Book Image

IoT Penetration Testing Cookbook

By : Aaron Guzman, Aditya Gupta
Book Image

IoT Penetration Testing Cookbook

By: Aaron Guzman, Aditya Gupta

Overview of this book

IoT is an upcoming trend in the IT industry today; there are a lot of IoT devices on the market, but there is a minimal understanding of how to safeguard them. If you are a security enthusiast or pentester, this book will help you understand how to exploit and secure IoT devices. This book follows a recipe-based approach, giving you practical experience in securing upcoming smart devices. It starts with practical recipes on how to analyze IoT device architectures and identify vulnerabilities. Then, it focuses on enhancing your pentesting skill set, teaching you how to exploit a vulnerable IoT device, along with identifying vulnerabilities in IoT device firmware. Next, this book teaches you how to secure embedded devices and exploit smart devices with hardware techniques. Moving forward, this book reveals advanced hardware pentesting techniques, along with software-defined, radio-based IoT pentesting with Zigbee and Z-Wave. Finally, this book also covers how to use new and unique pentesting techniques for different IoT devices, along with smart devices connected to the cloud. By the end of this book, you will have a fair understanding of how to use different pentesting techniques to exploit and secure various IoT devices.
Table of Contents (19 chapters)
Title Page
About the Authors
About the Reviewers
Customer Feedback


IoT is a term used to reference embedded devices connected to a network in some form or fashion. Some devices are retrofitted to include modules that connect them to a network, and others are cutting edge devices created for specific needs. In each case, these devices create a risk to the safety of enterprises, nations, and individuals. Whether you are new to penetration testing or a seasoned pen tester, IoT Penetration Testing Cookbook contains recipes to help security professionals holistically assess and defend IoT ecosystems.

What this book covers

Chapter1, IoT Penetration Testing, begins by covering the basic concepts of IoT and mapping out what IoT penetration testing entails.

Chapter 2, IoT Threat Modeling, dives into what threat modeling is and how to conduct a threat model for an IoT device's ecosystem.

Chapter 3, Analyzing and Exploiting Firmware, explores how to reverse engineer an IoT device's firmware and exploit common vulnerabilities.

Chapter 4, Exploitation of Embedded Web Applications, explains the different types of embedded web applications and how to discover exploitable vulnerabilities to gain control of an IoT device.

Chapter 5, Exploiting IoT Mobile Applications, jumps into the basics of reverse engineering IoT mobile applications and discovering commonly found vulnerabilities to gain access to unauthorized functions.

Chapter 6, IoT Device Hacking, introduces basic hardware hacking techniques to compromise the IoT device component.

Chapter 7, Radio Hacking, introduces software-defined radio concepts and tools to discover and exploit commonly used wireless protocols in IoT.

Chapter 8, Firmware Security Best Practices, discusses how embedded developers can incorporate security controls into IoT device firmware to protect against common vulnerabilities.

Chapter 9, Mobile Security Best Practices, explains how mobile applications can employ proactive measures to ensure IoT applications are secured.

Chapter 10Securing Hardware, dives into best practices for improving hardware security to prevent reverse engineering.

Chapter 11, Advanced IoT Exploitation and Security Automation, explains how to exploit and chain vulnerabilities together to gain control over an IoT product. Additionally, this chapter demonstrates how to implement automated application security scans into continuous integration environments.

What you need for this book

Following are the software requirements for this book:

  • Microsoft Threat Modeling Tool 2016
  • Binwalk, Firmadyne, Firmwalker, Angr (optional), Firmware-mod-toolkit, Firmware analysis toolkit, GDB, Radare2 (optional), Binary Analysis Tool (BAT), Qemu, IDA Pro (optional)
  • Burp Suite, OWASP ZAP
  • Mobile Security Framework (MobSF), Idb, SQLite Browser 3.10.1, Cydia, openURL, dumpdecrypted, ipainstaller, SSL Kill Switch 2, Clutch2, Cycript, JD-GUI, Hopper
  • Node security project (Nsp), Retirejs, Dependency-check, flawfinder, Jenkins 2.60.3

Following are the hardware requirements for this book:

  • Attify Badge (alternatively, a combination of C232HM-DDHSL-0 cable and Adafruit FTDI Breakout), Salae Logic Sniffer (8-Channel), RzRaven USB Stick flashed with KillerBee framework, JTAGulator, Xbee with Xbee Shield, Ubertooth, BLE adapter

Who this book is for

This book is for software developers, quality assurance professionals, and security professionals who are looking to get familiar with discovering and exploiting vulnerabilities in IoT systems, as well as those who are interested in employing proactive defensive security controls.


In this book, you will find several headings that appear frequently (Getting ready, How to do it…, How it works…, There's more…, and See also). To give clear instructions on how to complete a recipe, we use these sections as follows:

Getting ready

This section tells you what to expect in the recipe, and describes how to set up any software or any preliminary settings required for the recipe.

How to do it…

This section contains the steps required to follow the recipe.

How it works…

This section usually consists of a detailed explanation of what happened in the previous section.

There's more…

This section consists of additional information about the recipe in order to make the reader more knowledgeable about the recipe.

See also

This section provides helpful links to other useful information for the recipe.


In this book, you will find a number of text styles that distinguish between different kinds of information. Here are some examples of these styles and an explanation of their meaning. Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows:

"If we open the preferences file by double-clicking, we will see OAuth access_tokens and refresh_tokens stored in unprotected storage (CVE-2017-6082)."

A block of code is set as follows:

/atlassian- jira" reloadable="false" useHttpOnly="true">

Any command-line input or output is written as follows:

adb pull data/data/ /path/to/store/realdb

New terms and important words are shown in bold. Words that you see on the screen, for example, in menus or dialog boxes, appear in the text like this: "Click on View Class Dump to list the application's class details."


Warnings or important notes appear like this.


Tips and tricks appear like this.

Reader feedback

Feedback from our readers is always welcome. Let us know what you think about this book-what you liked or disliked. Reader feedback is important for us as it helps us develop titles that you will really get the most out of. To send us general feedback, simply e-mail [email protected], and mention the book's title in the subject of your message. If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide at .

Customer support

Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.

Downloading the example code

You can download the example code files for this book from your account at If you purchased this book elsewhere, you can visit and register to have the files e-mailed directly to you. You can download the code files by following these steps:

  1. Log in or register to our website using your e-mail address and password.
  2. Hover the mouse pointer on the SUPPORT tab at the top.
  3. Click on Code Downloads & Errata.
  4. Enter the name of the book in the Search box.
  5. Select the book for which you're looking to download the code files.
  6. Choose from the drop-down menu where you purchased this book from.
  7. Click on Code Download.

You can also download the code files by clicking on the Code Files button on the book's webpage at the Packt Publishing website. This page can be accessed by entering the book's name in the Search box. Please note that you need to be logged in to your Packt account. Once the file is downloaded, please make sure that you unzip or extract the folder using the latest version of:

  • WinRAR / 7-Zip for Windows
  • Zipeg / iZip / UnRarX for Mac
  • 7-Zip / PeaZip for Linux

The code bundle for the book is also hosted on GitHub at We also have other code bundles from our rich catalog of books and videos available at Check them out!

Downloading the color images of this book

We also provide you with a PDF file that has color images of the screenshots/diagrams used in this book. The color images will help you better understand the changes in the output. You can download this file from


Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books-maybe a mistake in the text or the code-we would be grateful if you could report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting, selecting your book, clicking on the Errata Submission Form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website or added to any list of existing errata under the Errata section of that title. To view the previously submitted errata, go to and enter the name of the book in the search field. The required information will appear under the Errata section.


Piracy of copyrighted material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works in any form on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy. Please contact us at [email protected] with a link to the suspected pirated material. We appreciate your help in protecting our authors and our ability to bring you valuable content.


If you have a problem with any aspect of this book, you can contact us at [email protected], and we will do our best to address the problem.