The “things” are all around us, with more to come exponentially as days go by. Smart homes, connected cities, smart medical devices, industrial IoT, you name it – they all are targets for attacks that were not possible up until recent years, when they can be accessed from the cloud and controlled from your favorite mobile app.
During this course, we’ll go over the most common security vulnerabilities that exist in IoT products. We’ll go over each of those vulnerabilities, and witness how they can be exploited by having a demos of the tools and techniques attackers will use against our IoT product.
Target audience
Security professionals and members of the software development team:
Penetration testers
Developers
Team Leaders
Architects & Designers
Prerequisites
Before attending this course, students should be familiar with:
Basic knowledge of information systems
Background knowledge in networking
Development background, using at least one of the following languages: .NET, JAVA, PHP, Python, C/C++
Topics
Introduction
Common IoT Architectures
Problems with IoT SDL
Attacks & Misconceptions
Tools for IoT security testing
Demonstrating the top 10 IoT security attacks
Mobile App attacks
Local Memory and Storage
Device Physical Interfaces
Device Firmware
Insecure Network Services
Insecure Network Traffic
Authentication vulnerabilities
Authorization vulnerabilities
Denial of Service (DoS) attacks
Live demos
Device security
Extraction of flash content
Memory extraction
JTAG debugging
Traffic manipulation of IoT devices
Hacking RF and using SDR tools
Firmware Extracting & Reversing
Mobile app security
Communication between mobile app and IoT products – http, BLE, etc.
Client side storage
Reverse engineering mobile apps
Debugging mobile apps
Manipulation of IoT devices via its mobile app
Code patching
Server side security of IoT products
Authentication breach
Authorization bypassing
SQL injection
Parameter tampering
XSS
Command injection
Denial of Service