Wednesday, 20 November 2019

IoT security issues and risks

What is IoT?

The Internet of Things - a network of devices that are connected to the Internet, controlled through it and can communicate with each other.
But sometimes the device can be classified as part of the internet of things without an internet connection.

IoT security issues and risks


The total number of devices connected to the Internet is 23 billion with the prospect of increasing to 30 billion by 2020.
A significant part of the devices has security problems.  
Ignoring these problems leads to the creation of botnets(Mirai, Satori) and leakage of personal data.


Due to the irresponsible approach towards IoT security, search engines for IoT have appeared:

  • Shodan
  • Censys
  • ZoomEye

Violations of the principles of development:

  • use of hardcoded and hidden service credentials
  • use of the same keys and PIN codes
  • lack of access control when accessing a known settings page
  • incorrect processing of received data causing a buffer overflow

Three main pillars.

  1. Hardware security
    1. Software security
    2. Radio security
    3.  (. The fourth pillar Mobile security is also often singled out, but we will not consider it today.)

    Hardware security


    Hardware security is :
    • incorrect access to the board
    • work with debug ports 
    • work with memory
    • work with the bootloader  (To receive a memory dump or administrative shell)

    Little more about software


    Black Box
    we can sniff output from ports
    White Box
    we have a memory dump or firmware and we can analyze it

    The biggest problem of IoT Device's 

    Default User /Password

    • Ex:-  User /Pass:- admin:admin

    To be continue.......

    By: Mr.L1nxr00t