Ethical Hacking: Hacking the Internet of Things (IoT)

The Internet of Things (IoT) is one of the most talked about trends in technology. There are a plethora of devices being released daily (some a need, some a joke). The real issue is each device opens a new attack vector that you never saw coming.
Course info
Rating
(10)
Level
Beginner
Updated
Nov 5, 2018
Duration
2h 44m
Table of contents
Description
Course info
Rating
(10)
Level
Beginner
Updated
Nov 5, 2018
Duration
2h 44m
Description

At the core of Ethical Hacking, every Security Professional needs to have a thorough knowledge of all devices on their networks, including the Internet of Things (IoT). In this course, Ethical Hacking: Hacking the Internet of Things (IoT), you’ll see how these devices are designed to work and how to protect your infrastructure with these devices coming online. First, you'll learn about the different communication models IoT devices use, as well as the most common architectures and protocols. Next, you’ll be introduced to the different threats that IoT devices create if not managed correctly, you'll also learn about how to choose a manufacturer whose goals are also to protect your networks. Finally, you'll discover the different tools that could be used against you as well as some countermeasures you can deploy to better protect your resources. When you’re finished with this course, you’ll have a great understanding of IoT devices and how they could possibly open new attack vectors, as well as understanding that will help you as you move forward as a security professional in Ethical Hacking

About the author
About the author

Dale Meredith received his Certified Ethical Hacker and Certified EC-Counsel Instructor certifications back in 2006, as well as being a Microsoft Certified Trainer since 1998 (yes we had computers back then). Dale takes great pride in helping students comprehend and simplify complex IT concepts.

More from the author
Ethical Hacking: Cryptography
Beginner
2h 28m
Dec 3, 2018
More courses by Dale Meredith
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi everyone. My name is Dale Meredith, and I'd like to welcome you to this course, Hacking the Internet of Things or IoT, which is actually a part of the Ethical Hacking series here at Pluralsight. Now I've been a Microsoft trainer since 1998, as well as a cyber security trainer and consultant, and I've worked on several corporate 500 companies, as well as for the Department of Homeland Security on several projects. I'd love to tell you about them, but of course, then I'd have to kill you. Listen, the Internet of Things is increasingly becoming a part of our infrastructures. So much of the increase in IoT, and their communications, comes from computing devices, as well as embedded sensor systems that are used in a lot of the manufacturing machine to machine communications, as well as smart energy grids, home and building automation, wearable devices, even vehicle to vehicle communication. IoT products are often sold with outdated, as well as unpatched OS's and even applications. Also, customers often forget or they, quite frankly, don't know to change default passwords or if they do change them they use weak passwords. Protecting your resources from all these attack services is paramount for any security professional. In this course we're going to go through and make sure that you learned a couple things. We're going to focus in on the different devices that are involved in the IoT world. We'll also look at the four different communication modes that IoT devices use, as well as the massive attack surface they present. Don't worry, I won't leave you hanging. We'll also cover some of the countermeasures that you can use to secure your network. By the end of this course you're going to have a better understanding how IoT devices can be used without creating multiple attack surfaces. You'll have a better idea of how to choose the right IoT manufacturer for your solution. Because this course is a part of the Ethical Hacking series you should obviously have watched some of the previous courses within this series and be comfortable with network technologies. I hope you'll join me on this journey as we learn how to protect ourselves with Ethical Hacking: Hacking the Internet of Things course here at Pluralsight.

IoT Threat Types
Okay, let's talk about the treat types. Oh, no wait, threat. Yeah, it's a really close spelling there isn't it? When it comes to IoT, in this particular module we're going to go through and talk about a couple things. We're going to first talk about some of the vulnerabilities and hurdles that IoT creates for us, and in this we'll talk about the top threats that OWASP says that we need to be aware of. We'll also talk about, man, it is a massive attack surface. It brings so many different possible ways into your network or exposing your network into your environment, and we're going to talk about that, and I'm going to show you some of the things that we need to be worried about when it comes to simple IoT devices, and then we'll go through, and based off this attack surface, we'll look at some of the top 14 threats that, again, you should be very much aware of, and finally, we'll look at a case study, the breach of Target, and if you're not familiar with this one, this one took place back in 2013, and what we'll do is we'll go back and take a look at how attackers use the vulnerabilities, the attack surfaces, and some of these threats to breach the Target retail store. Okay, let's get going.

The Method to the Madness of IoT Hacking
Okay, now let's jump in and take a look at the method that we use when hacking IoT. So in this particular module we're going to go through and take a look at a couple things. We'll first go through and make sure you understand what IoT hacking is and what it is not. We'll then go through and talk about the different phases that we use during IoT hacking. Now these are going to look familiar because we've talked about these in the Understanding Ethical Hacking course, but we'll tart with reconnaissance. We'll then go into phase two where we'll look at some of the vulnerabilities or try to find the vulnerabilities in these devices. In phase three we'll talk about the attacks themselves, and of course, like any good attacker, we're going to then talk about how we can achieve access, followed by maintaining the access because listen, if we can't maintain access then all of our work is kind of gone to pot, right? Okay, so when you're ready to move on just go ahead and hit the next clip.

The Tools for IoT Hacking
Okay, time to have a little fun here. In this module we're going to go through and actually take a look at some tools that we can use at different stages. For example, we'll go through and take a look at some things that we can do for reconnaissance of IoT. We'll then take a look at some of the ways that we can look at vulnerabilities for IoT, and of course, we'll talk about the attacks. I can't really show you a lot of attacks because it's going to depend on the device itself. I could attack my particular device here, but that doesn't really do anything for you in your world, unless you have the exact same device as me, and that might actually be a whole other course, but don't worry, I've got plenty of things to show you here.

Our Countermeasures
Okay, so let's talk about the countermeasures. I mean, we've seen everything that we can do up to this point, right? It's probably pretty important to make sure that we understand what we can do to protect ourselves, so in this module we'll go through and we'll take a look at some of the basic, I mean basic, come on folks, things that we should make sure that these devices, how they're configured or basic technologies that we make sure that are in place. We'll then go through and take a look at what I refer to as the manufacturer guidelines, meaning when you're looking at devices this is the guidelines I would be looking at before I would decide whether or not to choose that particular manufacturer or put their devices within my network, and guess what, our friends over at OWASP, they have a top 10 of vulnerability solutions that you can deploy for IoT. So once you're ready to get going go ahead and click Next.