Uncategorized

Expliot: IoT Exploitation Framework (pronounced – expl-aa-yo-tee)

Expliot (Pronounced – expl-aa-yo-tee)

Internet Of Things Exploitation Framework

Expliot is a framework for security testing IoT and IoT infrastructure. It provides a set of plugins (test cases) and can be extended easily to create new plugins. The name expliot is a pun on exploit and explains the purpose of the framework i.e. IoT exploitation. It is developed in python3[…]

https://gitlab.com/expliot_framework/expliot

 

Standard
Uncategorized

list of IoT/embedded OS firmware tools

I mostly focus on Platform Firmware, UEFI, ACPI, etc. I usually don’t focus too much on IoT/embedded OS firmware, even though I blog about them. But there’s a lot of tools for the latter, and I’ve not yet added a section for them in Awesome Firmware Security[1]. And I have 2 friends who need such a list. Below is first pass at searching old blog posts for tools. Will refine and add to Awesome Firmware Security later. Please leave a Comment to point out any other major tools of this category that I’ve missed.

https://firmwaresecurity.com/2015/08/07/new-firmware-tool-angr/
https://firmwaresecurity.com/2015/09/29/firmware-re/
https://firmwaresecurity.com/2015/11/13/firmware-re-2/
https://firmwaresecurity.com/2016/02/04/fmk-qemu-firmware-analysis-video-tutorial/
https://firmwaresecurity.com/2016/02/18/firmwalker-and-firmdump/
https://firmwaresecurity.com/2016/02/28/firmadyne-automated-analysis-of-linux-embedded-firmware/
https://firmwaresecurity.com/2016/04/25/routersploit/
https://firmwaresecurity.com/2016/08/25/firminator/ Hmm, it looks like the domain firminator.io is no longer valid.
https://firmwaresecurity.com/2016/09/16/senrios-iot-firmware-security-checklist/
https://firmwaresecurity.com/2017/02/12/firmwalker/
https://firmwaresecurity.com/2017/04/08/tactical-network-solutions-unveils-firmware-evaluation-services/
https://firmwaresecurity.com/2017/04/24/fie/
https://firmwaresecurity.com/2017/08/08/insignary-launches-truthisinthebinary-com-service-for-oems/
https://firmwaresecurity.com/2017/09/03/attifys-firmware-analysis-toolkit-and-attifyos-vm/
https://firmwaresecurity.com/2017/10/30/refirm-labs-iot-firmware-security-startup/
https://firmwaresecurity.com/2017/11/15/refirm-labs-gets-1-5mil-in-funding-launches-centrifuge-platform/
https://firmwaresecurity.com/2017/12/09/trommel-analyzes-embedded-devices-for-vulnerabilities/
https://firmwaresecurity.com/2018/02/12/fact-firmware-analysis-and-comparison-tool/

[1] https://github.com/PreOS-Security/awesome-firmware-security/blob/master/README.md

Standard
Uncategorized

DMTF Redfish and PCIMG form alliance for Industrial IoT standards

DMTF and PICMG Form Alliance

DMTF and the PCI Industrial Computer Manufacturer Group (PICMG) have formed an alliance to help ensure the two organizations’ standards are coordinated and aligned in the Industrial Internet of Things (IIoT) domain.

https://www.dmtf.org/sites/default/files/PICMG_Work_Register_v1.0.pdf

https://www.picmg.org/https://dmtf.org/

Expect to see Redfish listed as 10th entry here shortly, I am guessing:

https://www.picmg.org/openstandards/

 

Standard
Uncategorized

SOF Project and Project ACRN

https://www.phoronix.com/scan.php?page=news_item&px=Sound-Open-Firmware

https://01.org/blogs/2018/introducing-acrn-and-sound-open-firmware

https://www.sofproject.org/

SOFProject: Sound Open Firmware is an open source audio DSP firmware and SDK that provides audio firmware infrastructure and development tools for developers who are interested in audio or signal processing on modern DSPs

ACRN:  a flexible, lightweight reference hypervisor, built with real-time and safety-criticality in mind, optimized to streamline embedded development through an open source platform

https://projectacrn.org/

Standard
Uncategorized

IOTA crypto issues

http://iota.org/
https://github.com/IOTAledger
https://en.wikipedia.org/wiki/IOTA_(cryptocurrency)
https://blog.iota.org/official-statement-regarding-the-mit-dci-email-leaks-ea3cacd6699a
https://blog.iota.org/iota-foundation-hires-cybercrypt-615d2df79001

“IOTA is a public distributed ledger and data transfer layer that allows transactional settlement for the Internet of Things. IOTA utilizes the Tangle, a data structure based on a Directed Acyclic Graph (DAG).”

https://spectrum.ieee.org/tech-talk/computing/networks/cryptographers-urge-users-and-researchers-to-abandon-iota-after-leaked-emails

https://github.com/mit-dci/tangled-curl/blob/master/vuln-iota.md

View story at Medium.com

Standard
Uncategorized

IETF draft-irtf-t2trg-iot-seccons: State-of-the-Art and Challenges for the IoT Security

State-of-the-Art and Challenges for the Internet of Things Security

The Internet of Things (IoT) concept refers to the usage of standard Internet protocols to allow for human-to-thing and thing-to-thing communication. The security needs for IoT systems are well-recognized and many standardization steps to provide security have been taken, for example, the specification of Constrained Application Protocol (CoAP) secured with Datagram Transport Layer Security (DTLS). However, security challenges still exist, not only because there are some use cases that lack a suitable solution, but also because many IoT devices and systems have been designed and deployed with very limited security capabilities. In this document, we first discuss the various stages in the lifecycle of a thing. Next, we document the security threats to a thing and the challenges that one might face to protect against these threats. Lastly, we discuss the next steps needed to facilitate the deployment of secure IoT systems. This document can be used by IoT standards specifications as a reference for details about security considerations applying to the specified protocol.

https://tools.ietf.org/html/draft-irtf-t2trg-iot-seccons-10

Standard