Skip to content

Embedded and IoT Security

Awesome

Awesome Embedded and IoT Security Awesome

A curated list of awesome resources about embedded and IoT security. The list contains software and hardware tools, books, research papers and more.

Botnets like Mirai have proven that there is a need for more security in embedded and IoT devices. This list shall help beginners and experts to find helpful resources on the topic.
If you are a beginner, you should have a look at the Books and Case Studies sections.
If you want to start right away with your own analysis, you should give the Analysis Frameworks a try. They are easy to use and you do not need to be an expert to get first meaningful results.

Items marked with 💶 are comercial products.

Software Tools

Software tools for analyzing embedded/IoT devices and firmware.

Analysis Frameworks

Analysis Tools

  • Binwalk - Searches a binary for "interesting" stuff, as well as extracts arbitrary files.
  • cwe_checker - Finds vulnerable patterns in binary executables - ELF support for x86, ARM, and MIPS, experimental bare-metal support.
  • emba - Analyze Linux-based firmware of embedded devices.
  • Firmadyne - Tries to emulate and pentest a firmware.
  • Firmwalker - Searches extracted firmware images for interesting files and information.
  • Firmware Slap - Discovering vulnerabilities in firmware through concolic analysis and function clustering.
  • Ghidra - Software Reverse Engineering suite; handles arbitrary binaries, if you provide CPU architecture and endianness of the binary.
  • Radare2 - Software Reverse Engineering framework, also handles popular formats and arbitrary binaries, has an extensive command line toolset.
  • Trommel - Searches extracted firmware images for interesting files and information.

Extraction Tools

  • FACT Extractor - Detects container format automatically and executes the corresponding extraction tool.
  • Firmware Mod Kit - Extraction tools for several container formats.
  • The SRecord package - Collection of tools for manipulating EPROM files (can convert lots of binary formats).

Support Tools

  • JTAGenum - Add JTAG capabilities to an Arduino.
  • OpenOCD - Free and Open On-Chip Debugging, In-System Programming and Boundary-Scan Testing.

Misc Tools

  • Cotopaxi - Set of tools for security testing of Internet of Things devices using specific network IoT protocols.
  • dumpflash - Low-level NAND Flash dump and parsing utility.
  • flashrom - Tool for detecting, reading, writing, verifying and erasing flash chips.
  • Samsung Firmware Magic - Decrypt Samsung SSD firmware updates.

Hardware Tools

  • Bus Blaster - Detects and interacts with hardware debug ports like UART and JTAG.
  • Bus Pirate - Detects and interacts with hardware debug ports like UART and JTAG.
  • Shikra - Detects and interacts with hardware debug ports like UART and JTAG. Among other protocols.
  • JTAGULATOR - Detects JTAG Pinouts fast.
  • Saleae - Easy to use Logic Analyzer that support many protocols 💶.
  • Ikalogic - Alternative to Saleae logic analyzers 💶.
  • HydraBus - Open source multi-tool hardware similar to the BusPirate but with NFC capabilities.
  • ChipWhisperer - Detects Glitch/Side-channel attacks.
  • Glasgow - Tool for exploring and debugging different digital interfaces.
  • J-Link - J-Link offers USB powered JTAG debug probes for multiple different CPU cores 💶.

Bluetooth BLE Tools

  • UberTooth One - Open source 2.4 GHz wireless development platform suitable for Bluetooth experimentation.
  • Bluefruit LE Sniffer - Easy to use Bluetooth Low Energy sniffer.

ZigBee Tools

  • ApiMote - ZigBee security research hardware for learning about and evaluating the security of IEEE 802.15.4/ZigBee systems. Killerbee compatible.
  • Atmel RZUSBstick - Discontinued product. Lucky if you have one! - Tool for development, debugging and demonstration of a wide range of low power wireless applications including IEEE 802.15.4, 6LoWPAN, and ZigBee networks. Killerbee compatible.
  • Freakduino - Low Cost Battery Operated Wireless Arduino Board that can be turned into a IEEE 802.15.4 protocol sniffer.

SDR Tools

  • RTL-SDR - Cheapest SDR for beginners. It is a computer based radio scanner for receiving live radio signals frequencies from 500 kHz up to 1.75 GHz.
  • HackRF One - Software Defined Radio peripheral capable of transmission or reception of radio signals from 1 MHz to 6 GHz (half-duplex).
  • YardStick One - Half-duplex sub-1 GHz wireless transceiver.
  • LimeSDR - Software Defined Radio peripheral capable of transmission or reception of radio signals from 100 KHz to 3.8 GHz (full-duplex).
  • BladeRF 2.0 - Software Defined Radio peripheral capable of transmission or reception of radio signals from 47 MHz to 6 GHz (full-duplex).
  • USRP B Series - Software Defined Radio peripheral capable of transmission or reception of radio signals from 70 MHz to 6 GHz (full-duplex).

RFID NFC Tools

  • Proxmark 3 RDV4 - Powerful general purpose RFID tool. From Low Frequency (125kHz) to High Frequency (13.56MHz) tags.
  • ChamaleonMini - Programmable, portable tool for NFC security analysis.
  • HydraNFC - Powerful 13.56MHz RFID / NFC platform. Read / write / crack / sniff / emulate.

Books

Research Papers

Case Studies

Free Training

Websites

Blogs

Tutorials and Technical Background

YouTube Channels

  • Flashback Team - A duo of hackers explaining their step by step approach to finding and exploiting vulnerabilities in embedded devices.
  • StackSmashing - Reverse engineering and hardware hacking of embedded devices.

Conferences

Conferences focused on embedded and/or IoT security.

  • Hardwear.io
  • EU, The Hague, September.
  • USA, Santa Clara, June.

Contribute

Contributions welcome! Read the contribution guidelines first.

License

CC0

To the extent possible under law, Fraunhofer FKIE has waived all copyright and related or neighboring rights to this work.