The “things” are all around us, with more to come exponentially as days go by. Smart homes, connected cities, smart medical devices, industrial IoT, you name it – they all are targets for attacks that were not possible up until recent years, when they can be accessed from the cloud and controlled from your favorite mobile app.
During this course, we’ll go over the most common security vulnerabilities that exist in IoT products. We’ll go over each of those vulnerabilities, and witness how they can be exploited by having a demos of the tools and techniques attackers will use against our IoT product.
Security professionals and members of the software development team:
Architects & Designers
Before attending this course, students should be familiar with:
Basic knowledge of information systems
Background knowledge in networking
Development background, using at least one of the following languages: .NET, JAVA, PHP, Python, C/C++
Introduction to IoT security Common IoT Architectures Problems with IoT SDL Attacks & Misconceptions Tools for IoT security testing
Demonstrating the top 10 IoT security attacks
Insecure Web Interfaces Mobile App attacks Local Memory and Storage Device Physical Interfaces Device Firmware Insecure Network Services Insecure Network Traffic Authentication vulnerabilities Authorization vulnerabilities Denial of Service (DoS) attacks Live demos
Serial / UART hacking Extraction of flash content Memory extraction JTAG debugging Traffic manipulation of IoT devices Hacking RF and using SDR tools Firmware Extracting & Reversing
Mobile app security
Introduction to mobile app security Communication between mobile app and IoT products – http, BLE, etc. Client side storage Reverse engineering mobile apps Debugging mobile apps Manipulation of IoT devices via its mobile app Code patching
Server side security of IoT products
Manipulating the server side API of IoT products Authentication breach Authorization bypassing SQL injection Parameter tampering XSS Command injection Denial of Service