Gaining Shell Access via UART Interface Part 1

The Internet of Things (IoT) is the network of physical devices, vehicles, home, appliances, vehicle, and other items embedded with electronics, software, sensors, actuators, and connectivity which enables these objects to connect and exchange data.

A word on Security

IoT is the next big technology which will change the way we communicate and exchange data among each other. Every day thousands of IoT devices are coming into the market, the majority of which collect, share, and exchange data among each other. Due to lack of security awareness and guideline/standards to be followed, the majority of IoT Devices are inherently insecure and pose a real threat to the people. Thus, understanding and learning the security of IoT device is of utmost importance.

In a nutshell, securing an IoT Network involves securing following interfaces –

  1. Web Application Interface
  2. Mobile Application Interface
  3. Cloud Interface
  4. Secure Protocol Implementation – Protocols like Bluetooth, Zigbee, CoAP, MQTT, etc.
  5. Hardware Interface – UART, JTAG, SPI, I2C

Since all the interfaces cannot be discussed in a single post, I am restricting this post to UART. We will also see how one can gain shell access of an IoT Device by exploiting UART.

At the Hardware level, the device communicates and exchanges data with each other in 2 ways – Serial or Parallel Communication.

In Serial Communication, 1 bit of data is transferred at a time. Example –USB, Ethernet, etc. They all use serial communication for sending and receiving the data.

In Parallel Communication a block of data is transferred at a time. In parallel communication, each bit of data requires a separate line for sending the data. Since each bit is transmitted on a separate channel, parallel communication takes more space than serial communication.

Thus, serial communication is widely used in embedded devices since they take less space, unlike (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Nitesh Malviya. Read the original post at: