Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
IoT Penetration Testing Cookbook

You're reading from   IoT Penetration Testing Cookbook Identify vulnerabilities and secure your smart devices

Arrow left icon
Product type Paperback
Published in Nov 2017
Publisher Packt
ISBN-13 9781787280571
Length 452 pages
Edition 1st Edition
Languages
Arrow right icon
Author (1):
Arrow left icon
Aaron Guzman Aaron Guzman
Author Profile Icon Aaron Guzman
Aaron Guzman
Arrow right icon
View More author details
Toc

Table of Contents (12) Chapters Close

Preface 1. IoT Penetration Testing FREE CHAPTER 2. IoT Threat Modeling 3. Analyzing and Exploiting Firmware 4. Exploitation of Embedded Web Applications 5. Exploiting IoT Mobile Applications 6. IoT Device Hacking 7. Radio Hacking 8. Firmware Security Best Practices 9. Mobile Security Best Practices 10. Securing Hardware 11. Advanced IoT Exploitation and Security Automation

Setting up an IoT pen testing lab

Now that all the foundational IoT technology has been covered, let's work on setting up an IoT pentesting lab. Due to the suite of technologies employed by IoT devices, there are several tools required for the software and hardware portions of testing. There is a mix of paid commercial tools, as well as free tools that we will use. Some upfront purchasing will be required for hardware and radio analysis tools. There are modest licensing fees for web application proxy tools, but we will try to keep the price tag as low as possible and offer free tools where possible.

Software tool requirements

Software tools will cover firmware, web applications, and mobile application testing tools. The majority of testing tools are free for each of the three categories, with the exception of Burp Suite for web application testing. For convenience, time has been taken to set up and install most of the software tools for firmware analysis, web testing, mobile testing (limited), and radio analysis within a virtual machine for this book. However, a list of all tools has been compiled and is recorded here.

Firmware software tools

Fortunately, most firmware analysis tools are free and open source. Some of the tools are actively updated while others may be dated but still work. The following are a number of firmware software tools which can analyze firmware images, disassemble images, and attach to firmware processes during runtime:

  • Binwalk
  • Firmadyne
  • Firmwalker
  • Angr
  • Firmware-mod-toolkit
  • Firmware analysis toolkit
  • GDB
  • Radare2
  • Binary Analysis Tool (BAT)
  • Qemu
  • IDA Pro (optional)

Web application software tools

For web application testing, the most common tools of the trade are Burp Suite and OWASP Zed Attack Proxy (ZAP). Burp Suite has a free and pro version available for a modest price. ZAP is completely free and open source, which may be a good alternative to keep costs low. Additional plugins or add-ons may be used to help with web service and API testing. Unfortunately, to install plugins with Burp Suite, a pro license is required. All tools listed here are cross-platform, as they are either Java based or within your browser:

  • Burp Suite
  • OWASP Zed Attack Proxy (ZAP)
  • REST Easy Firefox plugin
  • Postman Chrome extension

Mobile application software tools

Like firmware tools, most mobile application security tools are also free and open source. The mobile tools that will be used are broken down according to the mobile platform below.

Android

There are many Android testing tools and virtual machines available online as of the writing of this book. Some tools focus purely on statically analyzing an APK's code while other tools focus on app analysis during runtime. Most of the Android testing virtual machine distributions are free and contain the necessities for testing an Android app such an Android's SDK. Although Android testing tools are listed here, it is recommended you download an Android testing virtual machine distribution that suits your testing needs, and install any supplemental testing tools in that virtual machine.

Although not required, keeping your Android testing tools separate from your host computer will lead to a more stable mobile testing workbench and prevent dependency issues as well.

  • Android testing virtual machine distribution:
    • Android SDK
    • Android emulator
  • Enjarify
  • JD-Gui
  • Mob-SF
  • SQLite browser
  • Burp Suite
  • OWASP ZAP

iOS

iOS testing tools are unique in that an OS X computer and a jailbroken iDevice are required for testing. Without these two prerequisites, the testing of iOS applications will not be possible. Here are some of the tools that may be utilized for iOS mobile testing:

OS X computer

The following listed items are software tools that are to be installed on your host computer for testing and/or assessing iOS applications:

  • idb
  • Xcode tools
  • Class-dump
  • Hopper (optional)
  • Mob-SF
  • SQLite browser
  • Burp Suite
  • OWASP ZAP

Jailbroken iDevice

The following list includes packages that need to be installed on to your jailbroken device in order to start testing:

  • Cydia
  • openURL
  • dumpdecrypted
  • ipainstaller
  • SSL Kill Switch 2
  • Clutch2
  • Cycript

Hardware analysis tool requirements

Hardware tools vary for the specific device that is being analyzed; however, there are basic tools that are valid for all hardware and even electrical requirements. Manufactures will use different types of screws, housing, and security bits as a stopgap for hardware disassembly. Sometimes, the screws will be hidden under labels or rubber feet. It's important to identify the screw types. We will list toolkits available that can bypass this obfuscation technique used by vendors. The following figure should assist with some of the different types of screw type:

Image source: http://www.instructables.com/id/When-a-Phillips-is-not-a-Phillips/

Listed here are the options for hardware tools and hardware analysis software that will be used in this book.

Hardware tools

Hardware testing tools require some upfront investment to get started. Here are the required and optional tools needed for disassembling devices, finding ground, and accessing device interfaces:

  • Multimeters
  • IFixit classic pro tech toolkit for hardware disassembly
  • Bus Pirate
  • USB to serial adapters
    • Shikra, FTDI FT232, CP2102, PL2303, Adafruit FTDI Friend
  • JTAG adapters
    • Shikra, JTAGulator, Arduino with JTAGenum, JLINK, Bus Blaster
  • Logic analyzer (optional)
    • Saleae Logic or others

For more information, you can visit these following links:

Hardware analysis software

Here are some hardware analysis tools that are all free. These tools enable us to access hardware interfaces for things such as console access or side-loading firmware onto the device:

  • OpenOCD
  • Spiflash
  • Minicom
  • Baudrate

Radio analysis tool requirements

In order to start sniffing wireless technology, certain wireless chipsets are required. In this book, we will focus on sniffing traffic from ZigBee and Z-Wave protocols. Special software will be required to go along with the wireless cards or dongles. Suggestions on which wireless cards and analysis software to use are provided here.

Radio analysis hardware

The following is a list of hardware that will be used for analyzing radio frequencies:

  • Atmel RZ Raven USB (KillerBee framework)
  • Attify Badge (alternatively, a combination of a C232HM-DDHSL-0 cable and Adafruit FTDI Breakout)
  • HackRF One
  • Yardstick One
  • XBee with Xbee Shield
  • Ubertooth
  • BLe adapter

Radio analysis software

The following is a list of common software defined radio analysis software. Most of the listed items will be used in this book.

  • KillerBee Framework
  • Attify ZigBee Framework
  • GNU Radio
  • BLEAH
  • GQRX
  • Ubertooth tools
  • Blue Hydra
  • RTL-sdr
  • Hackrf packages
  • EZ-Wave
You have been reading a chapter from
IoT Penetration Testing Cookbook
Published in: Nov 2017
Publisher: Packt
ISBN-13: 9781787280571
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image