Class 8 ‐ IIoT & ICS - Justin-Boyd/CIT-Class GitHub Wiki

Introduction to IoT

What Is IoT?

  • Internet of Things
  • Devices that are connected to the internet
  • Everyday objects modified for the internet

Where Is IoT Used?

  • Consumer IoT
  • Agriculture & Meteorology
  • Enterprise IoT
  • Industrial IoT
  • IoT offers the benefits of efficiency, safety, and improved quality of life through sensory feedback and automation.

IoT Usage

IoT Usage

  • IoT provides a way to control multiple smart devices from a phone or computer via apps.

How Does IIoT Work?

  • Industrial Internet of Things
  • Sensors/devices
  • Connectivity
  • Data analysis and processing
  • User interface

IIoT System Components

  • Edge Components

    • Manage all activities directly associated with the data source

  • Smart Gateway

    • Connect edge components and the cloud or data center

  • Connectors

    • The means by which collected data is sent to the gateway or cloud for processing

  • Data Processing

    • Analyzing collected data and producing useful information based on the data

  • User Interface

    • An interface through which users can manage sensors and make use of the data

IIoT Devices

  • Traffic Lights
  • Surveillance Cameras
  • Engine and Machine Sensors
  • Centrifuges
  • IoT helps achieve automation via sensors and controllers.

Shodan

The Shodan search engine scans IoT devices online using random IPv4 and port numbers. It supports filters for granular searches. Paid versions provide more detailed information for threat intelligence purposes.

Shodan

Potential Risks

Insufficient Security

  • Lack of security awareness among developers.
  • Lack of a macro perspective.
  • Supply-chain-based security issues.
  • Usage of unsecure frameworks and third-party libraries
  • There are cases in which a vendor may prefer efficiency over security.

OWASP Top 10 IoT Vulnerabilities

  • Open Web Application Security Project
  • Non-profit organization for web app security
  • Produce articles regarding web application vulnerabilities.

IoT Attack Vectors

  • Device Hardware
  • Web Attacks on UI
  • Unencrypted Communication
  • Firmware Updates

Common IoT Attacks

  • MiTM on unencrypted communication components.
  • DoS/DDoS on an IoT device and using multiple IoT devices as a botnet.
  • Replay attacks that replay authentication messages to deceive the destination server.

The Five Layers of IoT

  • Perception
  • Transmission
  • Middleware
  • Application
  • Business

IoT Security

Best Practices

  • Prior to moving to IoT, research, invest, and plan for a secure IoT infrastructure.
  • Use VLANs and ACLs to segregate IoT devices from the corporate network.
  • Prevent IoT devices from accessing the internet, unless it is crucial to their operation.
  • Proper management of IoT devices.
  • Limit vendor access to devices.
  • Implement standard security measures on the IoT system (IPS, firewall, vulnerability scanner, NAC).
  • Remove end-of-life (EOL) and deprecated devices, applications, and OS’s from the network.

Smart City Security

  • A city-scale operation involves many new challenges.
  • New technology meets legacy technology.
  • An attack on such systems may be critical.

Industrial Control Systems

  • Systems that monitor and manage industrial machinery.
  • Integrate hardware, software, and network.
  • Maintain remote support and management of critical infrastructure.

Industrial Applications of IoT

  • Automate time-consuming tasks to increase efficiency and reduce busywork.
  • Remote asset monitoring and deployment of IoT in challenging environments.
  • Predictive maintenance for safety and cost efficiency.

ICS Components

  • Supervisory Control and Data Acquisition (SCADA)
  • Human-Machine Interface (HMI)
  • Programmable Logic Controllers (PLC)
  • Remote Terminal Units (RTU)

ICS Protocols

  • RS-485 and Modbus are examples of ICS protocols.
  • Some protocols were designed for systems that do not have internet connectivity.

Firmware

Firmware Introduction

  • Semi-permanent software for hardware
  • Written on dedicated board flash memory
  • Instructs devices on how to communicate with other hardware and software
  • Firmware updates are not as frequent as software updates.

Where Does Firmware Reside?

  • Routers
  • Computers
  • Washing Machines
  • Televisions
  • Most electronic devices contain firmware.

Attacking Firmware

  • Why?

    • Firmware breaches provide high-level privileges, stronger persistence, and better chances of bypassing security controls.

  • How?

    • Software down, such as exploiting a lack of updates and patches
    • Hardware up, such as injecting malicious firmware via a USB device

  • Firmware can be breached to allow attackers to access systems, often without the owner knowing about it.

Obtaining Firmware

  • Download from Vendors
  • Dump from Device
  • Sniff over the Air (OTA)
  • Reverse Engineering
  • OpenWrt is a website that provides home router firmware.

Embedded File Systems

  • SquashFS
  • Cramfs
  • JFFS2
  • YAFFS2
  • ext2

Information Gathering

  • As much information as possible should be gathered about firmware to ensure in-depth analysis.
  • Entropy measures the randomness of data to check for compression or encryption.
  • Firmware can be encrypted. XOR and AES are commonly used.

Information Gathering

Hard-Coded Secrets

  1. Sensitive URLs
  2. Encryption Algorithm
  3. Authentication and authorization mechanisms
  4. Access Tokens
  5. Hard-coded credentials
  6. Local pathnames
  7. Environment details
  8. API and encryption keys

Common Tools

  • DD
  • HexDump
  • Strings
  • Binwalk
  • qemu