What is IoT?
The Internet of Things - a network of devices that are connected to
the Internet, controlled through it and can communicate with each other.
But
sometimes the device can be classified as part of the internet of things
without an internet connection.
IoT security issues and risks
The total number of devices connected to the Internet is 23 billion with the prospect of increasing to 30 billion by 2020.
A significant part of the devices has security problems.
Ignoring these problems leads to the creation of botnets(Mirai,
Satori) and leakage of personal data.
Due to the irresponsible approach towards IoT security, search engines for IoT have appeared:
- Shodan
- Censys
- ZoomEye
Violations of the principles of development:
- use of hardcoded and hidden
service credentials
- use of the same keys and PIN codes
- lack of access control when accessing a known settings
page
- incorrect processing of received data causing a buffer overflow
Three main pillars.
- Hardware security
- Software security
- Radio security
Hardware security
Hardware security is :
- incorrect access to the board
- work with debug ports
- work with memory
- work with the bootloader (To receive a memory dump or administrative shell)
Little more about software
Black Box
we can sniff output from ports
White Box
we have a memory dump or firmware and we can
analyze it
The biggest problem of IoT Device's
Default User /Password
- Ex:- User /Pass:- admin:admin
By: Mr.L1nxr00t