Practical IoT Hacking

The Definitive Guide to Attacking the Internet of Things

by Fotios Chantzis, Ioannis Stais, Paulino Calderon, Evangelos Deirmentzoglou, Beau Woods

About Practical IoT Hacking

The definitive guide to hacking the world of the Internet of Things (IoT) — Internet connected devices such as medical devices, home assistants, smart home appliances and more.

Practical IoT Hacking isn’t just another security book – it’s a philosophy on security testing developed by hackers for hackers, with a focus on concepts and techniques that will quickly get you testing actual IoT systems, devices and protocols.

The book starts with an introduction to the IoT security world, walking you through common IoT threats and giving you a framework for threat modeling that includes breaking down the architecture into components and using attack trees to identify threats. You’ll develop a security testing methodology, discover the silent art of passive reconnaissance, and conduct holistic manual security assessments on all layers of an IoT system. From there, you’ll enter the IoT network and perform VLAN hopping, crack MQTT authentication, punch holes through firewalls by abusing UPnP, develop an mDNS poisoner, and craft WS- Discovery attacks.

Later chapters deal specifically with hardware hacking, where you’ll uncover the inner workings of UART and JTAG/SWD, and explore how to leverage bus protocols (SPI, I2C) to attack embedded IoT devices. Radio hacking is also covered in-depth, with the authors demonstrating a variety of attacks against RFID systems, like cloning access cards, showing how to develop a LoRa traffic sniffer and helping you master techniques for attacking the Bluetooth Low Energy (BLE) protocol.

You’ll learn:

  • Common IoT threats, like signal-jamming, replay, and hardware-integrity attacks
  • Methods and tools for analyzing network protocols, like developing a Wireshark dissector for the DICOM protocol and writing a DICOM service scanner as an Nmap Scripting Engine (NSE) module
  • How to hack a microcontroller through UART and SWD (Serial Wire Debug) interfaces
  • Techniques for reverse engineering firmware and analyzing mobile companion apps (both Android and iOS)
  • How to develop your own NFC fuzzer using Proxmark3
  • Wi-Fi association attacks against wireless clients, and ways of abusing Wi-Fi Direct
  • Techniques for hacking the smart home, like jamming wireless alarms, playing back IP camera feeds, and taking control of a smart treadmill



Lead Author

FOTIOS (FOTIS) CHANTZIS is laying the foundation for a safe and secure Artificial General Intelligence (AGI) at OpenAI. Previously, he worked as a principal information security engineer at Mayo Clinic, where he managed and conducted technical security assessments on medical devices, clinical support systems, and critical healthcare infrastructure. He has been a member of the core Nmap development team since 2009, when he wrote Ncrack under the mentorship of Gordon "Fyodor" Lyon, the original author of Nmap, during the Google Summer of Code. He later worked as a mentor for the Nmap project during the Google Summer of Code 2016 and 2017 and has authored a video course about Nmap. His research on network security includes exploiting the TCP Persist Timer (you can find his paper on the topic published in Phrack #66) and inventing a stealthy port scanning attack by abusing XMPP. Fotis has presented at notable security conferences, including DEF CON. Highlights of his work can be found at his site


Lead Author

IOANNIS STAIS is a senior IT security researcher and Head of Red Teaming at CENSUS S.A., a company that builds on strong research foundations to offer specialized cybersecurity services to customers worldwide. Ioannis has participated in more than 100 security assessment projects, including the assessment of communication protocols, web and mobile banking services, NFC payment systems, ATMs/POS, critical medical appliances and MDM solutions. He has presented in the past in security conferences such as Black Hat Europe, Troopers and Security Bsides.



PAULINO CALDERON is a published author and international speaker with over 12 years of experience in network and application security. When he isn’t traveling to security conferences or consulting for Fortune 500 companies with Websec, a company he co-founded in 2011, he spends peaceful days enjoying the beach in Cozumel, Mexico.



EVANGELOS DEIRMENTZOGLOU is an information security professional interested in solving security problems at scale. He led and structured the cybersecurity capability of the financial tech startup Revolut. A member of the open-source community since 2015, he has made multiple contributions to Nmap and Ncrack.



BEAU WOODS is a cyber safety innovation fellow with the Atlantic Council, a Senior Advisor and Strategist with the Cybersecurity and Information Security Agency, and a leader with the I Am The Cavalry grassroots initiative. He is also the founder and CEO of Stratigos Security and sits on the board of several hacker-based nonprofits.