Skip to content

Latest commit

 

History

History
41 lines (25 loc) · 2.25 KB

IoT_and_OT_Hacking.md

File metadata and controls

41 lines (25 loc) · 2.25 KB
Raw

IoT and OT Hacking

IoT and OT device hacking is performed to compromise smart devices such as CCTV cameras, automobiles, printers, door locks, washing machines, etc. to gain unauthorized access to network resources as well as IoT and OT devices.

Using the IoT and OT hacking methodology, an attacker acquires information using techniques such as information gathering, attack surface area identification, and vulnerability scanning, and uses such information to hack the target device and network.

footprinting on the MQTT protocol, which is a machine-to-machine (M2M)/“Internet of Things” connectivity protocol. It is useful for connections with remote locations where a small code footprint is required and/or network bandwidth is at a premium.

The following are the various phases of IoT and OT device hacking:

  • Information gathering
  • Vulnerability scanning
  • Launch attacks
  • Gain remote access
  • Maintain access

Gather Information using Online Footprinting Tools

  • The information regarding the target IoT and OT devices can be acquired using various online sources such as Whois domain lookup, advanced Google hacking, and Shodan search engine. The gathered information can be used to scan the devices for vulnerabilities and further exploit them to launch attacks.

  • https://www.whois.com/whois/

  • https://www.exploit-db.com/google-hacking-database type SCADA

  • "login" intitle:"scada login"

  • https://www.shodan.io/dashboard

    • port:1883
    • Search for Modbus-enabled ICS/SCADA systems:
      • port:502
    • Search for SCADA systems using PLC name:
      • “Schneider Electric”
    • Search for SCADA systems using geolocation:
      • SCADA Country:"US"

Overview of IoT and OT Traffic

  • Many IoT devices such as security cameras host websites for controlling or configuring cameras from remote locations. These websites mostly implement the insecure HTTP protocol instead of the secure HTTPS protocol and are, hence, vulnerable to various attacks. If the cameras use the default factory credentials, an attacker can easily intercept all the traffic flowing between the camera and web applications and further gain access to the camera itself. Attackers can use tools such as Wireshark to intercept such traffic and decrypt the Wi-Fi keys of the target network.