IoT and Embedded Device Security involves assessing the security of connected devices, embedded systems, firmware, and hardware components to identify vulnerabilities that could lead to unauthorized access, data exposure, or device compromise. The assessment includes firmware extraction and analysis, reverse engineering, secure boot validation, hardware interface testing (UART, JTAG, SWD), flash memory analysis, and the identification of hardcoded credentials, insecure configurations, and exposed debug interfaces.
The security review also covers device communication protocols and embedded system controls, including MQTT, BLE, Zigbee, CoAP, and other network services. Key activities include evaluating authentication and authorization mechanisms, encryption implementations, secure storage practices, firmware update processes, and device-to-device or device-to-cloud communications. The objective is to strengthen the security posture of IoT and embedded environments by identifying risks and providing remediation recommendations aligned with industry security best practices
IoT Core Concepts Cheat Sheet
| Area | Core Concept | What You Should Understand |
|---|
| IoT Basics | Definition | Physical devices connected to internet for data exchange and control |
| Architecture | Device → Cloud → App | IoT systems are layered: device, communication, cloud, application |
| Device Layer | Embedded System | Hardware (MCU/SoC) running firmware controlling sensors/actuators |
| Firmware | Embedded Software | Low-level code stored in flash memory controlling device behavior |
| OS in IoT | RTOS / Embedded Linux | Lightweight operating systems used in devices |
| Sensors | Data Input | Components that collect real-world data (temperature, motion, light, etc.) |
| Actuators | Physical Output | Components that perform actions (motor, lock, relay, etc.) |
| Communication | Data Transfer | How device talks to cloud/app using protocols |
| Protocols | MQTT / HTTP / CoAP | Lightweight communication protocols used in IoT systems |
| Wireless Tech | Wi-Fi / BLE / Zigbee | Common connectivity methods in IoT devices |
| Cloud Layer | Backend System | Stores data, manages devices, provides APIs |
| APIs | Device Control | Interfaces used by apps/cloud to control IoT devices |
| Mobile App | User Interface | App used to control and monitor IoT devices |
| Data Flow | End-to-End Flow | Sensor → Device → Network → Cloud → App |
| Boot Process | Device Startup | How firmware loads and initializes hardware |
| Secure Boot | Integrity Check | Ensures only trusted firmware runs on device |
| OTA Updates | Firmware Updates | Remote updates pushed to devices |
| Debug Interfaces | UART/JTAG/SWD | Hardware access points used for debugging/testing |
| Memory | Flash / RAM | Storage for firmware and runtime execution |
| Constraints | Limited Resources | Low CPU, memory, and power in IoT devices |
| Security Model | Weak by Design | Often minimal security compared to servers |
IoT & Embedded Device Pentesting Scope
- Firmware extraction and unpacking
- File system analysis
- Reverse engineering of binaries
- Hardcoded credential discovery
- Configuration review
- Firmware update mechanism assessment
- Secure boot validation
- UART interface assessment
- JTAG/SWD interface testing
- Flash memory extraction
- Debug interface enumeration
- Physical attack surface identification
- Hardware tamper resistance evaluation
- MQTT security assessment
- BLE security testing
- Zigbee protocol analysis
- CoAP security evaluation
- Device-to-device communication testing
- Device-to-gateway communication assessment
- Encryption and certificate validation
- Authentication mechanism review
- Access control validation
- Privilege escalation testing
- Sensitive data storage analysis
- Configuration security review
- Service enumeration and attack surface mapping
- Identify vulnerabilities in firmware, hardware, and communication protocols.
- Assess device security posture against unauthorized access and compromise.
- Evaluate exposed debug interfaces and embedded services.
- Validate secure implementation of authentication, encryption, and update mechanisms.
- Provide remediation guidance to improve the security of IoT and embedded systems.
Tools
| Tool | Purpose |
|---|
| Binwalk | Firmware extraction, file system identification, and analysis. |
| Firmwalker | Discovery of credentials, keys, configuration files, and sensitive data within firmware. |
| Strings | Extraction of readable text for identifying hardcoded secrets and configurations. |
| Ghidra | Static analysis, decompilation, and reverse engineering of firmware binaries. |
| IDA Free | Advanced binary analysis and reverse engineering. |
| Radare2 | Open-source framework for firmware analysis and debugging. |
| Tool | Purpose |
|---|
| dd | Raw memory and firmware extraction from storage devices. |
| Flashrom | Reading, writing, and verification of SPI flash memory. |
| CH341A Programmer | Hardware-based firmware dumping and recovery. |
| FTDI/UART Adapter | Access to serial consoles for device interaction and analysis. |
| OpenOCD | Access to JTAG and SWD debugging interfaces. |
| Tool | Purpose |
|---|
| Wireshark | Packet capture and protocol analysis. |
| Tcpdump | Command-line network traffic capture and monitoring. |
| Nmap | Network discovery, service enumeration, and attack surface identification. |
| Mitmproxy | Traffic interception and communication analysis. |
| Tool | Purpose |
|---|
| MQTT Explorer | MQTT broker and topic analysis. |
| Mosquitto Pub/Sub | MQTT communication testing and message manipulation. |
| BLEah / Gatttool | Bluetooth Low Energy enumeration and security assessment. |
| Zigbee2MQTT | Zigbee traffic monitoring and protocol analysis. |
| CoAP Tools | Constrained Application Protocol testing and validation. |
| Tool | Purpose |
|---|
| UART-to-USB Adapter | Serial communication and console access. |
| Logic Analyzer | Digital signal capture and protocol decoding. |
| Oscilloscope | Electrical signal analysis and hardware debugging. |
| JTAGulator | Identification of UART, JTAG, and debug interfaces. |
| Multimeter | Hardware diagnostics and circuit verification. |
| Soldering Kit | Physical access and hardware modification. |