Although the term IoT is known to have been coined in 1999 by MIT's Auto-ID Labs, embedded devices have been long-standing in technology for decades. The difference between new IoT and the embedded device world pertains to the legacy of design decisions and configurations that were never intended to be made public on the internet. Without manufacturing companies considering the consequences, widespread exploitation of IoT devices is now taking place, causing some of the world's biggest Distributed Denial of Service (DDoS) attacks ever recorded. We will cover various aspects of IoT pen testing and practical security guidance to provide preventative measures against the attacks we are currently seeing in the market.
To understand the origin of IoT you can visit this link:
Details on the aforementioned DDoS attacks can be found via the following link: https://www.us-cert.gov/ncas/alerts/TA16-288A
In this chapter, we will cover the following topics:
- Defining the IoT ecosystem and pen testing life cycle
- Firmware 101
- Web applications in IoT
- Mobile applications in IoT
- Device basics
- Introduction to IoT's wireless communications
- Setting up an IoT pen testing lab
The goal of this chapter is to set a foundation for IoT penetration testing, which will then be used in the subsequent chapters ahead.