Practical IoT Hacking

The definitive guide to hacking the world of the Internet of Things (IoT) - Internet connected devices such as medical devices, home assistants, smart home appliances and more.

Written by all-star security experts, Practical IoT Hacking is a quick-start conceptual guide to testing and exploiting IoT systems and devices.

Drawing from the real-life exploits of five highly regarded IoT security researchers, Practical IoT Hacking teaches you how to test IoT systems, devices, and protocols to mitigate risk.

The book begins by walking you through common threats and a threat modeling framework. You’ll develop a security testing methodology, discover the art of passive reconnaissance, and assess security on all layers of an IoT system. Next, you’ll perform VLAN hopping, crack MQTT authentication, abuse UPnP, develop an mDNS poisoner, and craft WS-Discovery attacks.

You’ll tackle both hardware hacking and radio hacking, with in-depth coverage of attacks against embedded IoT devices and RFID systems.

You’ll also learn how to:

• Write a DICOM service scanner as an NSE module
• Hack a microcontroller through the UART and SWD interfaces
• Reverse engineer firmware and analyze mobile companion apps
• Develop an NFC fuzzer using Proxmark3
• Hack a smart home by jamming wireless alarms, playing back IP camera feeds, and controlling a smart treadmill

The tools and devices you’ll use are affordable and readily available, so you can easily practice what you learn. Whether you’re a security researcher, IT team member, or hacking hobbyist, you’ll find Practical IoT Hacking indispensable in your efforts to hack all the things

REQUIREMENTS: Basic knowledge of Linux command line, TCP/IP, and programming

About the Authors

Fotios Chantzis is a principal information security engineer at the Mayo Clinic. He has been a member of the core Nmap development team since 2009 and is the creator of Ncrack, Nmap's network authentication cracking tool.

Ioannis Stais is a senior IT security researcher and Head of Security Testing at CENSUS S.A., a company that builds on strong research foundations to offer specialized IT security services to customers worldwide.

Paulino Calderon is the cofounder of Websec, a company offering information security consulting services. He has been consulting with international companies (including Fortune 500 companies) for over 9 years.

Evangelos Deirmentzoglou is a senior security engineer at Revolut, a unicorn fintech startup offering banking services, where he works to identify how security practices can be adapted in an agile and ever-changing environment. He is the main contributor of Ncrack, Nmap's network authentication cracking tool.

Beau Woods has worked on IoT security issues for over a decade. He currently works with the United States Congress, US agencies, and foreign governments on IoT policy, including the UK Code of Practice for IoT.