Internet of Things (IoT) Security
Internet of Things (IoT)
In an always-connected world, each and every device is becoming part of the Internet. Nowadays, fridges, heaters, cars, medical devices, electricity/gas meters, watches, microwaves, dishwashers, bulbs are getting “smart” and are remotely controllable or interacting with some cloud-based environments to enhance their features.
While this evolution is giving big advantages in terms of usability it is also exposing billions of new devices to remote attacks which could have a real impact in our everyday life.
Securing IoT Products
The process of securing an IoT product is challenging as it involves different centers of expertise.
A typical IoT Security Assessment involves various sub-activities:
- Hardware Penetration Test - analysis of the used hardware components, interaction with serial ports (JTAG, UART, etc.), flash memory dump.
- Firmware Source Code Review / Reverse Engineering - when the white-box method is applied, the source code review is carried out; while if the black-box one is chosen and the firmware extraction was succesful, reverse engineering techniques are used to analyze it.
- Communication Analysis - the communications between the device and the local/remote network are analyzed to identify their strength in terms of encryption.
- Web Application Penetration Test - if any web portals are used by the product they are deeply analyzed.
- Network Penetration Test - all the hosts used by the product are tested for known and unknown vulnerabilities.
We unsoldered flash memories from
Cars / Trucks
Electricy / Gas Meters