge you to go through them first unless you are alrea
Chapter 6
IoT Security – Part 6 (ZigBee Security - 101)
dattatray 11-June-2020 | 15 min read
ZigBee Security 101 This blog is part of the “IoT Security” Series. If you haven’t read the previous blogs (parts 1 - 5) in the series, I urge you to go through them first unless you are alr
Chapter 7
IoT Security – Part 7 (Reverse Engineering an IoT Firmware)
munawwar 19-June-2020 | 15 min read
Firmware Reverse Engineering: Introduction This blog is part of the “IoT Security” Series. If you haven’t read the previous blogs (parts 1 - 6) in the series, I urge you to go through them f
Chapter 8
IoT Security – Part 8 (Introduction to software defined radio)
appar 24-June-2020 | 15 min read
Introduction This blog is part of the “IoT Security” series. If you haven’t read the previous blogs (parts 1 - 7) in the series, I urge you to go through them first unless you are already fa
Chapter 9
IoT Security – Part 9 (Introduction to software defined radio)
appar 25-June-2020 | 15 min read
Introduction This blog is part of the “IoT Security” series. If you haven’t read the previous blogs (parts 1 - 8) in the series, I urge you to go through them first unless you are already fa
Chapter 10
IoT Security - Part 10 (Introduction To MQTT Protocol and Security)
aseem 26-June-2020 | 15 min read
This blog is part of IoT Security series where we discuss the basic concepts pertaining to the IoT/IIoT eco-system and its security. If you have not gone through the previous blogs in the series, I wo
Chapter 11
IoT Security - Part 11 (Introduction To CoAP Protocol And Security)
aseem 27-July-2020 | 15 min read
This blog is part of the IoT Security series where we discuss the basic concepts pertaining to the IoT/IIoT eco-system and its security. If you have not gone through the previous blogs in the series,
Chapter 12
IoT Security - Part 12 (MQTT Broker Security - 101)
dattatray 30-August-2020 | 15 min read
MQTT Broker Security - 101 This blog is part of IoT Security series where we discuss the basic concepts pertaining to the IoT/IIoT eco-system and its security. If you have not gone through the pre
Chapter 13
IoT Security-Part 13 (Introduction to Hardware Recon)
shakir 1-September-2020 | 15 min read
IoT Security Part 13 (Introduction to Hardware Recon) This blog is part of the IoT Security series where we discuss the basic concepts pertaining to the IoT/IIoT eco-system and its security. If yo
Chapter 14
IoT Security-Part 14 (Introduction to and Identification of Hardware Debug Ports)
shakir 25-September-2020 | 15 min read
IoT Security-Part 14 (Introduction to and Identification of Hardware Debug Ports) This blog is part of the IoT Security series where we discuss the basic concepts pertaining to the IoT/IIoT eco-sy
Chapter 15
IoT Security - Part 15 (101 - Hardware Attack Surface : SPI)
asmita-jha 26-September-2020 | 15 min read
This blog is part of the IoT Security series, where we discuss the basic concepts about the IoT/IIoT eco-system and its security. If you have not gone through the previous blogs in the series, I will
Chapter 16
IoT Security - Part 16 (101 - Hardware Attack Surface: I2C)
asmita-jha 27-September-2020 | 15 min read
This blog is part of the IoT Security series, where we discuss the basic concepts about the IoT/IIoT eco-system and its security. If you have not gone through the previous blogs in the series, I will
Chapter 17
IoT Security - Part 17 (101 - Hardware Attack Surface: UART)
asmita-jha 27-September-2020 | 15 min read
This blog is part of the IoT Security series, where we discuss the basic concepts about the IoT/IIoT eco-system and its security. If you have not gone through the previous blogs in the series, I will
Chapter 18
IoT Security - Part 18 (101 - Hardware Attack Surface: JTAG, SWD)
asmita-jha 14-October-2020 | 15 min read
This blog is part of the IoT Security series, where we discuss the basic concepts about the IoT/IIoT eco-system and its security. If you have not gone through the previous blogs in the series, I will
Chapter 19
IoT Security - Part 19 (101 - Introduction to Side Channel Attacks (SCA))
asmita-jha 8-December-2020 | 15 min read
This blog is part of the IoT Security series, where we discuss the basic concepts about the IoT/IIoT ecosystem and its security. If you have not gone through the previous blogs in the series, I will u
Chapter 20
IoT Security - Part 20 (101 - Introduction to Fault Injection Attack (FI))
asmita-jha 12-December-2020 | 15 min read
This blog is part of the IoT Security series, where we discuss the basic concepts about the IoT/IIoT ecosystem and its security. If you have not gone through the previous blogs in the series, I will u
Chapter 21
IoT Security - Part 21 (Famous IoT Attacks & Vulnerabilities)
asmita-jha 29-December-2020 | 15 min read
This blog is part of the IoT Security series, where we discuss the basic concepts about the IoT/IIoT ecosystem and its security.If you have not gone through the previous blogs in the series, I will ur
Take it offline
Don't have time to read the whole guide right now?
No worries. Enjoy our free-to-download PDFs so you can read them at your own leisure.
Yes ! Give my PDF
Take it offline
Don't have time to read the whole guide right now?
No worries. Enjoy our free-to-download PDFs so you can read them at your own leisure.

Chapter 1: IoT Security – Part 1 (101 – IoT Introduction and Architecture)

Download

Chapter 2: IoT Security – Part 2 (101 – IoT Attack surface)

Download

Chapter 3: IoT Security – Part 3 (101 – IoT Top Ten Vulnerabilities)

Download

Chapter 4: IoT Security – Part 4 (Bluetooth Low Energy – 101)

Download

Chapter 5: IoT Security – Part 5 (ZigBee Protocol - 101)

Download

Chapter 6: IoT Security – Part 6 (ZigBee Security - 101)

Download

Chapter 7: IoT Security – Part 7 (Reverse Engineering an IoT Firmware)

Download

Chapter 8: IoT Security – Part 8 (Introduction to software defined radio)

Download

Chapter 9: IoT Security – Part 9 (Introduction to software defined radio)

Download

Chapter 10: IoT Security - Part 10 (Introduction To MQTT Protocol and Security)

Download

Chapter 11: IoT Security - Part 11 (Introduction To CoAP Protocol And Security)

Download

Chapter 12: IoT Security - Part 12 (MQTT Broker Security - 101)

Download

Chapter 13: IoT Security-Part 13 (Introduction to Hardware Recon)

Download

Chapter 14: IoT Security-Part 14 (Introduction to and Identification of Hardware Debug Ports)

Download

Chapter 15: IoT Security - Part 15 (101 - Hardware Attack Surface : SPI)

Download

Chapter 16: IoT Security - Part 16 (101 - Hardware Attack Surface: I2C)

Download

Chapter 17: IoT Security - Part 17 (101 - Hardware Attack Surface: UART)

Download

Chapter 18: IoT Security - Part 18 (101 - Hardware Attack Surface: JTAG, SWD)

Download

Chapter 19: IoT Security - Part 19 (101 - Introduction to Side Channel Attacks (SCA))

Download

Chapter 20: IoT Security - Part 20 (101 - Introduction to Fault Injection Attack (FI))

Download

Chapter 21: IoT Security - Part 21 (Famous IoT Attacks & Vulnerabilities)

Download