The definitive guide to hacking the world of the Internet of Things (IoT) -- Internet connected devices such as medical devices, home assistants, smart home appliances and more.
Preface
Foreword
Part One: The IoT Threat Landscape
Chapter 1: The IoT Security World
Chapter 2: Threat Modeling
Chapter 3: A Security Testing Methodology
Part Two: Network Hacking
Chapter 4: Network Assessments
Chapter 5: Analyzing Network Protocols
Chapter 6: Exploiting Zero-configuration Networking
Part Three: Hardware Hacking
Chapter 7: UART, JTAG,
and SWD Exploitation
Chapter 8: Hacking SPI and I2C
Chapter 9: Firmware Hacking
Part Four: Radio Hacking
Chapter 10: Abusing RFID
Chapter 11: Exploiting Bluetooth Low Energy
Chapter 12: Wi-Fi Hacking
Chapter 13: Exploiting LPWAN
Part Five: Targeting the IoT Ecosystem
Chapter 14: Attacking Mobile Applications
Chapter 15: Hacking the “Smart” Home
Appendix A: Tools for IoT Hacking
Fotios (Fotis) Chantzis is laying the foundation for a safe and
secure Artificial General Intelligence (AGI) at OpenAI. Previously,
he worked as a principal information security engineer at Mayo
Clinic, where he managed and conducted technical security
assessments on medical devices, clinical support systems, and
critical healthcare infrastructure.
Ioannis Stais is a senior IT security researcher and head of red
teaming at CENSUS S.A., a company that offers specialized
cybersecurity services. He has participated in dozens of security
assessment projects, including the assessment of communication
protocols, web and mobile banking services, ATMs and point-of-sale
systems, and critical medical appliances.
Paulino Calderon is a published author and international speaker
with over 12 years of experience in network and application
security. When he isn't traveling to security conferences or
consulting for Fortune 500 companies with Websec, a company he
co-founded in 2011, he spends peaceful days enjoying the beach in
Cozumel, Mexico.
Evangelos Deirmentzoglou is an information security professional
interested in solving security problems at scale. He led and
structured the cybersecurity capability of the financial tech
startup Revolut. A member of the open-source community since 2015,
he has made multiple contributions to Nmap and Ncrack.
Beau Woods is a cyber safety innovation fellow with the Atlantic
Council and a leader with the I Am The Cavalry grassroots
initiative. He is also the founder and CEO of Stratigos Security
and sits on the board of several nonprofits. Beau is a published
author and frequent public speaker.
“I recommend this book to anyone technical who manufactures IoT
devices or anyone with IoT devices in their homes or enterprise. At
a time when securing our systems and protecting our information has
never been more important, this book hits the mark.”
—Dave Kennedy, founder of TrustedSec, Binary Defense
“This book is everything you would want to learn from the subject
masters—it is an authoritative and a precious resource that both
IoT security researchers and developers will want keep close by. I
recommend this book for anyone interested in making IoT more
secure.”
—John Moor, Managing Director, IoT Security Foundation
“The authors provide a simple, effective and structured approach to
hacking IoT, covering the major attack surface of the
ecosystem.”
—Aseem Jakhar, Author of EXPLIoT Framework and Co-Founder
Payatu
“Practical IoT Hacking is an essential guide to get an
understanding on how the world around you works. This is a must
have book to add to your hardware hacking arsenal.”
—Craig Smith, author of the Car Hacker's Handbook
“Practical IoT Hacking gracefully takes on the herculean task of
introducing an organized approach to IoT device security with an
end to end, accessible and actionable set of guidance and tool
recommendations. A wide range of stakeholders in IoT product
development and manufacturing would benefit from applying this
knowledge early and often. I would recommend this book as a
required reference for anyone involved in IoT device design, or
even for personal awareness of data privacy and security for
technically oriented users.”
—J. Metzger, Director of Cybersecurity, implanted and wireless data
medical device manufacturer
“What I really like about this book is that it is useful for a wide
ranging audience: students interested in IT security, people who
are interested in securing their home network, and professionals
who want to learn how to hack and secure new IoT devices for their
colleagues or customers. This book deserves a place on your
(digital) bookshelf.”
—Stef van Dop, KPN REDteam
"I'm so thrilled to see this book available to people to take the
high level 'IoT security is important' and turn it into a practical
guide to hack these devices in an effort to expose the security
issues we must address as a community. The authors are immediately
credible on the topic, the content is superbly approachable, and
it's obvious this book and its readers will have a meaningful
positive impact on the topic."
—Robert M. Lee, CEO and Co-Founder of Dragos, Inc. and Senior SANS
Instructor
“This incredible resource provides comprehensive, hands-on
information on everything from security nuances in IoT devices and
ecosystems, to ethical disclosure of vulnerabilities, and even the
application of anti-hacking laws. We may joke about the absurdity
of Internet-connected toasters and dog dishes, but lack of IoT
security can mean real physical consequences. For those who would
test and secure the rising tide of digitally-enabled physical
objects, this is the book for you.”
—Harley Geiger, Senior Director of Public Policy, Rapid 7
“Practical IoT Hacking is an exciting book and a fantastic resource
for anyone interested in hardware hacking—from amateur to
professional. Chapter by chapter, the authors peel away layers of
complexity and demonstrate the tools and techniques used to
assess the security of IoT systems. Most importantly, the book
introduces an IoT testing framework that walks readers through not
only the technical 'how' but the context of 'what' and 'why' as
well.”
—T. Miklas, Head of Penetration Testing at a global bank
"As attack surfaces go, IoT presents the most dynamic, rapid, and
intimate expansion of the cyber domain into our daily and
professional lives. This book recognizes the opportunities and
risks of this expansion and delivers a comprehensive resource to
address them. Practically laid out into progressive areas of
exploration and focus, this book will be a learning blueprint for
IoT security newcomers, a reference for those already working in it
day-to-day, and a security roadmap for those working in IoT design
and defense. Highly recommended!"
—Casey Ellis, Founder/Chairman/CTO, BugCrowd
"Wonderful depth and breadth in the book; I hope you all consider
pre-ordering if you're keen on IoT security & research!"
—Mark Stanislav, Information Security Architect at Cisco
"Presented in a thorough and comprehensive fashion, this book is
approachable by readers with a wide range of technical abilities.
By shining much needed light on the wide attack surface and many
technical aspects involved in hacking all connected things, the
foundation of knowledge provided by this book should help in
ensuring future devices are built to be secure by design. This book
should be required reading for anyone interested in connected
device security.”
—Marc Rogers, Security Researcher
“Whether you’re deploying, defending or learning to attack IoT
devices, this book provides valuable insight into the tactics and
techniques attackers use to compromise these devices.”
—CEO, BRK Security
"An excellent book to get you started on IoT hacking . . .
definitely a must-read."
—Electronic Cats
"The best resource that is currently available to get you from zero
knowledge to a competent IoT security researcher. . . . this is the
most complete IoT hacking book to get someone with no knowledge of
the domain or even a seasoned professional, and elevate them to
level where they won’t just feel comfortable performing IoT
security research, but they’d also have all the required skills to
do so."
—Xorl
"I really recommend it, both for those who 'play' with IoT devices
in their homes, and for those who must audit these devices as part
of their work."
—Jaime Andrés Restrepo - CEO, DragonJAR.org
"It’s a comprehensive book, and it’s an important topic. . . . full
of useful examples."
—Robert Vamosi, The Hacker Mind
"Filled with tutorials and technical knowledge, this is a must-have
resource for organizations who want to [improve] their IoT security
readiness."
—Daniel Hein, Solutions Review
“For someone who wants to take a breath of fresh air and do
something interesting.”
—Cristi Vlad, YouTuber
"All of the authors contribute their considerable expertise in
cybersecurity to this book, which helps you reconceptualize threats
to the IoT."
—Solutions Review
"Practical IoT Hacking is full of great information. The book
covers a very diverse set of technologies and crosses fluidly
between the domains of hardware, software, networking, and RF."
—Craig Young, Principal Security Researcher, Tripwire
"Practical IoT Hacking is definitely a book I would recommend to
anyone involved with IoT, especially those working in any type of
cybersecurity role as well as any type of IoT developer."
—Lane Thames, Principal Security Researcher, Tripwire
"Practical IoT Hacking is a sharp well designed book that first
takes readers by the hand through the IoT landscape. It reveals why
IoT security is important and the multiple threat models and
processes that can be used in a simple but effective way"
—Matt Jerzewski, Security Researcher, Tripwire
"Practical IoT Hacking provides quite the range of information from
looking for security issues at the application layer to physical
access."
—Andrew Swoboda, Senior Security Researcher, Tripwire
"An excellent book. It's written in an understandable way, and uses
real life experiences and examples from the authors' working lives
to demonstrate both the risks and how to mitigate them. If you have
responsibility for IoT devices or applications that use them either
in your working or personal life, it's worth reading."
—Kay Ewbank, I-Programmer
Ask a Question About this Product More... |