|Practical IoT Hacking (No Starch Press)
Authors: Fotios Chantzis, Ioannis Stais, Paulino Calderon, Evangelos Deirmentzoglou and Beau Woods
The Internet of Things is providing a rich source of vulnerabilities to hackers, as people connect hardware devices to the internet within their homes and businesses with little understanding of the risks they are running.
This book sets out to provide the tools to safeguard yourself and your data against such dangers. It has been written by a group of IoT security researchers, based on the exploits they've encountered in their work.
The book opens with an introduction to the IoT threat landscape, describing how the IoT security world differs from traditional IT security, and a set of expert perspectives discussing IoT hacking laws, governmental roles in IoT security, and medical device security.
Next, the authors look at threat modeling and how it differs for IoT compared to traditional treat modeling. They then move on to propose a security testing methodology to cover the various layers - physical hardware, network, web application, host configuration, and mobile applications and cloud testing.
The second part of the book considers network hacking and how to guard against it. This opens with a look at how to assess a network in terms of switches, VoIP devices, and how to identify IoT devices on a network. There's some uncomfortable details showing how easy it is to uncover passwords, and the authors also look at attacking MQTT, a machine-to-machine connectivity protocol used in sensors over satellite links, home automation and connections with health-care providers.
The next chapter considers network protocol analysis, including how to dissect the DICOM protocol. This part of the book ends with a chapter on how hackers can exploit zero configuration networking such as UPnP and WS-Discovery.
Part three of the book covers hardware hacking, beginning with a chapter on exploiting UART, JTAG and SWD. As with other parts of the book, it makes for uncomfortable reading, as the authors point out that UART is often used for debugging, so root access can be obtained through it, for example. The other chapters in this section look at hacking SPI and I2C, and firmware hacking.
One consolation about hardware hacking is that to achieve it, the hacker needs to have access to the physical device. Part four of the book, however, looks at radio hacking, which offers more remote opportunities. The authors describe how to clone RFID tages, break the tags' cryptographic keys, and change the information stored on the tags, as well as how to write and use a simple fuzzer to find vulnerabilities in RFID readers. This section starts with a look at abusing RFID, explaining how it works and how to attack it. Bluetooth then gets the same treatment, followed by WiFi and LPWAN.
The final part of the book looks at how hackers can target the IoT ecosystem, firstly through mobile applications, and secondly how to attack smart homes. This section includes a look at how to analyze two intentionally insecure apps, the OWASP iGoat app for iOS, and the InsecureBankV2 app for Android, in each case providing a way to learn how to identify vulnerabilities so you can then use the lessons in your own apps.
This is an excellent book. It's written in an understandable way, and uses real life experiences and examples from the authors' working lives to demonstrate both the risks and how to mitigate them. If you have responsibility for IoT devices or applications that use them either in your working or personal life, it's worth reading.