Abusing the Internet of Things: Blackouts, Freakouts, and by Nitesh Dhanjani

By Nitesh Dhanjani

This e-book is a marvellous factor: an immense intervention within the coverage debate approximately details safeguard and a realistic textual content for individuals attempting to enhance the situation.— Cory Doctorowauthor, co-editor of Boing Boing
A destiny with billions of hooked up "things" comprises enormous protection issues. This useful booklet explores how malicious attackers can abuse well known IoT-based units, together with instant LED lightbulbs, digital door locks, child screens, shrewdpermanent TVs, and hooked up cars.

If you’re a part of a workforce growing purposes for Internet-connected units, this advisor may also help you discover defense options. You’ll not just the way to discover vulnerabilities in current IoT units, but additionally achieve deeper perception into an attacker’s tactics.

• research the layout, structure, and safety problems with instant lights systems
• know how to breach digital door locks and their instant mechanisms
• study protection layout flaws in remote-controlled child monitors
• assessment the safety layout of a collection of IoT-connected domestic products
• Scrutinize safeguard vulnerabilities in shrewdpermanent TVs
• discover examine into safety weaknesses in shrewdpermanent cars
• Delve into prototyping options that tackle safety in preliminary designs
• study believable assaults eventualities in keeping with how humans will most likely use IoT units

Show description

Read or Download Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts PDF

Best security books

Data-Driven Security: Analysis, Visualization and Dashboards

Discover hidden styles of knowledge and reply with countermeasures

Security pros want all of the instruments at their disposal to extend their visibility for you to hinder protection breaches and assaults. This cautious consultant explores of the main strong ? facts research and visualization. You'll quickly know the way to harness and wield info, from assortment and garage to administration and research in addition to visualization and presentation. utilizing a hands-on strategy with real-world examples, this publication exhibits you ways to assemble suggestions, degree the effectiveness of your defense tools, and make larger decisions.

Everything during this ebook can have useful software for info safety professionals.

is helping IT and safety execs comprehend and use information, to allow them to thwart assaults and comprehend and visualize vulnerabilities of their networks
contains greater than a dozen real-world examples and hands-on workouts that exhibit the right way to research safety information and intelligence and translate that info into visualizations that make undeniable how one can hinder assaults
Covers issues comparable to tips on how to collect and get ready protection info, use easy statistical the way to observe malware, are expecting rogue habit, correlate defense occasions, and extra
Written by means of a group of famous specialists within the box of safeguard and knowledge analysis

Lock down your networks, hinder hacks, and thwart malware by way of bettering visibility into the surroundings, throughout the facility of information and safety utilizing information research, Visualization, and Dashboards.

Fundamentals of Computer Security

This e-book provides sleek recommendations of laptop defense. It introduces the elemental mathematical history essential to keep on with machine defense ideas. glossy advancements in cryptography are tested, ranging from private-key and public-key encryption, facing hashing, electronic signatures, authentication, mystery sharing, group-oriented cryptography, pseudorandomness, key institution protocols, zero-knowledge protocols, and id, and completing with an creation to trendy e-bussiness structures in line with electronic funds.

Security Protocols XVII: 17th International Workshop, Cambridge, UK, April 1-3, 2009. Revised Selected Papers

This e-book constitutes the completely refereed post-proceedings of the seventeenth foreign Workshop on safeguard Protocols, SP 2009, held in Cambridge, united kingdom, in April 2009. The 17 revised complete papers awarded including edited transcriptions of a few of the discussions following the shows have passed through a number of rounds of reviewing, revision, and choice.

Security in Network Coding (Wireless Networks)

This ebook covers a chain of safeguard and privateness concerns in community coding, and introduces 3 concrete mechanisms to deal with them. those mechanisms leverage conventional cryptographic primitives and nameless protocols, and are redesigned to slot into the recent framework of community coding. those 3 mechanisms are MacSig, a brand new message authentication technique for network-coded platforms; P-Coding, a brand new encryption scheme to safe network-coding-based transmissions; and ANOC, a brand new nameless routing protocol that seamlessly integrates nameless routing with community coding.

Additional info for Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts

Sample text

A password requirement of at least six characters FIGURE 1-8. Accounts are locked for one minute after two failed login attempts CONTROLLING LIGHTS VIA THE WEBSITE INTERFACE 15 This scenario is high risk, because all the attacker needs to do is go through usernames (when they are in the form of email addresses) and passwords that have been compromised and posted publicly and test the credentials on the hue site. In this way, attackers can easily harvest hue accounts and gain the ability to change the state of people’s lightbulbs remotely.

This connection is used by the bridge to pick up commands that are routed through the hue website (or the iOS app, if the user is remote). It is possible for a flaw to exist in the implementation of ZLL or the encryption used by the bridge. However, to exploit the issue, the attacker would need to be physically close to the victim (to abuse an issue with ZLL) or be able to intercept and inject packets on the network segment. Since the probability of this issue is low, it is not deemed to be a critical risk, although the potential is worth stating.

In this situation, the user needs to prove physical ownership by pressing the 16 CHAPTER 1: LIGHTS OUT—HACKING WIRELESS LIGHTBULBS TO CAUSE SUSTAINED BLACKOUTS button on the bridge. At this point, the iOS app instructs the user to do so, as shown in Figure 1-9. FIGURE 1-9. 0 Content-Length: 71 {"username":"[username DELETED]","devicetype":"iPhone 5"} Note that the value of the username field sent here is the same as the one sent in the previous request, which failed because the iOS app was running for the first time on the particular device.

Download PDF sample

Rated 4.51 of 5 – based on 44 votes