Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to IOT and Firmware Reversing

Published byCori Reynolds Modified over 6 years ago

Similar presentations

Presentation on theme: "Introduction to IOT and Firmware Reversing"— Presentation transcript:

1 Introduction to IOT and Firmware Reversing

2 WhoAmI Security Consultant with Payatu Technologies
Experience in Web Pentesting, VAPT and Mobile Appsec (Android Only) and currently learning IOT. Twitter Handle – nitmalviya03

3 Topics to be covered Introduction to IOT IOT Applications
Protocols in IOT system Components Involved IOT security Firmware Extraction and Reversing Topics for future session Automated Framework

4 What is IoT ?? The internet of things (IoT) is the network of physical devices, vehicles, buildings and other items—embedded with electronics, software, sensors, actuators, and network connectivity that enable these objects to collect and exchange data(Wikipedia) Internet of things increases the connectedness of people and things on a scale that once was unimaginable.

5 Devices like… Networking devices(routers, firewalls, IDS)
Set-top boxes Medical devices(Health monitors) Mobile phones. Home security systems Vehicles, in-flight entertainment. Thermostats, metering systems, consumer electronics Displays

6 Various Names, One Concept
Information Security Office of Budget and Finance Education – Partnership – Solutions M2M (Machine to Machine) “Internet of Everything” (Cisco Systems) “World Size Web” (Bruce Schneier) “Skynet” (Terminator movie) British entrepreneur Kevin Ashton first coined the term in 1999 while working at Auto-ID Labs (originally called Auto-ID centers - referring to a global network of Radio-frequency identification (RFID) connected objects).[10] Typically, IoT is expected to offer advanced connectivity of devices, systems, and services that goes beyond machine-to-machine communications (M2M) and covers a variety of protocols, domains, and applications.[11] The interconnection of these embedded devices (including smart objects), is expected to usher in automation in nearly all fields, while also enabling advanced applications like a Smart Grid,[12] and expanding to the areas such as smart cities. Cisco Systems refers to IoT as the “Internet of Everything”… Bruce Schinerer recently referred to two new colloquial terms – World Spanning Robot and Benign Organization. There is also the term “Skynet” in reference to the Terminator movies that is frequently discussed in Blog and online postings/jargon.

7 Where is IoT? It’s everywhere! Information Security
Office of Budget and Finance Education – Partnership – Solutions It’s everywhere! IoT is everywhere! (Audience Participation)

8 Information Security M2M/IoT Sector Map :: Beecham Research
Office of Budget and Finance Education – Partnership – Solutions M2M/IoT Sector Map :: Beecham Research The following graphic from Beecham Research depicts how the Internet of Things may interact with various service sectors within the public/private sectors and ordinary consumers. Public sector entities (such as universities) may have some level of involvement and interaction within all service sectors depicted; ranging from the operation and industry elements of buildings, to levels of research, retail entities, transportation, and IT/Networks. **Place emphasis on service sectors, that it is likely that at least one example of devices may be found within university networks.

9 The IoT Protocols Various protocols used are – HTTP WebSocket
XMPP – Extensible Messaging and Presence Protocol CoAP – Constrained Application Protocol MQTT - Message Queue Telemetry Transport AMQP – Advanced Message Queuing Protocol

10

11 Why be concerned about IoT?
It’s just another computer, right? All of the same issues we have with access control, vulnerability management, patching, monitoring, etc. Imagine your network with 1,000,000 more devices Any compromised device is a foothold on the network Like all new technology, the Internet of Things brings both a beneficial and disruptive element. With the concept of “always-on”, such technology will require a change in mindset when considering implementation of products and services related to IoT. Since IoT is more and more an element in the daily lives of individuals and organizations, maintaining both privacy, security and business operations/opportunities will be more of a priority both today and in the future.

12 Attacking IoT Devices Default, weak, and hardcoded credentials
Education – Partnership – Solutions Default, weak, and hardcoded credentials Difficult to update firmware and OS Lack of vendor support for repairing vulnerabilities Vulnerable web interfaces (SQL injection, XSS) Coding errors (buffer overflow) Clear text protocols and unnecessary open ports DoS / DDoS Physical theft and tampering Issues that are common when attacking IoT infrastructure is similar to current levels of attacks that are currently experienced today. The avenue of how attacks may occur may however be through untraditional methods: It may be more often to find default, weak, and hardcoded credentials (usernames passwords) within IoT devices The issue of upgrading firmware to counter vulnerabilities may be dependent both upon how devices are designed during development; issues may occur that upgrading may break functionality. For this reason, vendors may be hesitate or refuse to render support in product lines and make adjustments during the next design phase of projects. Certain IoT devices with embedded web services may also be subject to the same vulnerabilities that commonly plague web server platforms today; also with the premise that updating such functionality may run into the same issues such as Buffer overflows are quite common vulnerabilities within technology infrastructure, with IoT no exception. Devices may also at times use protocols that transmit credentials in the clear, in addition to having open ports DOS/DDOS attacks may be the results in hacking or hijacking IoT devices on network(s); it also possible that through misconfigurations of IoT devices that such “attacks” may be false positives and cause business disruption The issue of physical attacks of IoT devices may result in tampering to inject malicious code or make hardware modifivcations to IoT devices. In addition, impersonating or counterfeiting devices may be issues when safeguards are not in place to protect physical security. Infiltration through non-traditional communication protocols; such as Bluetooth, Zigbee, Zwave, Sigfox, NFC, 6LowPAN, and other types of non traditional wireless communication outside of Wifi. communication protocols as well that may not be within scope through common incident and forensic management tools. Cross-site scripting – certain IoT devices may have embedded web server technology, putting them at risk Buffer overflows – design flaws that may not be immediately corrected because of patching mechanisms, developmental issues during the SDLC process Open ports – common issue on device ports that are not locked down and may be used via reconnaissance.

13 What we going to discuss
Firmware Reversing

14 What is Firmware Ascher Opler coined the term "firmware" in 1967.
Firmware is data that is stored on a computer or other hardware device's read-only memory that provides instruction on how that device should operate. Unlike normal software, firmware cannot be changed or deleted by an without the aid of special programs and remains on that device whether or not it's on or off.

15 Firmware Extraction Firmware Extraction - Process of extracting firmware from the embedded device Method – Embedded Device  Firmware Extraction via hardware Interfaces  Hex File  Conversion to Bin File  Bin File Extraction NOTE - We will be learning bin file extraction and not hardware extraction part.

16

17 Tools of the trade Binwalk (will be using this) Firmwalk
Firmware Modification Kit Firmdyne ERESI Framework FRAK – Firmware Reverse Analysis Konsole

18 What to do ? Get the firmware Reconnaisannce Unpack
Localize point of interest Pentest

19 Any vulnerable bin file for analysis/pentest ??
DVRF - Damn Vulnerable Router Firmware Get it here - For our demo will use dlink firmware -DIR412A1_FW114WWb02.bin Link html

20 DEMO TIME

21 Any website for automated binary analysis ??
Upload your binary file here - Many times it does not work. Thus, not much reliable.

22 What needs to be covered/learn….
QEMU – Emulator for running binaries based on MIPS/ARM architecture. Reversing binaries using IDA pro (Useful in login bypass and key extraction) IOT components and its functionalities in depth. IOT protocols

23 OWASP IOT TOP 10 Various file systems used in IOT devices. Firmware extraction using Hardware Interfaces (UART,JTAG,I2C etc) Firmware Reversing tools apart from binwalk. Common Processor Architectures

24 Types of memory in embedded devices.
Types of storage. Common Operating systems used in embedded devices. Various Bootloaders. Common libraries....

25 And last but not the least ……a final and small demo on….

26 Is there any automated Framework??
Like metasploit we have routersploit  Get it here - Just run rsf.py and enjoy!!! A very Small Demo

27 Thank You

28 References http://www.devttys0.com/ https://www.coursera.org/

Download ppt "Introduction to IOT and Firmware Reversing"

Similar presentations

Amazon. Cloud computing also known as on-demand computing or utility computing. Similar to other utility providers like electric, water, and natural gas,

Amazon. Cloud computing also known as on-demand computing or utility computing. Similar to other utility providers like electric, water, and natural gas,
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
CS 290C: Formal Models for Web Software Lecture 1: Introduction Instructor: Tevfik Bultan.

CS 290C: Formal Models for Web Software Lecture 1: Introduction Instructor: Tevfik Bultan.
Computer Networks IGCSE ICT Section 4.

Computer Networks IGCSE ICT Section 4.
The Internet & The World Wide Web Notes

The Internet & The World Wide Web Notes
OWASP Mobile Top 10 Why They Matter and What We Can Do

OWASP Mobile Top 10 Why They Matter and What We Can Do
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.

1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
1 We’ve been p0wn’d? Review of 2015 Surface Transportation Cybersecurity Incidents 2015 TRB Session 850 Edward Fok USDOT/FHWA – Resource Center.

1 We’ve been p0wn’d? Review of 2015 Surface Transportation Cybersecurity Incidents 2015 TRB Session 850 Edward Fok USDOT/FHWA – Resource Center.
Honeypot and Intrusion Detection System

Honeypot and Intrusion Detection System
Internet of Things Top Ten. Agenda -Introduction -Misconception -Considerations -The OWASP Internet of Things Top 10 Project -The Top 10 Walkthrough.

Internet of Things Top Ten. Agenda -Introduction -Misconception -Considerations -The OWASP Internet of Things Top 10 Project -The Top 10 Walkthrough.
Building Secure Web Applications With ASP.Net MVC.

Building Secure Web Applications With ASP.Net MVC.
Engineering Secure Software. Agenda  What is IoT?  Security implications of IoT  IoT Attack Surface Areas  IoT Testing Guidelines  Top IoT Vulnerabilities.

Engineering Secure Software. Agenda  What is IoT?  Security implications of IoT  IoT Attack Surface Areas  IoT Testing Guidelines  Top IoT Vulnerabilities.
Internet of Things. IoT Novel paradigm – Rapidly gaining ground in the wireless scenario Basic idea – Pervasive presence around us a variety of things.

Internet of Things. IoT Novel paradigm – Rapidly gaining ground in the wireless scenario Basic idea – Pervasive presence around us a variety of things.
Internet of everything

Internet of everything
Education – Partnership – Solutions Information Security Office of Budget and Finance Christopher Giles Governance Risk Compliance Specialist The Internet.

Education – Partnership – Solutions Information Security Office of Budget and Finance Christopher Giles Governance Risk Compliance Specialist The Internet.
Kali Linux BY BLAZE STERLING. Roadmap  What is Kali Linux  Installing Kali Linux  Included Tools  In depth included tools  Conclusion.

Kali Linux BY BLAZE STERLING. Roadmap  What is Kali Linux  Installing Kali Linux  Included Tools  In depth included tools  Conclusion.
Penetration Testing By Blaze Sterling. Roadmap What is Penetration Testing How is it done? Penetration Testing Tools Kali Linux In depth included tools.

Penetration Testing By Blaze Sterling. Roadmap What is Penetration Testing How is it done? Penetration Testing Tools Kali Linux In depth included tools.
Unit 2 Personal Cyber Security and Social Engineering Part 2.

Unit 2 Personal Cyber Security and Social Engineering Part 2.
I NTERNET OF T HINGS. 2 By, Dr. Kayarvizhy N An Introduction to Internet of Things Associate Professor BMS College of Engineering Bull Temple Road Bangalore.

I NTERNET OF T HINGS. 2 By, Dr. Kayarvizhy N An Introduction to Internet of Things Associate Professor BMS College of Engineering Bull Temple Road Bangalore.

Similar presentations

Ads by Google