Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts
Format: PDF / Kindle (mobi) / ePub
A future with billions of connected "things" includes monumental security concerns. This practical book explores how malicious attackers can abuse popular IoT-based devices, including wireless Led lightbulbs, electronic door locks, baby monitors, smart Tvs, and connected cars.
If you’re part of a team creating applications for Internet-connected devices, this guide will help you explore security solutions. You’ll not only learn how to uncover vulnerabilities in existing IoT devices, but also gain deeper insight into an attacker’s tactics.
- Analyze the design, architecture, and security issues of wireless lighting systems
- Understand how to breach electronic door locks and their wireless mechanisms
- Examine security design flaws in remote-controlled baby monitors
- Evaluate the security design of a suite of IoT-connected home products
- Scrutinize security vulnerabilities in smart Tvs
- Explore research into security weaknesses in smart cars
- Delve into prototyping techniques that address security in initial designs
- Learn plausible attacks scenarios based on how people will likely use IoT devices
Protocol to communicate with the bulbs. The bridge also uses a shared secret key to maintain an HTTP-based outbound connection with the hue infrastructure. This connection is used by the bridge to pick up commands that are routed through the hue website (or the iOS app, if the user is remote). It is possible for a flaw to exist in the implementation of ZLL or the encryption used by the bridge. However, to exploit the issue, the attacker would need to be physically close to the victim (to abuse an.
First launch, the user is asked to specify an email address and password. As shown in Figure 2-7, passwords must be at least eight characters long and include at least one number. 50 CHAPTER 2: ELECTRONIC LOCK PICKING—ABUSING DOOR LOCKS TO COMPROMISE PHYSICAL SECURITY FIGURE 2-7. Minimum password requirements in the Kevo iPhone app As shown in Figure 2-8, the Kevo app implements a policy that locks out the account if an incorrect password is entered six times in a row. The lockout is.
Flaws and attacks. In this section, we will take a look at how the lack of understanding of basic encryption algorithms led a Samsung Smart TV to become vulnerable to a local (physical access required) attack that allowed the user to modify the TV’s firmware. This is a similar outcome to the TOCTTOU scenario, but the attack vector exploits an implementation flaw that uses XOR encryption. We will quickly recap the XOR algorithm and analyze how the attack works. UNDERSTANDING XOR XOR (eXclusive.
29 2013 validinfo.txt -rw-r--r-- 1 apple apple 48 Apr 29 2013 version_info.txt CURSORY EXPLORATION OF THE OPERATING SYSTEM Now let’s examine the underlying platform supporting the popular Samsung Smart TVs. We’ve already obtained and decrypted the firmware. Let’s access it and take a look at its contents. This will allow us to understand how Smart TVs are architected. This understanding in turn will help us comprehend existing attack vectors more deeply. In addition, this information will help.