WS-4 | WORKSHOP

Practical Wireless Exploitation for IoT devices – Pentester edition

by Arun Magesh and Mounish P

WORKSHOP ABSTRACT

Practical Wireless Exploitation for IoT devices – Pentester Edition is a new class by Attify which enables the attendees to get started with finding vulnerabilities in the Internet of Things through wireless techniques.

This is a fast-paced class with labs, demos and concepts to teach about the various communication mediums which are used in IoT devices and how you as an attacker can exploit those.

For this class, we will focus on two prominent Wireless channels – Bluetooth Low Energy and Zigbee.

These protocols enable some of the most popular categories of connected devices including smart home automation devices, smart meters, Industrial Control Systems, Smart Alarms, Refrigerators, Medical devices and many others by being the key component for the radio communication and data transfer.

The course takes a practitioner's approach in looking at the communication, identifying vulnerabilities and performing numerous attacks in order to take over a given smart device.

COURSE OUTLINE

  • Introduction to IoT Wireless
  • How IoT devices communicate wirelessly
  • Previous security issues in IoT devices
  • Tools of the Trade

Getting started with BLE and Zigbee

  • BLE - Introduction, Architecture and Components
  • Profiles, Handlers, Services and Characteristics
  • BLE device association
  • Zigbee and IEEE 802.15.4
  • Topology, addresses, profiles, PAN and channels
  • Zigbee security modes

SETTING UP YOUR OWN LAB

  • Attify vulnerable devices and VM
  • Xbee, Arduino, BLE dongle, Zigbee Sniffer and other hardware
  • Configuring BLE and Zigbee devices

BLE SECURITY ANALYSIS

  • BLE Devices recon
  • Connecting to a BLE device
  • Reading characteristics, services and handlers
  • Sniffing BLE packets
  • Analyzing packet captures

BLE EXPLOITATION

  • Writing custom values to handlers
  • Taking control of devices
  • Automating using tools and python scripting
  • Exploiting Beacons

ZIGBEE SNIFFING AND FRAME ANALYSIS

  • Capturing Zigbee communication
  • Packet structure, commands in packets and additional analysis
  • Reverse engineering ZigBee packet captures

ZIGBEE EXPLOITATION

  • Modifying and replaying packet captures
  • Smart-device takeover
  • Additional ways of exploiting Zigbee based devices

CONCLUSION

  • QnA
  • Additional discussions
  • Previous pentesting case studies (if time permits)

PREREQUISITE

  • Basic understanding of networking concepts
  • Familiarity with Linux
  • Experience of scripting languages will be a plus

PREREQUISITE MATERIAL

  • Bring your own laptop installed with a Virtualisation software.
  • Ensure that you have admin access on the system.
  • Minimum 25 GB disk space and 4GB RAM is required in order to run the VM smoothly.

WHAT STUDENTS WILL BE PROVIDED WITH

  • IoT exploitation VM with Zigbee tools pre-installed
  •  Course material and slides
  • Hardware (to use in class) - Commercial Smart Devices, RzRaven USB sticks, custom created boards with Xbee, Arduino and sensors etc.

DURATION

1 day

WHO SHOULD ATTEND

  • IoT Security Enthusiasts
  • Web/Mobile Pentesters
  • Embedded Developers

SPEAKERS

Arun Magesh

IoT Security Researcher

Arun Magesh works as IoT security expert with Attify and has worked on numerous smart devices pentest in the past couple of years. With an electrical engineering academic background, he serves as a core committee member for several IoT local chapters and hackerspaces in India, where he regularly delivers talks and hands-on workshops. He has 5+ years hands-on experience in both building and breaking IoT devices and has been previously awarded for India’s Top 25 under 25 technologist and Intel Software Innovator. His main focus area in IoT is embedded device and SDR security. He has also build and contributed to a number of projects such as Brain-Computer interfacing and Augmented Reality solutions. He is also the lead content creator for Offensive IoT Exploitation and Practical SDR Exploitation for IoT device courses and has delivered training to numerous governmental and private organizations around the world.

Mounish P

IoT Security Researcher

Mounish is an IoT penetration tester and security researcher at Attify. During his work at Attify, he created and developed hardware devices such as Attify Badge and Damn Vulnerable IoT device. He has researched extensively on serial interfacing techniques, exploiting Zigbee, Zwave and 6LoWPAN. In his previous roles, he was involved in developing embedded systems for automated water treatment plants and solar plant monitoring. He is an active speaker at the local IoT and Embedded device development meetups.