IoT Hacking

Internet Of Things (IoT), refers to the network of devices that are interconnected via the internet, for example, your Home security systems viz., cameras and burglar alarms, that are connected to the internet, lets you perform surveillance via your mobile devices whilst on the move. Other example would include, your health/fitness wrist bands connected to the internet to the service providers servers for data processing and giving you valuable insight into your health based on your heart rate, distance travelled and many other parameters. There are millions of IoT devices used across different sectors viz., finance, health, marketing etc. that are adding value to human lives and businesses. However all these devices are prone to attacks that can cascade into something bigger. As part of this chapter, we need to understand the IoT Architecture, communication models, various IoT threats and attacks and the countermeasures that needs to be put in place.

IoT Communication Models:

There are 4 models – 

1. Device to Device Communication – example of this will be your WiFi enabled printers, that can be instructed to print documents via your mobile device.
2. Device to Cloud Communication – example of this will be your home alarm system that is connected directly to the servers based in the service providers cloud for processing your data.
3. Device to IoT Gateway – This model is preferred for filtering data sent to the servers based in the cloud and to also perform protocol translation.
4. Back-end data sharing – This model is for advanced data processing were a cloud based server is sharing the data with trusted 3rd party cloud based servers for analytics or specialised data processing.

IoT Protocols – typically IoT devices communicate over – Bluetooth, Li-Fi, WiFi, NFC, ethernet, cellular networks.

IoT OWASP Top 10 – OWASP has released a list of security risks and threats for IoT devices.

1. Weak, guessable, or hardcoded passwords
2. Insecure network services
3. Insecure ecosystem interfaces
4. Lack of secure update mechanism
5. Use of insecure or outdated components
6. Insufficient privacy protection
7. Insecure data transfer and storage
8. Lack of device management
9. Insecure default settings
10. Lack of physical hardening

IoT Attacks

There are numerous attacks viz.,

DDoS attacks – where the IoT devices, gateways, cloud servers are flooded with requests causing denial of service.

Rolling code or code hopping attack – In this attack, the attacker intercepts the code transmitted by the transmitter and replay it back to intrude into the system. example, by signal jamming, attackers intercept lock code out of car fob and replay it to steal the car.

There are other techniques viz., blueborne attack (exploiting bluetooth Vulnerabilities), jamming attack and backdoor attack (entry into the system to perform privilege escalation and device takeover).

IoT Hacking Methodology

Information gathering – this is normally done by using tools such as shodan, censys etc. to gather information about the IoT devices.
Vulnerability Scanning – as part of this phase, there is scanning of the network and devices for identification of Vulnerabilities such as weak password, software and firmware bugs, default configuration, etc. using scanners viz., NMap, RIoT etc.
Launch attack – this phase is about exploiting the vulnerabilities by using attacks viz., DDoS, Rolling code attack, jamming etc. RFCrack is a famous tool for launching attacks.
Gain Access – As part of this phase, attackers gain access to the IoT device environment, privilege escalation to admin user, install backdoor.
Maintain attack – this phase includes, logging out of device without being detected, clearing logs and covering tracks.

Countermeasures – The recommended countermeasures to defend IoT attacks are, Firmware update, blocking unnecessary ports, SSL/TLS, strong password, encryption of drives, account lockout, periodic assessment, secure password recovery, 2FA, Disabling UPnP.