Certified Ethical Hacker (CEH) : IoT Hacking

0
1370

Internet of Things (IoT) Concept

How does the Internet of Things works?

The architecture of IoT depends upon five layers which are as follows:

  1. Application Layer
  2. Middleware Layer
  3. Internet Layer
  4. Access Gateway Layer
  5. Edge Technology Layer

IoT Communication Models

Device-to-Device Model

Device-to-Cloud Model

Device-to-Gateway Model

Back-End Data-Sharing Model

Understanding IoT Attacks

Challenges to IoT

Some major challenges to IoT technology are as follows

  1. Lack of Security
  2. Vulnerable Interfaces
  3. Physical Security Risk
  4. Lack of Vendor Support
  5. Difficult to update firmware and OS
  6. Interoperability Issues

OWASP Top 10 IoT Vulnerabilities

IoT Attack Areas

  • Device memory containing credentials.
  • Access Control.
  • Firmware Extraction.
  • Privileges Escalation.
  • Resetting to an insecure state.
  • Removal of storage media.
  • Web Attacks.
  • Firmware Attacks.
  • Network Services Attacks.
  • Unencrypted Local Data Storage.
  • Confidentiality and Integrity issues.
  • Cloud Computing Attacks.
  • Malicious updates.
  • Insecure APIs.
  • Mobile Application threats.

IoT Attacks

  • DDoS Attack
  • Rolling Code Attack
  • BlueBorne Attack
  • Jamming Attack
  • Backdoor
  • Eavesdropping
  • Sybil Attack
  • Exploit Kits
  • Man-in-the-Middle Attack
  • Replay Attack
  • Forged Malicious Devices
  • Side Channel Attack
  • Ransomware Attack

IoT Hacking Methodology

  • Information Gathering
  • Vulnerability Scanning
  • Launch Attack
  • Gain Access
  • Maintain Attack

Countermeasures

Countermeasure for IoT devices includes the following measures which are recommended by the manufacturing companies.

  • Firmware update
  • Block unnecessary ports
  • Disable Telnet
  • Use encrypted communication such as SSL/TLS
  • Use strong password
  • Use encryption of drives
  • User account lockout
  • Periodic assessment of devices
  • Secure password recovery
  • Two-Factor Authentication
  • Disable UPnP

LEAVE A REPLY

Please enter your comment!
Please enter your name here