Introduction to IoT and Its Security

Mr. Avinash Kumar

Assistant Professor, Department of
Computer Science and Engineering,
School of Engineering and Technology
(SET), Sharda University, India.
M.Sc, Cyber Security, United Kingdom.
Certified Ethical Hacker.
 Agenda
• IoT Ecosystem
• IoT Testing Methodologies
• IoT Research & Results
The IoT Ecosystem
 IoT Ecosystem

• Embedded Hardware
• Mobile & Control Applications Mobile
• Cloud APIs & Web Services

Ne
or

t
tw
• Network Communication

w
or
Ne

k
• Data Data
Hardware Cloud

Network
Ecosystem Approach

* Help Identify exposure footprint

* Threat modeling for risk
* Determine Impact across ecosystem
* Conducting security testing
IoT Testing Methodologies
Testing Methodology Structure

* Functional Evaluation
* Device Reconnaissance
* Cloud & Web APIs
* Mobile & Control Applications
* Network
* Physical Embedded hardware Inspection
* Physical Device Attacks
* Radio (RF)
Functional Evaluation

* Standard deployment
* Two environments
* Map out
- Features
- Functions
- Components
- Communication paths
Device Reconnaissance

* Component versions
* Software versions
* Vulnerability history
* Open source data
* White labeled product history
* User Manuals
* Component data/spec sheets
* FCC Data
Device Reconnaissance
Eview Panic Button Reconnaissance

User manual very revealing

Mobile & Control Applications

* Encryption (storage and transfer)

* Authentication
* Access rights
* Communication protocols
* SSL pinning
Mobile Application

Wink Hub 2 Unencrypted Storage of Credentials

 Insteon Smart Hub
Unencrypted Storage of Credentials
Cloud & Web APIs

* Encryption (storage and transfer)

* Authentication and session management
* Common web vulnerabilities
- XSS
- CSRF
- Injection attacks (SQLi etc..)
- Business logic attacks
Cloud API’s Wink Hub 2
 Cloud API’s
Wink Hub 2 Failure to Revoke 0auth Token
Network

* Exposed services
* Authentication
* Access rights
* Encryption
* Intra product “ecosystem” communication
 Network
Device Local Mode Security

* Loss of internet access

* Lack of authentication
* Lack of encryption
 Osram Lightify
Over The Air (OTA) Firmware Captures with Wireshark
Physical Embedded hardware inspection

* Chips
- CPU
- Memory
- Communication

* Physical Ports
- Ethernet
- USB
- Serial

* Circuitry connection
- UART
- JTAG
- SPI
Physical Device Attacks

* JTAG/SWD
* UART
* SPI
* Memory extraction
- Firmware
- configurations
Flash Memory Extraction on Wink Hub 2
Flash Memory Extraction on Wink Hub 2
Gathering RF Configuration Data
from Inter Chip Communication
Gathering RF Configuration Data
from Inter Chip Communication
Gathering RF Configuration Data
from Inter Chip Communication
 Firmware Extraction
embedded Multi-Media Controller (eMMC)
 Firmware Extraction
embedded Multi-Media Controller (eMMC)
 Firmware Extraction
embedded Multi-Media Controller (eMMC)
Radio (RF)

* Encryption
* Pairing
* Access Control
* Command and control
* Replay attacks
 RF Analysis
Insteon Vulnerable to Replay Attacks
 Insteon RF Anlaysis Reconnaissance

Circle back around for more Insteon RF recon

• Peter Shipley
• Defcon23 (False Security and Deceptive
Documentation)
• https://github.com/evilpete/insteonrf

Appears this issues have never been correctly, specially the

unencrypted communication – even on their own products
 Conclusion

Reduced issues
Reduced risk
Better products
Deeper understanding
Questions
Thank You
Functional View
IoT
• Functional View describes the system's runtime Functiona
l Components, their responsibilities, default functions, inte
rfaces and primary interactions. The Functional View deriv
es from the Functional Model and reflects the developer's
perspectives on the system.

• It will need to be extended with all identified and recomm

ended) new profile-specific Functional Components includ
ing their interfaces and a list of Sequence Charts illustrati
ng recommended usage of those components.
IoT
• Functional View describes the system's runtime Functiona
l Components, their responsibilities, default functions, inte
rfaces and primary interactions. The Functional View deriv
es from the Functional Model and reflects the developer's
perspectives on the system.

• It will need to be extended with all identified and recomm

ended) new profile-specific Functional Components includ
ing their interfaces and a list of Sequence Charts illustrati
ng recommended usage of those components.
IoT
•  The viewpoints used for constructing the IoT Functional V
iew are hence :

1) The Unified Requirements;

2) The IoT Functional Model

Once all Functional Components are defined, the default f

unction set,system use cases, sequence charts and interf
ace definitions are made.
IoT
• Device and Application functional group : Device function
al components contains the sensing, actuation tag, proce
ssing and storage components. Application functional gro
up contains standalone application.

• Communication functional group : It contains the compo

nents for end-to-end communication, network communica
tion, and Hop-by-Hop communication