Book Image

IoT Penetration Testing Cookbook

By : Aaron Guzman, Aditya Gupta
Book Image

IoT Penetration Testing Cookbook

By: Aaron Guzman, Aditya Gupta

Overview of this book

IoT is an upcoming trend in the IT industry today; there are a lot of IoT devices on the market, but there is a minimal understanding of how to safeguard them. If you are a security enthusiast or pentester, this book will help you understand how to exploit and secure IoT devices. This book follows a recipe-based approach, giving you practical experience in securing upcoming smart devices. It starts with practical recipes on how to analyze IoT device architectures and identify vulnerabilities. Then, it focuses on enhancing your pentesting skill set, teaching you how to exploit a vulnerable IoT device, along with identifying vulnerabilities in IoT device firmware. Next, this book teaches you how to secure embedded devices and exploit smart devices with hardware techniques. Moving forward, this book reveals advanced hardware pentesting techniques, along with software-defined, radio-based IoT pentesting with Zigbee and Z-Wave. Finally, this book also covers how to use new and unique pentesting techniques for different IoT devices, along with smart devices connected to the cloud. By the end of this book, you will have a fair understanding of how to use different pentesting techniques to exploit and secure various IoT devices.
Table of Contents (19 chapters)
Title Page
About the Authors
About the Reviewers
Customer Feedback

Setting up an IoT pen testing lab

Now that all the foundational IoT technology has been covered, let's work on setting up an IoT pentesting lab. Due to the suite of technologies employed by IoT devices, there are several tools required for the software and hardware portions of testing. There is a mix of paid commercial tools, as well as free tools that we will use. Some upfront purchasing will be required for hardware and radio analysis tools. There are modest licensing fees for web application proxy tools, but we will try to keep the price tag as low as possible and offer free tools where possible.

Software tool requirements

Software tools will cover firmware, web applications, and mobile application testing tools. The majority of testing tools are free for each of the three categories, with the exception of Burp Suite for web application testing. For convenience, time has been taken to set up and install most of the software tools for firmware analysis, web testing, mobile testing (limited), and radio analysis within a virtual machine for this book. However, a list of all tools has been compiled and is recorded here.

Firmware software tools

Fortunately, most firmware analysis tools are free and open source. Some of the tools are actively updated while others may be dated but still work. The following are a number of firmware software tools which can analyze firmware images, disassemble images, and attach to firmware processes during runtime:

  • Binwalk
  • Firmadyne
  • Firmwalker
  • Angr
  • Firmware-mod-toolkit
  • Firmware analysis toolkit
  • GDB
  • Radare2
  • Binary Analysis Tool (BAT)
  • Qemu
  • IDA Pro (optional)

Web application software tools

For web application testing, the most common tools of the trade are Burp Suite and OWASP Zed Attack Proxy (ZAP). Burp Suite has a free and pro version available for a modest price. ZAP is completely free and open source, which may be a good alternative to keep costs low. Additional plugins or add-ons may be used to help with web service and API testing. Unfortunately, to install plugins with Burp Suite, a pro license is required. All tools listed here are cross-platform, as they are either Java based or within your browser:

  • Burp Suite
  • OWASP Zed Attack Proxy (ZAP)
  • REST Easy Firefox plugin
  • Postman Chrome extension

Mobile application software tools

Like firmware tools, most mobile application security tools are also free and open source. The mobile tools that will be used are broken down according to the mobile platform below.


There are many Android testing tools and virtual machines available online as of the writing of this book. Some tools focus purely on statically analyzing an APK's code while other tools focus on app analysis during runtime. Most of the Android testing virtual machine distributions are free and contain the necessities for testing an Android app such an Android's SDK. Although Android testing tools are listed here, it is recommended you download an Android testing virtual machine distribution that suits your testing needs, and install any supplemental testing tools in that virtual machine.

Although not required, keeping your Android testing tools separate from your host computer will lead to a more stable mobile testing workbench and prevent dependency issues as well.

  • Android testing virtual machine distribution:
    • Android SDK
    • Android emulator
  • Enjarify
  • JD-Gui
  • Mob-SF
  • SQLite browser
  • Burp Suite

iOS testing tools are unique in that an OS X computer and a jailbroken iDevice are required for testing. Without these two prerequisites, the testing of iOS applications will not be possible. Here are some of the tools that may be utilized for iOS mobile testing:

OS X computer

The following listed items are software tools that are to be installed on your host computer for testing and/or assessing iOS applications:

  • idb
  • Xcode tools
  • Class-dump
  • Hopper (optional)
  • Mob-SF
  • SQLite browser
  • Burp Suite

Jailbroken iDevice

The following list includes packages that need to be installed on to your jailbroken device in order to start testing:

  • Cydia
  • openURL
  • dumpdecrypted
  • ipainstaller
  • SSL Kill Switch 2
  • Clutch2
  • Cycript
Hardware analysis tool requirements

Hardware tools vary for the specific device that is being analyzed; however, there are basic tools that are valid for all hardware and even electrical requirements. Manufactures will use different types of screws, housing, and security bits as a stopgap for hardware disassembly. Sometimes, the screws will be hidden under labels or rubber feet. It's important to identify the screw types. We will list toolkits available that can bypass this obfuscation technique used by vendors. The following figure should assist with some of the different types of screw type:

Image source:

Listed here are the options for hardware tools and hardware analysis software that will be used in this book.

Hardware tools

Hardware testing tools require some upfront investment to get started. Here are the required and optional tools needed for disassembling devices, finding ground, and accessing device interfaces:

  • Multimeters
  • IFixit classic pro tech toolkit for hardware disassembly
  • Bus Pirate
  • USB to serial adapters
    • Shikra, FTDI FT232, CP2102, PL2303, Adafruit FTDI Friend
  • JTAG adapters
    • Shikra, JTAGulator, Arduino with JTAGenum, JLINK, Bus Blaster
  • Logic analyzer (optional)
    • Saleae Logic or others

For more information, you can visit these following links:

Hardware analysis software

Here are some hardware analysis tools that are all free. These tools enable us to access hardware interfaces for things such as console access or side-loading firmware onto the device:

  • OpenOCD
  • Spiflash
  • Minicom
  • Baudrate

Radio analysis tool requirements

In order to start sniffing wireless technology, certain wireless chipsets are required. In this book, we will focus on sniffing traffic from ZigBee and Z-Wave protocols. Special software will be required to go along with the wireless cards or dongles. Suggestions on which wireless cards and analysis software to use are provided here.

Radio analysis hardware

The following is a list of hardware that will be used for analyzing radio frequencies:

  • Atmel RZ Raven USB (KillerBee framework)
  • Attify Badge (alternatively, a combination of a C232HM-DDHSL-0 cable and Adafruit FTDI Breakout)
  • HackRF One
  • Yardstick One
  • XBee with Xbee Shield
  • Ubertooth
  • BLe adapter
Radio analysis software

The following is a list of common software defined radio analysis software. Most of the listed items will be used in this book.

  • KillerBee Framework
  • Attify ZigBee Framework
  • GNU Radio
  • GQRX
  • Ubertooth tools
  • Blue Hydra
  • RTL-sdr
  • Hackrf packages
  • EZ-Wave