Internet of Things or IoT is a terminology used to refer to networks made up of devices connected to the Internet. In its multiple variants, such as IIoT (Industrial), it includes a multitude of interconnected products: vehicles, appliances, cameras, industrial control systems, etc.
While using these products, they collect a multitude of data from multiple sources in parallel and often share this information with the product manufacturers without users being aware, bringing new challenges for privacy or regulatory compliance. and regulatory. Where does this information end? Does it end up on servers within the EU to comply with GDPR?
At the same time, the threat of physical and logical attacks through these devices triggers risks by increasing companies' attack surface.
Pentest Traditional & Pentest IoT
When pentesting IoT devices, some differences can be observed compared to traditional pentesting. Some of these are shown in the following table:
| Aspect | Traditional Pentesting | IoT Pentesting |
|---|---|---|
| Focus | Miscellaneous systems and devices, including servers, applications, and networks | Specific Internet of Things (IoT) devices. Ex: cameras, biometric devices, etc. |
| Device types | Wide range, including general purpose hardware and software. | Devices generally smaller, specialized and with greater limitations. |
| Technical Complexity | Less specificity in protocols and communications. | Use of specialized protocols and unique communication requirements, adding complexity to the pentesting process. |
| Security risks | They vary widely by system and context, with a focus on cyber attacks. | They include physical risks, increased attack surfaces due to connectivity and communications with other systems. |
| Data Sensitivity | Depending on the application and environment, it may vary. | Data often more sensitive or valuable, increasing the potential consequences of security breaches. |
| Specific objectives | Identification and mitigation of vulnerabilities in a wide range of technologies. | Focus on identifying and mitigating vulnerabilities specific to IoT devices and their unique integrations. |
Essential tools for IoT Pentesting
Although it may be surprising for those who do not understand the subject, the pentest exercises on IoT systems are not very different in relation to traditional exercises on other systems, and the base tools with which we work are still very similar:
WIRESHARK
It focuses on packet capture and analysis, implemented on evaluations in IoT devices with various objectives. Wireshark is used in IoT reviews to:
- Network traffic analysis. Captures and studies network traffic in detail, facilitating the identification of patterns and anomalies. This way it is easier to understand the interaction of the device with other systems.
- Communication troubleshooting. Helps diagnose communication problems by capturing and analyzing data traffic sent and received by a device.
- Extraction of confidential data. It can be used to extract sensitive data transmitted over the network, such as passwords or critical information.
- Identification of network protocols. It also allows you to determine the protocols used in a network, providing a view of how the device interacts with other systems.
NMAP
Aimed at recognizing devices on a network, open ports, operating systems and running services. Some of the uses in IoT environments are the following:
- Device discovery. Includes network scanning to identify connected devices, obtaining their IP addresses and host names. This is important to get an overview of the network architecture.
- Port scanning. You can examine open ports on a device to discover what services and applications are open. This analysis is very important to understand the device's communications with other systems.
- Service fingerprinting. This Nmap functionality allows you to determine the specific version of a service that operates on a device, which is crucial to identify known vulnerabilities associated with that version.
- Network mapping. Nmap is also used to create detailed maps of a network, showing devices and their interconnections.
BINWALK
This utility is more innovative compared to traditional pentest tools and is based on reverse engineering and analysis of firmware images, commonly used in IoT devices. The objective is to delve deeper into the structure and functionality of the firmware, facilitating the identification of potential vulnerabilities. Some of the practical applications of Binwalk in the context of an IoT device pentest:
- Firmware analysis. Allows you to analyze firmware images in detail to validate their internal structure and operation. This analysis is crucial to identify vulnerabilities and understand the internal structure of a device.
- Extraction of embedded files. Using this tool it is possible to extract files embedded within firmware images, such as settings, scripts and other types of data. This functionality is very useful when searching for sensitive information that could be exploited.
- Signature scanning. Binwalk is also used to perform signature scans on firmware images, looking for known file signatures. This process helps identify what types of files are embedded in the firmware, which is essential for security assessment and identification of critical components within the firmware.
BURPSUITE
It includes the recognition or mapping of web-based applications and evaluating the security of communications between web assets. Some examples of use of the tool in IoT evaluations are:
- Intercept web traffic: It consists of intercepting Client-Server requests, which is useful for the auditor when identifying patterns and errors that can be exploited to find possible vulnerabilities.
- Web communication test: Launches modified requests to the target asset in order to cause a specific response from the server.
- Identification of web vulnerabilities: the tool has functionalities to, for example, perform brute force from own or modified payloads. This functionality can be used by the auditor to verify the security of the asset.
AIRCRACK-NG
Focused on wireless security testing, it seeks to evaluate the security of wireless networks and test their communications. The practices of this tool on IoT environments are:
- Wireless Network Discovery: Performs searches for networks and collects information about them, such as their name (SSID), the type of security they use, and the manufacturer of the access point. This information is useful as you can use it to complete your security testing.
- Crack passwords: It can be used to try to crack the password, demonstrating the impact of weak passwords or to find vulnerabilities that pose a serious security problem.
- Wireless communication tests: Aircrack can be used to capture and manipulate traffic transmitted through the network, allowing vulnerabilities to be identified in the way devices handle communications.
In conclusion, given the growing role of IoT devices in daily life, it is very important that these devices undergo rigorous security testing and minimum protection standards are established. Tests such as buffer overflow, protocol violation, and hacking tests in general are essential to mitigate the incorporation of vulnerabilities in these devices.
