With an increase in usage of IoT devices there is a major concern related to IoT security. The reason for this concern is due to the range of technologies used in IoT devices which enables a number of possible points to attack. A study involving 1,600 consumers across eight countries show that 92% of participants want to control the type of automatically collected personal information.
What is IoT Security?
As technology evolves, so do the techniques to break these technologies. According to Forbes, Cyberattacks on IoT devices skyrocketed in 2018 and surpassed 300% in 2019. Although the number went down in 2020 and 2021, it is still a staggering 1.5 billion. IoT security is used to protect connected devices and networks from all the possible security risks.
Famous IoT Security issues which happened in the past:
- Nest Thermostat: There was a vulnerability that when we used to press and hold the button for 10 seconds to reboot, the device could be made to communicate with USB media which may contain malicious firmware.
- Philips Smart Home: It had numerous security issues. The most famous was the Zigbee vulnerability (Philips uses Zigbee for exchanging data and authenticating it), in which hackers had hardcoded the Zigbee packet and gained control over all the devices connected to it.
- The Jeep Hack: In 2015, a set of security researchers (Dr. Charlie Miller and Chris Valasek) had demonstrated how they remotely controlled and taken-over the jeep using a vulnerability in the Uconnect System. It was one of the most dangerous vulnerabilities in IoT devices.
The news is full of other IoT security breach examples like Belkin Wemo Home Automation, Smart Door Locks, Smart Guns and Rifles, Insulin Pump, etc.
The biggest reasons for all the above issues were lack of security awareness, lack of macro perspective, usage of insecure framework and third-party libraries.
The vulnerabilities which can be present in IoT devices are as follows:
- Weak/Guessable/Hardcoded Passwords
- Usage of insecure network services
- Using insecure ecosystem interfaces
- Lack of secure update mechanism
- Using insecure/outdated components
- Insecure data transfer and storage
- Lack of Device Management
To eliminate these and other such vulnerabilities, IoT Penetration Testing is performed.
What is IoT Penetration Testing?
IoT penetration testing is an assessment done by exploiting different components inside an IoT device which reveals security flaws in the device’s ecosystem.
For performing the test targets like the following need to be defined:
- Hardware (Electronics)
- Software (Embedded Software and Communication Protocol with there APIs)
- Web and Mobile Interfaces (Servers, Web-application, Mobile application)
IoT Penetration Testing Methodology
Understanding the Scope:
For any penetration test, or pentest, pen-testers are required to understand the scope of the target. Scopes contain constraints and limitations, as the condition for penetration testing would vary product to product.
Attack Surface Mapping:
Pen-testers would map all the entry points from where the attackers could potentially exploit or abuse an IoT device. It also involves creating highly detailed architecture diagrams showing all the possible entry points for an attacker.
The entire architecture created by a pen-tester for attack surface mapping can be broadly divided into three categories:
- Embedded Devices:
It can be used for several purposes like collecting data, for smart light bulbs, switches, smart homes, etc. However, there are a few vulnerabilities associated with Embedded Devices. For example, serial ports can be exposed, insecure authentication mechanisms can be used, etc. Embedded devices also have the ability to dump firmware over JTAG, which is another one of its vulnerabilities.
- Firmware, Software and Application:
Firmware is the code written into the hardware in order to make it functionable while a mobile application is the user interface (frontend) of the server that takes the data and sends it to the controller. Vulnerabilities that can be found in firmware are: Ability to Modify the firmware, Usage of Insecure/Private Signatures, Using outdated firmware with known vulnerabilities. For Web/Mobile Application, the vulnerabilities are: Reverse Engineering, Insecure Network Communication, Side-channel Data Leaks
- Radio Communication:
Common radio protocols are: Wi-Fi, BLE/Bluetooth, Zigbee, LoRa, etc. Vulnerabilities related to them are: DoS (Denial of Service) Attack, Jamming attacks, Insecure Cyclic Redundancy check, MITM (Man-in-the-Middle).
Vulnerability Assessment and Exploitation
Tester exploits all the vulnerabilities found in the previous steps and tries to crack the IoT device. Ways in which we can exploit the targets are:
- Exploiting using the I2C and SPI
- JTAG debugging
- Reverse Engineering of Firmware
- Hardcoded Sensitive Values, etc.
Documentation and Reporting
Tester would be making an in-depth detailed report with all the technical and non-technical information Tester would provide us with the proof of concepts, demos, code snippets and everything else used in the process.
Best Practices to Protect IoT Devices
While it is pretty much impossible to completely avoid hacks and vulnerabilities in devices connected to the internet, here are a few practices that can minimise the risks of security breaches. Making tamper-resistant hardware, providing updates and patches for firmware, using strong authentication and encryption, and making sure that secure protocols are used are some preventative measures that can protect IoT devices. Also, it is important to deploy destroy methods to protect the device in case of a security breach.
The larger the network, the greater the security risks. A study found that IoT devices are typically attacked within five minutes of connecting to the internet. Hence, constant evaluation of IoT security risks is needed. IoT penetration, in short, is the assessment of any IoT device done to check, document, and fix any holes in the security layer of the device that are vulnerable to breaches. The structure of a basic IoT penetration method is: Understanding the scope, attack surface mapping, vulnerability assessment and exploitation, and documentation and reporting.