Book description
Drawing from the real-life exploits of five highly regarded IoT security researchers, Practical IoT Hacking teaches you how to test IoT systems, devices, and protocols to mitigate risk.
The book begins by walking you through common threats and a threat modeling framework. You'll develop a security testing methodology, discover the art of passive reconnaissance, and assess security on all layers of an IoT system. Next, you'll perform VLAN hopping, crack MQTT authentication, abuse UPnP, develop an mDNS poisoner, and craft WS-Discovery attacks.
You'll tackle both hardware hacking and radio hacking, with in-depth coverage of attacks against embedded IoT devices and RFID systems.
You'l also learn how to:
Write a DICOM service scanner as an NSE module Hack a microcontroller through the UART and SWD interfaces Reverse engineer firmware and analyze mobile companion apps Develop an NFC fuzzer using Proxmark3 Hack a smart home by jamming wireless alarms, playing back IP camera feeds, and controlling a smart treadmill
The tools and devices you'll use are affordable and readily available, so you can easily practice what you learn. You can also download this book's code examples at the link provided below the description.
Whether you're a security researcher, IT team member, or hacking hobbyist, youll find Practical IoT Hacking indispensable in your efforts to hack all the things.
REQUIREMENTS: Basic knowledge of Linux command line, TCP/IP, and programming
Publisher resources
Table of contents
- Foreword
- Acknowledgments
- Introduction
-
Part I: The IoT Threat Landscape
- Chapter 1: The IoT Security World
- Chapter 2: Threat Modeling
- Chapter 3: A Security Testing Methodology
-
Part II: Network Hacking
- Chapter 4: Network Assessments
-
Chapter 5: Analyzing Network Protocols
- Inspecting Network Protocols
- Developing a Lua Wireshark Dissector for the DICOM Protocol
- Building a C-ECHO Requests Dissector
-
Writing a DICOM Service Scanner for the Nmap Scripting Engine
- Writing an Nmap Scripting Engine Library for DICOM
- DICOM Codes and Constants
- Writing Socket Creation and Destruction Functions
- Defining Functions for Sending and Receiving DICOM Packets
- Creating DICOM Packet Headers
- Writing the A-ASSOCIATE Requests Message Contexts
- Reading Script Arguments in the Nmap Scripting Engine
- Defining the A-ASSOCIATE Request Structure
- Parsing A-ASSOCIATE Responses
- Writing the Final Script
- Conclusion
- Chapter 6: Exploiting Zero-Configuration Networking
-
Part III: Hardware Hacking
- Chapter 7: UART, JTAG, and SWD Exploitation
- Chapter 8: SPI and I2C
- Chapter 9: Firmware Hacking
-
Part IV: Radio Hacking
-
Chapter 10: Short Range Radio: Abusing RFID
- How RFID Works
-
Attacking RFID Systems with Proxmark3
- Setting Up Proxmark3
- Updating Proxmark3
- Identifying Low- and High-Frequency Cards
- Low-Frequency Tag Cloning
- High-Frequency Tag Cloning
- Simulating RFID Tags
- Altering RFID Tags
- Attacking MIFARE with an Android App
- RAW Commands for Nonbranded or Noncommercial RFID Tags
- Eavesdropping on the Tag-to-Reader Communication
- Extracting a Sector’s Key from the Captured Traffic
- The Legitimate RFID Reader Attack
- Automating RFID Attacks Using the Proxmark3 Scripting Engine
- RFID Fuzzing Using Custom Scripting
- Conclusion
- Chapter 11: Bluetooth Low Energy
- Chapter 12: Medium Range Radio: Hacking Wi-Fi
- Chapter 13: Long Range Radio: LPWAN
-
Chapter 10: Short Range Radio: Abusing RFID
-
Part V: Targeting the IoT Ecosystem
- Chapter 14: Attacking Mobile Applications
- Chapter 15: Hacking the Smart Home
- Tools for IoT Hacking
- Index
Product information
- Title: Practical IoT Hacking
- Author(s):
- Release date: March 2021
- Publisher(s): No Starch Press
- ISBN: 9781718500907
You might also like
book
Hacking Kubernetes
Want to run your Kubernetes workloads safely and securely? This practical book provides a threat-based guide …
book
Hands on Hacking
A fast, hands-on introduction to offensive hacking techniques Hands-On Hacking teaches readers to see through the …
book
The IoT Hacker's Handbook: A Practical Guide to Hacking the Internet of Things
Take a practioner’s approach in analyzing the Internet of Things (IoT) devices and the security issues …
book
Hacking APIs
An Application Programming Interface (API) is a software connection that allows applications to communicate and share …