Nowadays the Internet consists of not only high-performance servers and personal computers, but it also includes numerous smart embedded devices. These embedded devices (aka. Internet of Things, or IoT) contain a number of IT security risks. Unfortunately, in many potential applications, the lack of IT security can lead to significant physical and material damage. That is why one of the biggest challenges today that hinder the intrusion of IoT into many new areas of application, is the lack of IT security.
My task was to provide an overview of the methods, processes and tools for testing Internet of Things devices from a security point of view and to present them as case studies.
IoT devices have three attack surfaces generally. The first one is the hardware of the device: internal-external interfaces, UART, SPI, I2C, JTAG communication. The second one is the software components used by the device: firmware, web server, mobile application. And the third one is the network and radio communication used by the device: WiFi, Zigbee, Bluetooth. I will present hardware and firmware analysis in detail, and I will only briefly write about analysing the web server, mobile application and radio communication. I will describe how to communicate with a device using the UART protocol, how to extract the content of a memory chip, how to obtain the firmware of a device, and how to analyse the firmware statically and dynamically. During the analysis I mainly used the firmware of different routers, because these devices are present in many places and are readily available unlike a more specific IoT device.
One of my main goals with this dissertation was to use it as educational material. This was accomplished, as I successfully presented it on undergraduate courses as part of another subject. In the future, this material could be expanded with more practical examples and could be used in an independent subject in education, for example in a laboratory course. Another goal was to present IoT security testing methodologies and tools as a know-how through case studies, which can be later used as a starting point or knowledge base for IoT security testing or IoT vulnerability assessment related research in CrySyS Laboratory.