Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts

Купить бумажную книгу и читать

Название:Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts

Автор: Nitesh Dhanjani,

Издательство:

Год: 2015

Страниц:O'Reilly Media

Язык: English

Формат: epub

Размер: 43 Mb

A future with billions of connected "things" includes monumental security concerns. This practical book explores how malicious attackers can abuse popular IoT-based devices, including wireless LED lightbulbs, electronic door locks, baby monitors, smart TVs, and connected cars

If you’re part of a team creating applications for Internet-connected devices, this guide will help you explore security solutions. You’ll not only learn how to uncover vulnerabilities in existing IoT devices, but also gain deeper insight into an attacker’s tactics.

Analyze the design, architecture, and security issues of wireless lighting systems

Understand how to breach electronic door locks and their wireless mechanisms

Examine security design flaws in remote-controlled baby monitors

Evaluate the security design of a suite of IoT-connected home products

Scrutinize security vulnerabilities in smart TVs

Explore research into security weaknesses in smart cars

Delve into prototyping techniques that address security in initial designs

Learn plausible attacks scenarios based on how people will likely use IoT devices

Chapter 1Lights Out—Hacking Wireless Lightbulbs to Cause Sustained Blackouts

Why hue?

Controlling Lights via the Website Interface

Controlling Lights Using the iOS App

Changing Lightbulb State

If This Then That (IFTTT)

Conclusion

Chapter 2Electronic Lock Picking—Abusing Door Locks to Compromise Physical Security

Hotel Door Locks and Magnetic Stripes

The Case of Z-Wave-Enabled Door Locks

Bluetooth Low Energy and Unlocking via Mobile Apps

Conclusion

Chapter 3Assaulting the Radio Nurse—Breaching Baby Monitors and One Other Thing

The Foscam Incident

The Belkin WeMo Baby Monitor

Some Things Never Change: The WeMo Switch

Conclusion

Chapter 4Blurred Lines—When the Physical Space Meets the Virtual Space

SmartThings

Interoperability with Insecurity Leads to…Insecurity

Conclusion

Chapter 5The Idiot Box—Attacking “Smart” Televisions

The TOCTTOU Attack

You Call That Encryption?

Understanding and Exploiting the App World

Inspecting Your Own Smart TV (and Other IoT Devices)

Conclusion

Chapter 6Connected Car Security Analysis—From Gas to Fully Electric

The Tire Pressure Monitoring System (TPMS)

Exploiting Wireless Connectivity

The Tesla Model S

Conclusion

Chapter 7Secure Prototyping—littleBits and cloudBit

Introducing the cloudBit Starter Kit

Security Evaluation

Abuse Cases in the Context of Threat Agents

Bug Bounty Programs

Conclusion

Chapter 8Securely Enabling Our Future—A Conversation on Upcoming Attack Vectors

The Thingbots Have Arrived

The Rise of the Drones

Cross-Device Attacks

Hearing Voices

IoT Cloud Infrastructure Attacks

Backdoors

The Lurking Heartbleed

Diluting the Medical Record

The Data Tsunami

Targeting Smart Cities

Interspace Communication Will Be a Ripe Target

The Dangers of Superintelligence

Conclusion

Chapter 9Two Scenarios—Intentions and Outcomes

The Cost of a Free Beverage

A Case of Anger, Denial, and Self-Destruction

Conclusion