Learn some techniques to analyze IoT devices and discover vulnerabilities.
According to a survey conducted by ESET in early 2018, 70% of users believe that IoT devices are not secure . However, 62% said they would still buy an IoT device. These figures are reflected in the number of IoT devices that we currently find in homes and in user purchases, as in 2018 sales of smart devices exceeded the number of mobile devices sold. In fact, by 2020, according to a projection by Gartner , there will be an estimated 20 billion IoT devices in the world, a number that equates to 3 devices per inhabitant.
The variety of IoT devices is extremely wide and accessible to any user. From voice assistants, smart plugs, IP cameras, lights or thermostats to the new “wearable” devices that even denmark phone number data monitor the state of our body; all types of devices can be obtained for prices ranging from 30 to 500 dollars. Unlike previous technologies, the security analysis of IoT devices is highly complex due to the wide variety of devices and software available on the market.
However, while their analysis can be complex, it is good to start with some known vulnerabilities and some very useful techniques for gaining information.
Information Disclosure
The first thing you should look for when analyzing an IoT device is all the information that is visible. Many devices provide – sometimes on purpose and sometimes by mistake – information about their configuration, interactions, traffic or other files that can be useful to better understand their functionality, the environment they are connected to or even personal data about the user. In these cases, this information is visible, it is just a matter of knowing how to look for it.
Some things you can check are:
Search engines: Not everything on the Internet is web pages. Just as there is Google to help us find the websites we need, there are also other search engines that, instead of indexing websites, are dedicated to scanning and collecting ports and public services on the Internet , many of which belong to IoT devices. Services like Shodan or Cencys are definitely a good place to start looking for devices to investigate.
Unencrypted protocols : Computers that communicate via HTTP or any other unencrypted protocol are generally very easy to spy on, since it is enough to use a proxy as an intermediary to see all the traffic from these devices.
Metadata: data that refers to the data, that is, it describes the content of the files or their information, such as quality, conditions, history, availability and other data characteristics. In the case of IoT devices, we can find, for example, information about the user's network or even their habits and consumption.
Public APIs: An API is an interface that specifies how different software components should interact. When these APIs are public, that is, anyone on the network can access them, they can be used to integrate the device's functionality with external services or to obtain information about it. APIs are very diverse and each one is implemented differently, however, it is enough to know their methods and their interface to be able to interact with them. In public APIs, this information is usually found on the Internet publicly for developers. For example, in some Google devices, such as Chromecast or the voice assistant, we can find an HTTP API that uses the GET and POST methods and the JASON formats to interact with other computers. Although it is not an officially documented API, research has already been published with the syntax that should be used. In the following image, you can see information about a Google Mini device, such as the version and the network it is connected to, as well as the activation times: