Practical IoT Hacking

Trainer Name: Hariprasad K V , Kartheek Lade , Shakir Zari , Appar Thusoo
Title: Practical IoT Hacking
Duration: 3 Days
Dates: Sept. 6, 2022 To Sept. 8, 2022

TRAINING OBJECTIVES

"The great power of the Internet of Things comes with the great responsibility of security". Being the hottest technology, the developments and innovations are happening at a stellar speed, but the security of IoT is yet to catch up. Since the safety and security repercussions are serious and at times life-threatening, there is no way you can afford to neglect the security of IoT products.

"Practical Internet of Things (IoT) Hacking” is a unique course that offers security professionals, a comprehensive understanding of the complete IoT Technology suite including, IoT protocols, firmware, client-side, etc., and their underlying weaknesses. The extensive hands-on labs enable attendees to identify, exploit, or fix vulnerabilities in IoT, not just on emulators but also on real smart devices.

The course focuses on the attack surface on current and evolving IoT technologies in various domains such as home, enterprise Automation, etc. It covers grounds-up on various IoT protocols including internals, specific attack scenarios for individual protocols, and open-source software/hardware tools one needs to have in their IoT penetration testing arsenal. It also covers hardware attack vectors and approaches to identify respective vulnerabilities.

Throughout the course, we will Raspberry pi which was created by us specifically for IoT penetration testing. We will also distribute DIVA – IoT, a vulnerable IoT sensor made in-house for hands-on exercises.

The “Practical Internet of Things (IoT) Hacking” course is aimed at security professionals who want to enhance their skills and move to/specialize in IoT security. Godspeed!

Training level: Basic; Intermediate

TRAINING OUTLINE:

• Introduction to IoT
  • IoT Architecture
  • IoT attack surface
• Expliot – IoT exploitation framework
  • Introduction
  • Architecture
  • Test Cases
• IoT Protocols Overview
  • MQTT
  • Introduction
  • Protocol Internals
  • Reconnaissance
  • Information leakage
  • DOS attacks
  • Hands-on with open-source tools
• CAN
  • Introduction
  • Protocol Internals
  • Basic Attacks on CAN Bus
  • Advanced Attacks on the CAN bus
• Radio IoT Protocols Overview
  • Zigbee
  • Introduction and protocol Overview
  • Reconnaissance (Active and Passive)
  • Sniffing and Eavesdropping
  • Decrypting communication
  • Replay attacks
  • Hands-on with Zigbee Auditor and open-source tools
• BLE
  • Introduction and protocol Overview
  • Reconnaissance (Active and Passive) with HCI tools
  • GATT Service Enumeration
  • Sniffing GATT protocol communication
  • Reversing GATT protocol communication
  • Read and write on the GATT protocol
  • Fuzzing Characteristic values
• Firmware
  • Types of Firmware
  • Firmware updates
  • Firmware analysis and reversing
  • Firmware modification
  • Firmware encryption
  • Emulating device firmware (User-space & Full System)
• IoT hardware Overview
  • Introduction to hardware
  • Components
  • Memory
  • Packages
  • Hardware Tools
  • Exploit Nano
  • EEPROM readers
  • Bus Auditor
  • Logic Analyzer
• Attacking Hardware Interfaces
  • Hardware Reconnaissance
  • Analyzing the board
  • Datasheets
• Attacking Debug ports
  • What are debug ports
  • Importance
• UART
  • Introduction
  • Identifying UART interface
  • Method 1
  • Method 2
  • Accessing sensor via UART
  • Brute-forcing Custom consoles
• JTAG
  • Introduction
  • Identifying JTAG interface
  • Method 1
  • Method 2
  • Extracting firmware from the microcontroller
  • Run-time patching the firmware code
• Attacking the Memory
  • Where and What data is stored?
  • Common memory chips and protocols
• I2C
  • Introduction
  • Interfacing with I2C
  • Manipulating Data via I2C
  • Sniffing run-time I2C communication
• SPI
  • Introduction
  • Interfacing with SPI
  • Manipulating data via SPI

WHAT TO BRING?

• Laptop with at least 50 GB of free space
• 8+ GB minimum RAM (4+GB for the VM)
• External USB access (min. 2 USB ports)
• Administrative privileges on the system
• Remote access and control software- Latest VNC Viewer (6.XX)
• Virtualization software – Latest VirtualBox (6.X) (including VirtualBox extension pack)
• Linux host machines should have exfat-utils and exfat-fuse installed (ex: sudo apt-get install exfat-utils exfat-fuse)
• Virtualization (Vx-t) option enabled in the BIOS settings for VirtualBox to work

TRAINING PREREQUISITES:

• Basic knowledge of web and mobile security
• Knowledge of Linux OS
• Basic knowledge of programming - python

WHO SHOULD ATTEND?

• Penetration testers tasked with auditing IoT
• Bug hunters who want to find new bugs in IoT products
• Government officials from defensive or offensive units
• Red team members tasked with compromising the IoT infrastructure
• Embedded security enthusiasts
• IoT Developers and testers
• Anyone interested in IoT security

WHAT ATTENDEES WILL GET?

• Commercial IoT Devices for hands-on (only during the class)
• DIVA - IoT: custom vulnerable IoT sensor Testbed for hands-on (only during the class)
• Hardware tools for sensor analysis for hands-on (only during the class)
• Training material/slides
• Practical IoT hacking Lab manual PDF

WHAT TO EXPECT?

• Hands-on Labs
• Reverse Engineering
• Getting familiar with the IoT security
• This course will give you a direction to start performing pen tests on IoT product

WHAT NOT TO EXPECT?

Becoming a hardware/IoT hacker overnight. Use the knowledge gained in the training to start pentesting IoT devices and sharpen your skills.

About Trainer

Payatu is a Research-powered Cybersecurity service and training organization with expertise in IoT/Embedded, ICS/OT, Automotive, Mobile, Web, Cloud, and Infra security. Payatu trainers are well known for research in their respective domains and the ability to impart the same knowledge to the attendees by using an effective combination of visuals, demos, and hands-on.

Hariprasad K V is currently working at Payatu as an IoT Security Researcher. He specializes in Firmware analysis and reverse engineering and is interested in understanding the internal workings of devices. He has experience working on various IoT devices varying from simple bare-metal systems to complex OS-based systems. He spends most of his day staring into the matrix and writing scripts to do trivial tasks.

Kartheek Lade is an IoT Security Researcher at Payatu who works in the Hardware & Automotive Security verticals of IoT, as he is constantly learning about wireless security & ISO/SAE 21434. Kartheek loves contributing and being a part of security communities and helping people get started in Cyber Security. He has been a speaker at BlackHat Asia, OWASP Seasides, C0c0n, BSides Delhi, etc, He also created blogs and an open-source tool CANalyse, which helps like-minded people to learn more about cyber
security. CANalyse: https://github.com/canalyse/CANalyse

Shakir Zari is currently working as Lead IoT Security Consultant at Payatu. He has 4+ years of hands-on experience in breaking and reversing the hardware of different IoT devices like consumer & medical devices. He also has 4+ years of experience in designing hardware & developing IoT products. Through his findings, he has filed 10+ CVEs under his research work.

Appar Thusoo is currently working at Payatu as a Sr. IoT Security Researcher. His background and interests are in hardware and firmware security & reverse engineering, open-source software development, DSP and signal to a process, and software-defined radio (SDR). Appar is an active speaker and trainer on various international platforms & a founding member of SI-SDR-UG: Community for comms.