Embedded and IoT Security
Awesome Embedded and IoT Security ¶
A curated list of awesome resources about embedded and IoT security. The list contains software and hardware tools, books, research papers and more.
Botnets like Mirai have proven that there is a need for more security in embedded and IoT devices. This list shall help beginners and experts to find helpful resources on the topic.
If you are a beginner, you should have a look at the Books and Case Studies sections.
If you want to start right away with your own analysis, you should give the Analysis Frameworks a try. They are easy to use and you do not need to be an expert to get first meaningful results.
Items marked with are comercial products.
Software tools for analyzing embedded/IoT firmware.
- EXPLIoT - Pentest framework like Metasploit but specialized for IoT.
- FACT - The Firmware Analysis and Comparison Tool - Full-featured static analysis framework including extraction of firmware, analysis utilizing different plug-ins and comparison of different firmware versions.
- Improving your firmware security analysis process with FACT - Conference talk about FACT .
- FwAnalyzer - Analyze security of firmware based on customized rules. Intended as additional step in DevSecOps, similar to CI.
- Binwalk - Searches a binary for "interesting" stuff.
- Firmadyne - Tries to emulate and pentest a firmware.
- firmwalker - Searches extracted firmware images for interesting files and information.
- Firmware Slap - Discovering vulnerabilities in firmware through concolic analysis and function clustering.
- Ghidra - Software Reverse Engineering suite; handles arbitrary binaries, if you provide CPU architecture and endianness of the binary.
- Radare2 - Software Reverse Engineering framework, also handles popular formats and arbitrary binaries, has an extensive command line toolset.
- Trommel - Searches extracted firmware images for interesting files and information.
- Binwalk - Extracts arbitrary files utilizing a carving approach.
- FACT Extractor - Detects container format automatically and executes the corresponding extraction tool.
- Firmware Mod Kit - Extraction tools for several container formats.
- The SRecord package - Collection of tools for manipulating EPROM files (can convert lots of binary formats).
- JTAGenum - Add JTAG capabilities to an Arduino.
- OpenOCD - Free and Open On-Chip Debugging, In-System Programming and Boundary-Scan Testing.
- Bus Blaster - Detects and interacts with hardware debug ports like UART and JTAG.
- Bus Pirate - Detects and interacts with hardware debug ports like UART and JTAG.
- JTAGULATOR - Detects JTAG Pinouts fast.
- Saleae - Easy to use Logic Analyzer that support many protocols .
- Ikalogic - Alternative to Saleae logic analyzers .
- HydraBus - Open source multi-tool hardware similar to the BusPirate but with NFC capabilities.
- ChipWhisperer - Detects Glitch/Side-channel attacks.
- Glasgow - Tool for exploring and debugging different digital interfaces.
- J-Link - J-Link offers USB powered JTAG debug probes for multiple different CPU cores .
- 2020, Jasper van Woudenberg, Colin O'Flynn: The Hardware Hacking Handbook: Breaking Embedded Security with Hardware Attacks
- 2019, Yago Hansen: The Hacker's Hardware Toolkit: The best collection of hardware gadgets for Red Team hackers, Pentesters and security researchers
- 2019, Aditya Gupta: The IoT Hacker's Handbook: A Practical Guide to Hacking the Internet of Things
- 2018, Mark Swarup Tehranipoor: Hardware Security: A Hands-on Learning Approach
- 2017, Aditya Gupta, Aaron Guzman: IoT Penetration Testing Cookbook
- 2017, Andrew Huang: The Hardware Hacker: Adventures in Making and Breaking Hardware
- 2016, Craig Smith: The Car Hacker's Handbook: A Guide for the Penetration Tester
- 2015, Nitesh Dhanjan: Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts
- 2014, Debdeep Mukhopadhyay: Hardware Security: Design, Threats, and Safeguards
- 2014, Jack Ganssle: The Firmware Handbook (Embedded Technology)
- 2013, Andrew Huang: Hacking the XBOX
- 2019, Alrawi et al: SoK: Security Evaluation of Home-Based IoT Deployments - 2019, Abbasi et al: Challenges in Designing Exploit Mitigations for Deeply Embedded Systems - 2019, Song et al: PeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary - 2018, Muench et al: What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices - 2017, O'Meara et al: Embedded Device Vulnerability Analysis Case Study Using Trommel - 2017, Jacob et al: How to Break Secure Boot on FPGA SoCs through Malicious Hardware - 2017, Costin et al: Towards Automated Classification of Firmware Images and Identification of Embedded Devices - 2016, Kammerstetter et al: Embedded Security Testing with Peripheral Device Caching and Runtime Program State Approximation - 2016, Chen et al: Towards Automated Dynamic Analysis for Linux-based Embedded Firmware - 2016, Costin et al: Automated Dynamic Firmware Analysis at Scale: A Case Study on Embedded Web Interfaces - 2015, Shoshitaishvili et al:Firmalice - Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware - 2015, Papp et al: Embedded Systems Security: Threats, Vulnerabilities, and Attack Taxonomy - 2014, Zaddach et al: Avatar: A Framework to Support Dynamic Security Analysis of Embedded Systems' Firmwares - 2014, Alimi et al: Analysis of embedded applications by evolutionary fuzzing - 2014, Costin et al: A Large-Scale Analysis of the Security of Embedded Firmware s - 2013, Davidson et al: FIE on Firmware: Finding Vulnerabilities in Embedded Systems using Symbolic Execution
- Binary Hardening in IoT products - Deadly Sins Of Development - Conference talk presenting several real world examples on real bad implementations . - Hacking the DSP-W215, Again - Multiple vulnerabilities found in the D-link DWR-932B - Pwning the Dlink 850L routers and abusing the MyDlink Cloud protocol - PWN Xerox Printers (...again)
- Hardware Hacking 101 - Workshop @ BSides Munich 2019.
- IoTGoat - IoTGoat is a deliberately insecure firmware based on OpenWrt.
- Rhme-2017/2018 - Riscure Hack Me 3 embedded hardware CTF 2017-2018.
- Rhme-2016 - Riscure Hack me 2 is a low level hardware CTF challenge.
- Rhme-2015 - First riscure Hack me hardware CTF challenge.
- Embedded Security CTF - Microcorruption: Embedded Security CTF.
- OWASP Embedded Application Security Project - Development best practices and list of hardware and software tools.
- OWASP Internet of Things Project - IoT common vulnerabilities and attack surfaces.
- Hacking Printers Wiki
- Router Passwords - Default login credential database sorted by manufacturer.
Conferences focused on embedded and/or IoT security.
Contributions welcome! Read the contribution guidelines first.
To the extent possible under law, Fraunhofer FKIE has waived all copyright and related or neighboring rights to this work.