IoT Attacks, Tools, and Countermeasures - Paiet/SEC-335 GitHub Wiki
Objectives:
-
Standard-issue threats
- SQLi
- Ransomware
- DoS
- MitM
- RCE
-
Tools
- Shodan
- Censys
- Thingful
- Wireshark
- TCPDump
- Attack Proxy
- SDR tools (Parrot)
-
DEMO hacking the Foscam
- NTP Server Command Injection
;/usr/sbin/telnetd -p37 -l /bin/sh;
- NTP Server Command Injection
-
Interesting IoT Attacks
- HVAC
- Shodan search for Metasys
- Rolling Code Attack
- Automobile hacking
- Key fob for door locks
- Uses rolling code (code can't be used twice in a row)
- Attacker blocks/sniffs the unlock signal
- Repeat the process
- Attacker then sends first code to car
- Car unlocks
- Attacker then uses 2nd code to unlock car later
- Car unlocks
- Attacker then sends first code to car
- Repeat the process
- Attacker blocks/sniffs the unlock signal
- Uses rolling code (code can't be used twice in a row)
- Key fob for door locks
- Automobile hacking
- Blueborne
- Bluetooth vuln
- Allows for complete takeover of a device
- Bluetooth vuln
- DoS by Jamming Attack
- Sybil Attack
- VANET(Vehicular Ad-Hoc Network)
- Used to send traffic updates and safety messages between vehicles
- Sybil disrupts this by simulating traffic congestion
- Used to send traffic updates and safety messages between vehicles
- VANET(Vehicular Ad-Hoc Network)
- HVAC
-
Countermeasures
- The Standards
- Change Defaults
- Updates and Patches
- Encryption
- Disable unnecessary services
- Physical Security
- Logging and Monitoring
- Lockouts
- SDR Security
- Don't use 'Rolling Code'
- Utilize preamble and synchronization nibbles
- Use encryption
- Manufacturer Security
- Secure boot chain
- Software verification technique
- Chain of trust the update process
- Secure boot chain
- Other Defenses
- IoT Device Management
- IBM Watson IoT
- Predix
- AT&T
- Oracle
- IoT Device Management
- The Standards