IoT Architecture and Attack Surface

• Attack surfaces
  1. Internal network - Wifi (SSH, Telnet)
  2. Short-range wireless - BT - NFC - RFID
  3. Mobile App
  4. API
  5. Hardware - Main focus of us right now
• Find vulnerabilities to attack other doors

Zero Day Initiative — TP-Link WAN-side Vulnerability CVE-2023-1389 Added to the Mirai Botnet Arsenal

Internet Facing IoT Devices

• Shodan

Hardware OSINT via FCC ID

• FCC Generic OET Search: https://apps.fcc.gov/oetcf/eas/reports/GenericSearch.cfm
  • fccid.io: https://fccid.io/
  • Regulate communication
  • Look for the FCC ID
  • Look for the exhibit
  • Can start at the photos while receiving the tool 😋
  • Sometimes, the schematics are not confidential, so check for those
• Visual inspection, Multimeter probing, UART reading ⇒ part of recon

Embedded System Components

• Bare metal
• Real-Time Operating System (RTOS) - Lighter than an OS while offering handy tools like memory management

→ Both runs on Microcontroller

• Less powerful
• Includes RAM and ROM
• Embedded Linux

→ Runs on Microprocessor

• More powerful
• External RAM and ROM

Locating and Reading Datasheets

• Microscope, magnifying lens, phone camera to read small component details
• Put the datasheets in the notes
• RAM attacks are more advanced - for instance, get unencrypted data from the ram

Locating Firmware online