The cloud consumer facing app - cloud now government and businesses - cloud when youre assessing flaws.cloud flaws2.cloud <-- check it out Two major trends Lambda / Severless, no more stack , just code running in the cloud smart heater failed so people were freezing -- @internetofshit IoT is making its ways into enterprise -------- Hardware -------- presents whole new world for pentesters, new attack surface, physical skills using hardware techniques to dump firmware -> get source -> find Web Interface RCE vulns so it is handy !!! achievable with budget and time constraints Personal Safety Device: Analyse the hardware - understand the attack surface - look at the functionality - wifi, hook to access point and view traffic - USB, USB-oriented attacks - can get info from internet, manual, data sheets - 3G GSM , GPS, MicorUSB, Accelerometer Try simple things first before going deep - telnet with default credentials Open up the device Tamper switches Identify chips, debug ports, and read the data sheets Data and Firmware Extracting firmware and Data - download off internet - social engineer and get it / email developers/production - remove SD card - desolder the chip (wtf) Rework Station. hot iron and gluegun you need to read the chip, use universal programmer to have individual chip seperated on the board, find adapter, plug into computer, auto-detect chip. download flashed contents 8MB flash chip, 8MB binary file sitting on laptop how2analyse ??? encryption ?? firmware only connected through 3G, no endpoints, no sensitive data Intercept comms between device and cloud Bus snooping on the device ILLEGAL, SDR radio analysis of proprietary protocols Eitus Research, hackRF cutter, test sim cards ------------ 3G IMSI Catching ------------ Create a 3G network - setup test 3G network using SDR and BTS software, USRP with OpenBTS - depends on approval and country - use SIm card programmed for test network - ??? - lol failed. Bus Snooping -- wireshark for electrical signals Logic Analyser - saleae soldering the wires onto the chip serial pins that might communicate with baseband processor hooked p to saleae and that to the laptop, decode signals accross the wire AT+CFGRI=1\r\n <-- protocol to connect to modem, ATTENTION ! DO THIS processor telling the baseband AT+CIPSTATUS (are you connecting to internet) ok you have connection, can you connect to custom_apn baseband: done ! can you start TCP connection to this hidden server on port 50138 ok I will send data and communicate with the backend still needed to understand communications IMEI number, unique identifier of the device the protocol was !1, + IMEI + ;\x1a no factor of authentication, here's me, great come in and send SOS alerts, whatever you wanna do server told you if that IMEi number existed or not can spoof location data and SOS messages use Python script and interact with backend server ! How bad could it be? an attacker could spoof location data of every users, send SOS , undermine company ... you could actually spoof location, in emergency, you could kill someone indirectly ======================================================================================= ECG Test Solution ======================================================================================= the hardware -- nothing interesting the app -- nothing interesting the website -- SQLi !!! affected every user on the platform, can extract users medical data, modify or delete "this is a new system it shouldnt have this vuln?" if someone is testing themselves and they upload their results, their person may never receive medical attention if an attacker modifies the results before dotctor sees it its about the whole solution, even when you test the boring parts that matter in the end Why does this matter ? -- security of IoT solutions can impact lives IoT will be targets moving forwards ======================== Full Stack Pentesters ======================== being able to go from chip through to mobile apo through to communications through to backend communications will be very important Australia is lacking in hardware hacking, maybe take on interest in hardware hacking ? Intro to hardware hacking ! watch youtube videos and learn to do these techniques @jg_10