Professional Documents
Culture Documents
Nothing 1
Nothing 1
INTRODUCTION
Let’s start with the overview
4 Work on IoT & Motivation : OWASP
▸ Prerequisites :
▹ IoT Architechture
▹ Devices Used
▹ Communication Channels
(Next Slide)
19 IoT Attack Surface
IoT Attack
Surface
(Entity
Based)
▸ Mobile
▸ Cloud
▸ Communication
▸ Device
20 IoT Attack Surface
Mobile :
▹ Storage
▹ Authentication
IoT Attack ▹ Encryption
Surface ▹ Communication
(Entity ▹ Sensor interface
Based) ▹ Peripheral interfaces
▹ Hardware interfaces
▹ Human machine Interface
24 IoT Attack Surface
Communication :
IoT Attack ▸ History tells us that all protocols will have their share
Surface of implementation flaws, protocol design flaws and
(Entity configuration flaws. (Task of Pentester)
Based)
28 IoT Attack Surface
Communication - Common protocols that are used in
various IoT products : “Others”
▸ CoAP : https://en.wikipedia.org/wiki/Constrained_Application_Protocol
▸ MQTT : https://en.wikipedia.org/wiki/MQTT
▸ AMQP : https://en.wikipedia.org/wiki/Advanced_Message_Queuing_Protocol
IoT Attack ▸ WebSocket : https://en.wikipedia.org/wiki/WebSocket
Surface ▸ CANbus : https://en.wikipedia.org/wiki/CAN_bus
(Entity ▸ DNP3 : https://en.wikipedia.org/wiki/DNP3
Based) ▸ HL7 : https://en.wikipedia.org/wiki/Health_Level_7
▸ XMPP : https://en.wikipedia.org/wiki/XMPP
▸ UPnP : https://en.wikipedia.org/wiki/Universal_Plug_and_Play
▸ <Your Named Protocol>
29 IoT Attack Surface
Device Attach Surface :
SD Card
USB
Storage
IoT Attack
Surface Non-volatile
(Entity Memory
Based)
Volatile Memory
Microcontroller
Internal Memory
30 IoT Attack Surface
Device Attach Surface :
UART
Microcontroller
H/W Communication
IoT Attack Debug Port
Interface
Surface
(Entity I2C
Based)
SPI
Sensor
31 IoT Attack Surface
Device Attach Surface :
WiFi
N/W Communication
IoT Attack
Interface
Surface
(Entity Ethernet
Based)
Radio
32
Any Questions?
33
THANKS!