IoT Security Cheat Sheet

2 min read
Introduction

While doing IoT security testing of a system a robust and foolproof assessment methodology is needed as these systems have multiple interacting components. If the assessment does not follow a set methodology, critical points of the IoT Security Testing could be missed.

In this blog, we will provide you with an IoT Security Cheat Sheet that you can use while doing an IoT system’s penetration testing. We’ll divide the attack surface into conceptual layers and divide the IoT Security Cheat Sheet accordingly.

  1. IoT Security Cheat Sheet
  2. IoT Threat Modelling
  3. Top IoT Security Threats
  4. Genymotion For Linux
  5. Run Kali Linux as a Windows Subsystem

1.Passive Reconnaissance (OSINT)

Test cases to look for in this type of IoT Security Cheat Sheet are:

  • Patents.
  • User Knowledge.
  • Manuals and Documents.

2. Hardware or Physical layer

Test cases to look for in this type of IoT Security Cheat Sheet are:

  • Boot environment.
  • Debug ports.
  • Peripheral interfaces.
  • Locks.
  • Firmware.
  • Tamper protection.

3. Network layer

There are 3 phases in this IoT Security Cheat Sheet:

Reconnaissance

  • Host Discovery
  • Operating System Identification
  • Topology Mapping
  • Service Version detection

Network protocols/services testing

  • Network traffic analysis
  • Vulnerability scanning
  • Service exploitation

Wireless protocol testing

  • Authentication
  • Encryption
  • Perception layer vulnerabilities

4. Web Application Testing

Test cases to look for in this type of IoT Security Cheat Sheet are:

  • Applcation Mapping
  • Access controls/Authorization
  • Client-side controls
  • Authentication
  • Session management
  • Application server
  • Input validation
  • Logical flaws

5. Cloud Security Testing

Test cases to look for in this type of IoT Security Cheat Sheet are:

  • Web Application connectivity
  • Remote support
  • API requests/responses
  • Hardcoded secrets

6. Mobile Application testing

Test cases to look for in this type of IoT Security Cheat Sheet are:

  • Packaging
  • API requests/responses
  • Application

7. Review of Host Configurations

Test cases to look for in this type of IoT Security Cheat Sheet are:

  • Patch level
  • User Accounts
  • Account privileges
  • Password strength
  • Data encryption
  • Server misconfiguration
  • Remote maintenance
  • Filesystem Access controls

Rahul Gehlaut

A highly experienced cyber security professional with expertise in network security, web/app security, mobile application security, API security, penetration testing, and red teaming. With a diverse background in the field, I am dedicated and passionate, constantly seeking to stay ahead in the ever-evolving world of cyber security.
View All Articles

Related Posts