The Internet of Things (IoT hacking tools ) and embedded devices present a new challenge for ethical hackers hoping to understand the security vulnerabilities these devices contain. To hack IoT interfaces as well as integrated applications, one needs knowledge of Python, Swift and PHP, among others. Knowing these programming languages combined with using some IoT hacking tools will give you the ability to hack several types of IoT devices.
Useful IoT Hacking Tools
Hacking tools make ethical hacking easier by helping to automate the steps involved. Certified hackers can use them to perform certain functions that help in finding loopholes in the device. Knowledge of existing flaws can then be shared with manufacturers to help better strengthen their defenses.
With that in mind, here we take a look at some of the popular IoT hacking tools that are capable of making every ethical hacker’s job easier.
Since IoT devices rely on networks to communicate with each other and with external routers, finding a way to capture packets and debug network information to find vulnerabilities is critical. This is where Wireshark comes in handy. Using the Export Objects feature within the tool, you can extract all network traffic from the collected pcap data and see if an attacker is trying to intercept traffic generated by an IoT device.
Ethical hackers can also use the TCP handshake to set up a TCP communication channel in Wireshark for TCP bounce and DDoS amplification. Programs within a network can be identified as targets for DDoSing applications with TCP bounces, especially those that send a large number of SYN/ACK packets but receive no response.
Fiddler is an open source tool that allows users to trace, manipulate and reuse HTTP requests. Many use it for debugging to see the HTTP requests their system sends to a website or service. What many ethical hackers don’t know is that it can actually be used as an HTTP proxy.
There is a “Connections” tab in Fiddler’s settings that allows users to select the “Remote Connections” option. After selecting this option, you can go to the IoT device, which will allow you to configure the proxy and tell it to use your computer’s IP address as an HTTP proxy. By following these steps, you will ensure that all types of activities performed on this device are routed through Fiddler.
As a result, you can scan the traffic going between the server and the IoT device to look for problems like clear text (which was found on the Nest thermostat).
Binwalk is a firmware extraction tool developed by Craig Heffner. It helps ethical hackers to understand and analyze the firmware of IoT devices. Running binwalk on the firmware file of the embedded device allows you to load the contents of the file system and other data that is stored in the firmware.
Once extracted, the tool can be used to analyze any version of common binaries to see if a corresponding exploit is present in the firmware images. Binwalk uses the libmagic library, so it is also compatible with magic signatures created for Unix file tools. More details on Binwalk availability can be found here.
Firmwalker is a bash script that scans files extracted from IoT firmware to see if they are vulnerable. The only requirement is that the tool and the extracted firmware file are in the same folder.
Once you put them in the same place, the output file generated by Firmwalker – Firmwalker.text – will highlight a list of potential problems, which could be any of the following:
- etc/ ssl directory
- etc/passwd and etc/shadow
- configuration, script and other .bin files
- Keywords like remote, admin, password, etc.
- Common binaries like dropbear, tftp and ssh
- Common web servers present on IoT devices
- Random IP addresses, email IDs and URLs
- Experimental ability to use the Shodan CLI to call the Shodan API
- Any IoT device that faces any of these issues is vulnerable and can be attacked.
It is important to ensure that the cloud interface of the IoT device is not vulnerable to XSS, CSRF and SQLi. This is where SAINT – the static pollution analysis program – shines.
Essentially, SAINT monitors the flow of information from sensitive sources (such as Internet connections) to detect sensitive data flows in IoT applications. It then performs a static pollution analysis that tracks how the source data propagates through a sink, such as a network interface.
All this is done by extracting IRs (Instantaneous Representations) from the IoT application source code. Start by running the SAINT analyzer, then wait for IR to create event handlers, call graphs, and entry points.
SAINT does not say whether data streams and potential leaks are harmful or harmful; however, an ethical hacker can further analyze SAINT’s output to determine whether an IoT application adheres to its ethics and alerts users to make informed decisions about privacy risks associated with the application, such as when the user’s location is transmitted.
OWASP ON (Zed Attack Proxy)
Web interfaces on some IoT devices do not log users out of their accounts after multiple failed login attempts, as well as do not offer sufficient protection against SQL injections and XSS. Fortunately, tools like Zed Attack Proxy allow ethical hackers to perform proxies, spidering, and fuzzing to attack web interfaces and find potential vulnerabilities.
After running ZAP, the right part will give you a URL section to specify the target to check. The tool also allows ethical hackers to launch their preferred browser for manual testing. Detected issues are transferred to the bottom section, where the “Notifications” tab provides additional information about the detected vulnerabilities.
ZAP can be used to check if operating system commands have been misused to spy on files present on the web application server hosting, if proper input sanitization using malicious data such as /etc/passwd& and others has been used in the input field.
It is a set of tools that can be used to attack IoT applications. Metasploit comes with a number of modules (software components that perform a specific attack on a selected target) that can test an application for common vulnerabilities used by black-hat hackers. Once started, you can run commands that use the exploit module you want to run against the application and try to break it.
To give an example, several REST APIs are increasingly dependent on SSL. With Metasploit modules, you can test the system to see how it reacts to SSL vulnerabilities such as the popular Heartbleed bug. Overall, the IoT hacking tool has hundreds of exploits that you can test apps against.
After learning what these IoT hacking tools have to offer, you will find that you can ethically hack and test many aspects of IoT devices. With these handy programs, you can check for insecure firmware and analyze the web interface and more. Feel free to test them out and don’t forget to come back and leave a comment about your experience.
- Lab 9.1.3 Using Wireshark to Observe the TCP Three-way Handshake, Cisco
- Sebastian Vasile, David Oswald, and Tom Chothia, “Breaking all the Things — A Systematic Survey of Firmware Extraction Techniques for IoT Devices,” University of Birmingham
- OWASP Zed Attack Proxy (ZAP), OWASP