IoT Device Security Testing – (Without source code)
Perform the security assessment on device physical interfaces to identify the security threats such as privilege escalation, IoT device exploitation, encryption keys and priorities the risk at device level to provide with actionable mitigation steps.
|Need to know/analyze on Embedded devices software|
|Binary analysis and extracting files from the possible blocks|
|Knowing CPU architecture|
|Crypto Material – Encryption Keys, Checksum’s and more|
|Hashing all files for threat hunting in near future.|
|Enumerating Firmware functionality|
|Startup scripts or binary files n the systems|
|IP’s and URL/URI listing|
|Check for known Vulnerabilities.|
|Malware analysis – threat hunting|
|Acknowledge and view printable strings|
|Identify software components used like libraries or dependent programs|
|Java string evaluation|
|Know the unpacker|
|Users and Passwords in the file system.|
Analysis – Static and Dynamic
Dynamic Analysis : Yara + Qemu + Threat feed.
- Automatically look for signatures and record all the function calls whilst executed in emulated environment like Qemu.
- Automatically look for malicious recorded patterns using Yara as the file executes.
- Evaluate used binaries to the features specified with the device and list all the extra binaries for static analysis.
- Gather Strings and scripts along with list of services running and their version and more.
- Validate strings to any Java found.
- Dynamically test web interfaces, Api using Burp/Zap.
- Automatically list all the interface and map Attack Surfaces.
Few Results are shown below
Static Analysis : r2, Gdb,
- Using reverse engineering tools unlist all the functions and draw a call graph to identify the execution flow for all the extra binaries listed after Dynamic analysis.
- Manually analyze and validate automatically listed Attack Surface.
IoT Device Network Services Security Testing
Pentest device network service in-depth to find the potential vulnerability in the network service such as reply attacks, lack of payload verification, Unencrypted Services, Various injections and provide with actionable mitigation recommendations.
More in the next post