Training overview:

Your project intends to use a physical device and thereby enters the world of Internet of Things (IoT)? Your app uses state-of-the-art security but how does the IoT device impact the overall security? Does the device jeopardize the success of the company by exposing your data and making the project prone to a data breach? In this bootcamp you will learn the essential tasks to assess an IoT device and for its security evaluation.

This training slips you into the role of a full-stack engineer of the (fictitious) startup “TrackR4”. Your company is leading the vehicle tracking industry. The last year your team developed a new app and it is ready to ship. Besides the app the company decides to introduce a new hardware tracking solution last minute. The all-in-one box provides GPS, Internet via 3G, ethernet as well as serial and digital interfaces. You get two days to assess some evaluation devices and to report in with a Go/NoGo decision to buy 10 000 pieces. No pressure 😉

This bootcamp aims to teach the process of security testing of an Internet of Things (IoT) device. You will will learn to use tools and vender resources and the device itself to conduct tests in order to evaluate the security of the device and its ecosystem. This hands-on-training is lab based. After teaching the theoretical background and methods, you will be provided with challenges which are based on the device under test. The labs are guided by the instructors and outlined by a written guide.

Target group: Any software engineers, interested in learning the process of security testing of an Internet of Things (IoT) device.

Participant requirements: Software engineering or system administration background with limited or no skills in hardware security.

Training content:

This training aims to cover the most common and hazardous security vulnerabilities of Internet of Things (IoT) devices, based on the OWASP IoT Top 10. First, we will start with basic penetration testing techniques like port scanning, service discovery and a wireless wiretap. After creating a threat model and populating it with vendor information, more advanced attacks are developed. Via extraction of the firmware the security test moves from a black box test to a grey box test and we will test for known vulnerabilities as well as discover new vulnerabilities. After spotting a possible vulnerability an exploit is prototyped, in order to proof the exploitability and to assess the resulting risk. After that, we will move from software attacks to hardware assessment, so that you learn to analyze the circuit board (PCB) and possible attack vectors.
With a logic analyzer, we will capture the logic signal of some wires and you will learn to transform the signals in a form usable with a computer. With this ability the hunt for debug interfaces begins. Is the device prone to manipulation, as the attacker opens the case? You will learn the stages of the boot process and how to interfere with it. The last part is a man-in-the-middle attack between on-board components of the PCB.

After the technical evaluation of the device, we will learn to rate vulnerabilities and how to communicate with the vendor of the device in order to improve the quality of the next builds.

• Methodology of security tests
• IoT threat model
• Device fingerprinting
• Using vendor information and open source intel
• Vulnerability discovery
• Firmware extraction
• Reverse engineering of firmware
• PoC exploit development
• Dumping firmware via hardware and software
• Circuit board (PCB)
• Bus communication systems and interfaces
• Debug interfaces
• Boot loader
• Man-in-the-middle attacks
• Vendor communication

Further information:

Hardware requirements: All participants should bring a Laptop (see below) and are provided with a Virtual Machine.

• Dual core processor (i5/i7), 8GB RAM, 40 GB of harddisk (SSD)
• Run VMs
• Connect USB devices
• Change IP address of the host system

Maximum number of participants: 12