Introduction to IoT and Hardware Hacking

Introduction

Over the last decade, the IoT landscape has witnessed significant growth, with an estimated 13 billion devices currently connected, and this number is rapidly expanding with each passing year. Projections suggest that the count could soar to 40 billion in the next decade. This proliferation of connected devices underscores the critical need for robust security measures. Consequently, there has never been a better time to learn about IoT security.

Why Combine IoT and Hardware Hacking – Is Hardware Knowledge Essential for IoT Hacking?

IoT hacking shares similarities with other hacking disciplines like web, network, mobile, and even cloud. However, it presents a unique attack surface due to the accessibility of hardware to consumers, security researchers, and adversaries alike. Hardware vulnerabilities in IoT devices can have significant repercussions. For example, a smart lock that could be unlocked from the outside by accessing the keypad pcb.

Even if hardware security isn’t a priority for manufacturers, access to the hardware can facilitate the discovery of vulnerabilities in other attack surfaces such as web portals or interconnectivity to cloud backends. With this in mind, it’s still possible to get into IoT hacking and start finding vulnerabilities without spending a dime on hardware or knowing anything about it.

What Background Experience is Necessary for IoT Hacking?

While IoT hacking shares commonalities with other hacking domains, it also requires baseline knowledge of each of those avenues and their intersections with each other. Personally, I wouldn’t recommend starting with IoT hacking if you’re brand new to ethical hacking or cybersecurity. Instead, I’d recommend starting with a broader intro to ethical hacking. The Practical Ethical Hacking course on TCM Academy provides a solid foundation for beginners. If you’re absolutely new to hacking, I’d suggest starting with that before moving into IoT hacking (which we also offer a course on).

Ethical Hacking and Legal Considerations

As with other forms of ethical hacking, it’s imperative to adhere to the golden rule of “don’t hack or test anything you don’t own and/or have permission to hack or test.” Not only is this rule essential for remaining ethical, it can also keep you out of big legal trouble! Violating this rule can have severe legal repercussions, including potential jail time! Additionally, there are also potential legal concerns with testing and reverse engineering firmware. In the United States, software like firmware is protected by the DMCA (and other regulations) and reverse engineering it can violate DMCA protections. While there are exceptions for security testing and research under the DMCA, it’s essential to stay abreast of regulatory changes and regional laws.

However, you shouldn’t take this blog’s word for it. Regulations frequently change and you may be subject to different laws in your region. You should do your own research on the legalities in your specific region and time frame. Alternatively, using firmware designed for learning IoT security (we’ll talk about some examples in this article), or participating in IoT bug bounty programs with reverse engineering firmware in the scope can help you stay on the right side of the law.

Getting Started in IoT Hacking Without Breaking the Bank

Before we can start hacking, we need to pick up a few tools. We’ll discuss the essential tools and gear needed to build a small toolbox affordably. I’m covering this in the first part of the series so that in the further articles you can already have everything required to follow along. I’m going to assume that you’ve already got a computer to use so that won’t be included.

The “FREE.99” Option: Hardware Hacking on a Budget

IoT hacking can be pursued without spending a dollar or even laying a hand on any hardware. While this isn’t my favorite approach and you may miss out on some vulnerabilities and the advantages that having access to the hardware gives, it’s a valid approach for learning, doing security research, or hunting for bugs.

The firmware, which constitutes the bundle of software running on an IoT device, typically includes components enabling the IoT device to boot up and perform its intended functions. Generally, the firmware comprises elements such as the bootloader, the operating system, or custom code running the device’s operations, alongside additional artifacts like files, tools, scripts, or data. In this getting started series, we’ll specifically focus on devices running embedded Linux due to its prevalence in IoT devices and its similarity to desktop versions of Linux familiar to most hackers. In embedded Linux systems, the firmware comprises three main components, the bootloader (which we’ll examine further in this series), the Linux kernel, and the root file system (RFS). The RFS contains all of the files, binaries, libraries, scripts, and even more that enable the IoT device to function. While the other aspects of the firmware may introduce vulnerabilities worth investigating, the majority of hacker interest lies in the RFS.

IoT Hackers want to obtain the firmware to analyze it and scrutinize it for vulnerabilities. Often, firmware can be acquired without direct access to the device, as manufacturers make it available for download for consumer updates or fixes. Alternatively, beginners can utilize custom firmware designed for learning IoT hacking, such as the one designed for this series,or the IoT GOAT firmware by OWASP.

Once we acquire the firmware, analysis involves attempts to unpack, decrypt, decompress, analyze, and reverse engineer it in order to identify vulnerabilities. Most tools used for this purpose are open source and free to download. This process, known as static firmware analysis, constitutes a significant portion of IoT security research and hacking. While conducting static analysis, you may uncover an interesting binary like a web server that you want to run, debug, or even test a potential exploit. Unfortunately, the Linux kernel and all binaries and libraries in an IoT device’s firmware are likely compiled for a CPU architecture different from that of the host system. Typically, IoT devices use either ARM or MIPs architectures. Although access to hardware can be advantageous, there are alternative methods, such as emulation.

QEMU (Quick Emulator) stands out as the most popular tool for emulating IoT hardware. It is open source and entirely free, capable of emulating various architectures encountered in IoT devices. This is a great video resource on getting started with emulating firmware:

My Favorite Part – IoT Hacking Tools

My favorite part of IoT hacking is the intersection with hardware hacking and the cool gear that comes along with it. One of my goals in this series is to share this passion with you and demonstrate the satisfaction derived from hacking and manipulating hardware firsthand, rather than just looking at a shell. A common misconception I’ve encountered is that hardware hacking is prohibitively expensive and requires expensive gear. While it is true that hardware hacking cannot be solely accomplished with a VM and open source software, it’s not necessary to empty your bank account.

My experience in assembling my personal hardware hacking toolbox has revealed that it closely aligns with the 80/20 rule. This rule states that 80% of the results come from 20% of the inputs, or in this context, the tools. Therefore, we can prioritize the essential tools- the ones yielding the most utility and results- before considering additional, specialized, and potentially expensive tools, if needed at all.

Furthermore, I’ve categorized the gear section must-haves and nice-to-haves, options at multiple price points. Want to see the entire list of must-have and nice-to-have IoT hacking tools? Head over to the full-length article at the TCM Security blog, where you'll find a detailed breakdown to get you up and going. Go here to keep reading!

Want to go deeper with IoT & hardware hacking? We offer the Practical Junior IoT Tester (PJIT), a certification exam created by Andrew Bellini to demonstrate your IoT & hardware hacking competence. 🔨