IoT (Internet of Things) and embedded devices present a new challenge to ethical hackers hoping to understand the security vulnerabilities these devices contain. To hack IoT interfaces as well as the integrated applications, a person requires knowledge of Python, Swift and PHP, among others. Knowledge of these programming languages, combined with the use of some IoT hacking tools, will provide you with the ability to hack several types of IoT devices.
Useful IoT hacking tools
Hacking tools make ethical hacking convenient because they help in automating the steps involved. Certified hackers can use them to perform certain functions that aid in finding loopholes in a device. Knowledge of existing flaws can then be shared with the manufacturers to help fortify their defenses better.
With that in mind, here’s a look at some of the popular IoT hacking tools that are capable of making every ethical hacker’s job easier.
Because IoT devices rely on networks to communicate with each other and with external routers, it’s crucial to find a way to capture packets and debug network information in order to find vulnerabilities. That’s where Wireshark comes in handy. Using the Export Objects feature within the tool, you can extract all of the network communication from the collected pcap data to see if an attacker is attempting to sniff the traffic generated by the IoT device.
Ethical hackers can also leverage the TCP handshake to set up a TCP communications channel in Wireshark for TCP reflection and DDoS amplification. As targets, TCP reflections DDoSing applications can be identified by programs within the network, especially those transmitting large quantities of SYN/ACK packets but receiving no response.
Fiddler is an open-source tool that enables users to track, manipulate and reuse HTTP requests. Many utilize it for debugging to see the HTTP (Read more...)
*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Chris Sienko. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/kddAklFXa78/