After discussing some IoT security issues and my lab on IRC, I was asked if I had a blog post on setting up an IoT testing lab. The major question that I was asked in additional places is what tools (mainly hardware) I use to evaluate IoT devices.
In this post, I'll highlight some of the hardware tools that I use to evaluate IoT. This post will be mostly high level and some assumptions will be made.
Define your goal
Before going buck wild and ordering every piece of equipment possible, take some time to actually define what is it that you want to do and get out of your lab/assessment.
- Hardware testing?
- Firmware testing?
- Communications testing?
- How in depth are you looking to go?
- Assessing security and practices vs. vulnerability discovery and exploitation
Just some basic questions...
In my lab, I may have several different goals (professionally and personally) and/or devices to test. That being said, I have several different pieces of hardware for testing. Before you begin this journey, you should first understand some of the standard communication interfaces/protocols commonly used by IoT devices. Here are just some protocols to get you started:
- WiFi (802.11a/b/g/n/ac)
- Zigbee/Zwave (802.15.4)
- Bluetooth Low Energy (BLE)
Keep in mind that IoT devices can use a multitude of application/network protocols. For example:
- IPSec (yea, that's right. Some devices open vpn tunnels)
It is important to understand WHY manufacturers use these protocols!!!
Cool, ProToxin, they have different protocols...but what tools do you use to actually assess these protocols?!
Below are some of the main tools that I use to evaluate IoT system security. For convenience sake, I have included links to each for purchasing...you are welcome.
- WiFi (standard 802.11)
- ALFA USB WIFI AWUS036NEH - https://hakshop.com/collections/wireless-gear/products/alfa-usb-wifi-awus036neh
- SENA UD100 - https://store.pwnieexpress.com/product/sena-ud100-industrial-bluetooth-usb-adapter/
- Bluetooth Low Energy (BLE)
- Ubertooth One - http://greatscottgadgets.com/ubertoothone/
- Zigbee/ZWave (passive)
- Atmel RZ RAVEN USB Stick - Digi-Key http://bit.ly/3T8MaK
- Buspirate - https://www.sparkfun.com/products/12942
- Throwing Star LAN Tap - https://www.wallofsheep.com/collections/lan-taps/products/throwing-star-lan-tap-kit-assembly-required
Total cost for tools: ~$293 USD
IMPORTANT: The Atmel dongle will only allow for passive attacks. In order to carry out active Zigbee attacks, you will need to flash the dongle. Follow the guide in the ReadMe here: https://github.com/riverloopsec/killerbee. Add about ~$102 USD to project cost.
UPDATE (4/18): You can purchase a pre-flashed RzRaven (Atmel usb dongle) here: https://www.attify-store.com/collections/frontpage/products/zigbee-sniffing-tool-atmel-rzraven
I cannot stress enough how important it is to first understand your goals and what you want to evaluate before embarking on a purchasing spree.
While tools are cool, they are only part of the equation. The next part that you need to ensure that you have is a testing/lab network. There are a ton of networking components out there. It's best to get yourself a cheap firewall (the Zywall USGs are not too bad), a basic switch, and standard wireless AP. Again, nothing too fancy on the network side; just making a lab net that mimics a real world one. You will want to ensure that you can test with AND without Internet. ;)
This was just a quick post to show some resources for IoT testing. I am planning out a series in which I will show these tools in action and how to carry out security assessments with IoT for your clients.
Have a favorite tool for IoT hacking? Reach out on Twitter and discuss why.
Until next time,