Practical IoT Hacking Basic Edition

26th - 27thApril | 2 Days


Trainers

Aseem Jakhar

Overview

"The great power of Internet Of Things comes with the great responsibility of security". Being the hottest technology, the developments and innovations are happening at a stellar speed, but the security of IoT is yet to catch up. Since the safety and security repercussions are serious and at times life threatening, there is no way you can afford to neglect the security of IoT products.

"Practical Internet Of Things Hacking" is a research backed and unique course which offers security professionals, a deep understanding of the core of IoT Technology and the underlying vulnerabilities. The extensive hands-on labs enable attendees to master the art, tools and techniques to find-n-exploit or find-n-fix the vulnerabilities in IoT, not just on emulators but on real smart devices as well.

The course specifically focuses on the security issues and attacks on evolving IoT technologies including widely used IoT protocols and platforms in various domains such as home, enterprise and Industrial Automation. It covers grounds-up on various IoT protocols including internals, specific attack scenarios for individual protocols and open source software / hardware tools one needs to have in their IoT penetration testing arsenal. We also discuss in detail how to attackthe underlying hardware of the sensors and the connected mobile apps using various practical techniques.

Throughout the course, We will use DRONA, a VM created by us specifically for IoT penetration testing. DRONA is the result of our R&D and has most of the equired tools for IoT security analysis. We will also distribute DIVA – IoT, a vulnerable IoT sensor made in-house for hands-on exercises.

The "Practical IoT Hacking" course is aimed at security professionals who want to enhance their skills and move to / specialise in IoT security. The course is tructured for beginner to intermediate level attendees who do not have any experience in IoT, reversing, mobile security or hardware.


Who Should Attend

  • Penetration testers tasked with auditing IoT
  • Bug hunters who want to find new bugs in IoT products
  • Government officials from defensive or offensive units
  • Red team members tasked with compromising the IoT infrastructure
  • Security professionals who want to build IoT security skills
  • Embedded security enthusiasts
  • IoT Developers and testers
  • Anyone interested in IoT security

Prerequisite Knowledge

  • Basic knowledge of web and mobile security
  • Basic knowledge of Linux OS
  • Basic knowledge of programming (C, python) would be a plus

Hardware / Software Requirements

  • Laptop with at least 40 GB free space
  • 4+ GB minimum RAM (2+GB for the VM)
  • External USB access
  • Administrative privileges on the system
  • Virtualization software – VirtualBox 5.X
  • Linux machines should have exfat-utils and exfat-fuse installed (ex: sudo apt-get install exfat-utils exfat-fuse)
  • Virtualization (Vx-t) option enabled in the BIOS settings for virtualbox to work

Agenda

  • Introduction to IOT
  • IOT Architecture
  • Identify attack surfaces

IoT Protocols Overview

  • MQTT
    • Introduction
    • Protocol Internals
    • Reconnaisance
    • Information leakage
    • Hands-on with open source tools
  • CoAP
    • Introduction
    • Protocol Internals
    • Reconnaissance
    • Cross-protocol HTTP attacks
    • Hands-on with open source tools
  • M2MXML
    • Introduction
    • m2mxmlformat
    • Security issues

Industrial IoT Protocols Overview

  • Modbus
    • Introduction and protocol Overview
    • Reconnaissance (Active and Passive)
    • Sniffing and Eavesdropping
    • Baseline Response Replay
    • Modbus Flooding
    • Modifying Coil and register values of PLC
    • Rogue Interloper (PLC)
    • Hands-on with open source tools
  • S7comm
    • Introduction and protocol Overview
    • Reconnaissance (Active and Passive)
    • Sniffing and Eavesdropping
    • Uploading and downloading PLC programs
    • Start and Stop plc CPU
    • Dumping and analysis of Memory
    • Hands-on with open source tools
  • CanBus
    • Introduction and protocol Overview
    • Reconnaissance (Active and Passive)
    • Sniffing and Eavesdropping
    • Replay Attack
    • Packet Forging attack
    • Hands-on with open source tools

Understanding Radio

  • Signal Processing
  • Software Defined Radio

Gnuradio

  • Introduction to gnuradio concepts
  • Creating a flow graph
  • Analyzing radio signals
  • Recording specific radio signal
  • Replay Attacks
  • Reverse engineering OOK radio signals to extract communication data
  • Generating a signal
  • Hands-on with a wireless key fob and / or door bell

Radio IoT Protocols Overview

Zigbee

  • Introduction and protocol Overview
  • Reconnaissance (Active and Passive)
  • Sniffing and Eavesdropping
  • Replay attacks
  • Encryption Attacks
  • Packet Forging attack
  • Zigbee hardware analysis
  • Hands-on with RZUSBstick and open source tools
  • Introduction to IoT Sensor hardware
  • Device Reconnaissance
  • Conventional Attacks

Firmware

  • Types
  • Firmware analysis and reversing
  • Firmware modification
  • Simulating device environments

External Storage Attacks

  • Symlink files
  • Compressed files

Hardware Tools

  • Bus Pirate
  • Jtagulator
  • Logic Analyzer

Attacking Hardware Interfaces

  • Hardware Components Reconnaissance UART
    • What is UART
    • Identifying UART interface
    • Method 1
    • Method 2
    • Accessing sensor via UART
  • I2C
    • Introduction
    • I2C Protocol
    • Interfacing with I2C
    • Manipulating Data via I2C
    • Sniffing run-time I2C communication
  • SPI
    • Introduction
    • SPI Protocol
    • Interfacing with SPI
    • Manipulating data via SPI
    • Sniffing run-time SPI communication
  • JTAG
    • Introduction
    • Identifying JTAG interface • Method 1
    • Method 2
    • Run-time analysis and data extraction with openocd

Side channel attacks

  • Clock Glitch Attack
  • VCC Glitch Attack

Bio

Aseem Jakhar is the Director, research at Payatu payatu.com a boutique security testing company specializing in IoT, embedded, mobile and cloud security assessments. He is well known in the hacking and security community as the founder of null - The open security community, registered not-for-profit organization http://null.co.in and also the founder of nullcon security conference nullcon.net and hardwear.io security conference http://hardwear.io He has worked on various security software including UTM appliances, messaging / security appliances, anti-spam engine, anti-virus software, Transparent HTTPS proxy with captive portal, bayesian spam filter to name a few. He currently spends his time researching on IoT security and hacking things. He is an active speaker and trainer at security conferences like AusCERT, Black Hat, Brucon, Defcon, Hack In The Box, Hack.lu, Hack in Paris, PHDays and many more. He is the author of various open source security tools including: