About Practical IoT Hacking
The definitive guide to hacking the world of the Internet of Things (IoT) — Internet connected devices such as medical devices, home assistants, smart home appliances and more.
Practical IoT Hacking isn’t just another security book – it’s a philosophy on security testing developed by hackers for hackers, with a focus on concepts and techniques that will quickly get you testing actual IoT systems, devices and protocols.
The book starts with an introduction to the IoT security world, walking you through common IoT threats and giving you a framework for threat modeling that includes breaking down the architecture into components and using attack trees to identify threats. You’ll develop a security testing methodology, discover the silent art of passive reconnaissance, and conduct holistic manual security assessments on all layers of an IoT system. From there, you’ll enter the IoT network and perform VLAN hopping, crack MQTT authentication, punch holes through firewalls by abusing UPnP, develop an mDNS poisoner, and craft WS- Discovery attacks.
Later chapters deal specifically with hardware hacking, where you’ll uncover the inner workings of UART and JTAG/SWD, and explore how to leverage bus protocols (SPI, I2C) to attack embedded IoT devices. Radio hacking is also covered in-depth, with the authors demonstrating a variety of attacks against RFID systems, like cloning access cards, showing how to develop a LoRa traffic sniffer and helping you master techniques for attacking the Bluetooth Low Energy (BLE) protocol.
- Common IoT threats, like signal-jamming, replay, and hardware-integrity attacks
- Methods and tools for analyzing network protocols, like developing a Wireshark dissector for the DICOM protocol and writing a DICOM service scanner as an Nmap Scripting Engine (NSE) module
- How to hack a microcontroller through UART and SWD (Serial Wire Debug) interfaces
- Techniques for reverse engineering firmware and analyzing mobile companion apps (both Android and iOS)
- How to develop your own NFC fuzzer using Proxmark3
- Wi-Fi association attacks against wireless clients, and ways of abusing Wi-Fi Direct
- Techniques for hacking the smart home, like jamming wireless alarms, playing back IP camera feeds, and taking control of a smart treadmill