The problem with every new and complex technology for security researchers is not knowing where to start and how/where to attack. This is a common problem and has a common solution i.e. breaking the technology into small components and start learning each component individually. This process makes you master each component and guides you to focus on the most interesting components according to the researcher. If you have read till here, I’m assuming you are going to stick around and read through. So, without any delay let’s start : ) . Note: 1. The information in this blog series is generic and can be applied to the security research of IoT products in any domain irrespective of their usage including Home automation, Industrial Control Systems, Healthcare, Transportation etc. 2. I will use the words device, hardware and sensor interchangeably to mean the same thing unless specifically mentioned with explanation. 3. I mention IoT ecosystem to mean an IoT product or a solution due to the nature of the IoT technology that comprises of different technologies. IoT != Hardware

Welcome! I hope you have gone through the previous blog post “IoT Security – Part 1” If not, I would urge you to go through it to understand the meaning of IoT and IoT architecture. Now we will start getting into security and try to define a way to understand and create a structured process to perform security research or penetration testing of IoT. If we look at the architecture defined in the previous post, it now becomes clear and easy for us to segregate the components of IoT and try to define the attack surface for each one of them individually and then combine them to create a holistic overview of the IoT ecosystem attack surface. I call it IoT ecosystem instead of IoT product because it indeed is an ecosystem of different components talking to each other and solving a particular real world problem. Let’s go ahead and define the attack surface of IoT ecosystem and discuss each component’s attack surface in detail. The attack surface by components can be divided into three or four( if we include communication as an attack surface) major areas as follows: Mobile Cloud Communication

When talking about Top Ten vulnerabilities, the first thing that comes to our mind is OWASP. Why not, after all they are the pioneers in defining top 10 vulnerabilities for web and mobile. I’m an OWASP fan, simply because of the work the OWASP community has done over the years to define Application security issues, provide free tutorials and open source tools for the Industry to mitigate the risks and vulnerabilities. It would be highly unlikely that you haven’t heard of OWASP or read content from their website, however if you have not, I strongly suggest that you go through their website  https://www.owasp.org OWASP has also started the IoT security initiative where the community has defined the IoT attack surface and the IoT Top 10 vulnerabilities in addition to web and mobile. They are in the right direction and soon enough it will be an excellent place for IoT security content. The content relevant to the reader for IoT security on OWASP website is as follows: 1. OWASP Web Top 10 project: – https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project 2. OWASP Mobile Top 10 Project: https://www.owasp.org/index.php/OWASP_Mobile_Security_Project 3. OWASP Internet of things project: https://www.owasp.org/index.php/OWASP_Internet_of_Things_Project

If you haven’t read through Part 1 to Part 3 of our IoT Security Blog series I would urge you to go through them first unless you are already familiar with the basics of IoT. Link to the previous blog – IoT security – Part 3 Bluetooth has been a buzz-word as people wanted all their devices to be smart and which basically implies that you get to control things across the devices and not needing to carry wire around. Bluetooth has been in the market for more than a decade. If you’re a millennial, you would have used those classic fancy Nokia phone which has Bluetooth in it. Bluetooth was invented by Ericsson and other vendors have started using Bluetooth. Soon after that, all the major vendors created a consortium called as Bluetooth Special Interest Group – SIG which governs how the standard should be and the interoperability between different versions. We are not going to talk about Bluetooth. Bluetooth by itself is a massive stack and their specification is around 2000+ pages.  In this blog, I will be covering only the Bluetooth Low Energy more famously known as BLE. With the advent of connecting all the things to the internet, there comes the problem of power and resource. As I mentioned early, Bluetooth is a huge stack. Implementing it in an end device like a fitness band would take more power and resource. So in the Bluetooth 4.0 standard, they introduced something called Low energy which is specially targeted for IoT and smart devices which runs on memory and power constrained devices. Bluetooth SIG started selling the standard as Bluetooth Smart. Which has two components, Bluetooth smart devices are end devices which have only the Bluetooth Low Energy component and Bluetooth smart Ready are the device which is capable of doing both the Bluetooth LE and the EDR-Bluetooth classic component which could be your central device, ie, mobile phone or laptop.

ZigBee Protocol 101 This blog is part of the “IoT Security” Series. If you haven’t read the previous blogs (part 1- 4) in the series, I urge you to go through them first unless you are alrea

ZigBee Security 101 This blog is part of the “IoT Security” Series. If you haven’t read the previous blogs (parts 1 - 5) in the series, I urge you to go through them first unless you are alr

Firmware Reverse Engineering: Introduction This blog is part of the “IoT Security” Series. If you haven’t read the previous blogs (parts 1 - 6) in the series, I urge you to go through them f

Introduction This blog is part of the “IoT Security” series. If you haven’t read the previous blogs (parts 1 - 7) in the series, I urge you to go through them first unless you are already fa

Introduction This blog is part of the “IoT Security” series. If you haven’t read the previous blogs (parts 1 - 8) in the series, I urge you to go through them first unless you are already fa

This blog is part of IoT Security series where we discuss the basic concepts pertaining to the IoT/IIoT eco-system and its security. If you have not gone through the previous blogs in the series, I wo

This blog is part of the IoT Security series where we discuss the basic concepts pertaining to the IoT/IIoT eco-system and its security. If you have not gone through the previous blogs in the series,

MQTT Broker Security - 101 This blog is part of IoT Security series where we discuss the basic concepts pertaining to the IoT/IIoT eco-system and its security. If you have not gone through the pre

IoT Security Part 13 (Introduction to Hardware Recon) This blog is part of the IoT Security series where we discuss the basic concepts pertaining to the IoT/IIoT eco-system and its security. If yo

IoT Security-Part 14 (Introduction to and Identification of Hardware Debug Ports) This blog is part of the IoT Security series where we discuss the basic concepts pertaining to the IoT/IIoT eco-sy

This blog is part of the IoT Security series, where we discuss the basic concepts about the IoT/IIoT eco-system and its security. If you have not gone through the previous blogs in the series, I will

This blog is part of the IoT Security series, where we discuss the basic concepts about the IoT/IIoT eco-system and its security. If you have not gone through the previous blogs in the series, I will

This blog is part of the IoT Security series, where we discuss the basic concepts about the IoT/IIoT eco-system and its security. If you have not gone through the previous blogs in the series, I will

This blog is part of the IoT Security series, where we discuss the basic concepts about the IoT/IIoT eco-system and its security. If you have not gone through the previous blogs in the series, I will

This blog is part of the IoT Security series, where we discuss the basic concepts about the IoT/IIoT ecosystem and its security. If you have not gone through the previous blogs in the series, I will u

This blog is part of the IoT Security series, where we discuss the basic concepts about the IoT/IIoT ecosystem and its security. If you have not gone through the previous blogs in the series, I will u

This blog is part of the IoT Security series, where we discuss the basic concepts about the IoT/IIoT ecosystem and its security.If you have not gone through the previous blogs in the series, I will ur