Understanding the Internet of Things

Oct 1, 2024

Internet of Things (IoT) Lecture Notes

Introduction to IoT

  • Definition: The Internet of Things (IoT) refers to a network of physical objects embedded with electronics, software, sensors, and network connectivity, allowing these objects to collect and exchange data.
  • Current Relevance: IoT is seen as a technological revolution, fundamentally changing how we live and work.

Historical Context of Technological Revolutions

  • Past Revolutions:
    • Mechanical Revolution (1760s): Steam engine invention.
    • Second Revolution (1870s): Introduction of electricity.
    • Third Revolution: Rise of computers and the Internet.
  • Upcoming Revolution: Focus on interconnectivity with advancements in AI, quantum computing, robotics, and biotechnology.

Evolution of IoT

a. Pre-internet era: Mobile communications and SMS. b. Internet Content: Emails and informational websites. c. Smart Platforms: E-commerce and productivity services. d. Social Networking: Creating a web of interactions. e. Machine-to-Machine Communication: Smart devices interacting.

Components of IoT

  1. Things: Various devices such as sensors in healthcare, smart homes, and agriculture.
  2. Sensors and Actuators:
    • Sensors: Collect environmental data (e.g., temperature, humidity).
    • Actuators: Perform actions based on commands received.
  3. Communicators: Enable connectivity between devices, often using Wi-Fi, RFID, Bluetooth.
  4. Controllers: Manage operations of the IoT system.

IoT Lifecycle

  1. Data Collection: Sensors gather data from the environment.
  2. Data Communication: Data is sent to a central server or cloud for processing.
  3. Data Analysis: Processed data is interpreted and analyzed.
  4. Action: Actions are taken based on the results (e.g., notifications, control commands).

IoT Architecture Layers

  1. Physical Perception Layer: Where actual devices, sensors, and actuators reside.
  2. Network Layer: Responsible for data transfer protocols and supports communication.
  3. Application Layer: Provides services to users and processes data.
  4. Semantics Layer: Manages data and enables business intelligence and decision-making.

Advantages and Applications of IoT

  • Smart cities: Traffic management, smart parking, public transport utilities.
  • Healthcare: Fall detection, medication reminders, and tracking.
  • Agriculture: Monitoring livestock health through sensor implants.
  • Smart homes: Connectivity between appliances for improved functionality.

IoT Security Challenges

  • Vulnerabilities: 90% of IoT devices are unencrypted, making them susceptible to attacks.
  • Security Issues:
    • Lack of authentication measures on resource-constrained devices.
    • Outdated OS vulnerabilities in devices (e.g., 83% of medical imaging devices).
    • Risks from poorly secured communication protocols.

Common IoT Security Threats

  • Device Integrity: Ensuring the reliability of devices and secure data transmission.
  • Software Integrity: Lack of protection against unauthorized access and malicious code.
  • Communication Protocol Threats: Vulnerabilities like man-in-the-middle attacks.
  • Hardware Vulnerabilities: Often ignored, focusing more on functionality than security.

Open Source Intelligence (OSINT) for IoT

  • Definition: Gathering data from publicly available resources.
  • Methods: Searching documents, manuals, and using search engines for specific queries (e.g., Google Dorking).
  • Tools: Shodan and Senses for finding connected devices and vulnerabilities.

Pen Testing Setup

  • Setting Up a Virtual Lab: Download and set up VirtualBox, IoT Goats, and Kali Linux.
  • Active Reconnaissance: Scanning for open ports and services on IoT devices.

Exploitation Techniques

  • Brute Force Attacks: Using tools to guess passwords for SSH or web interfaces.
  • Command Injection: Exploiting input fields in web applications of IoT devices.
  • Firmware Analysis: Extracting and analyzing firmware for vulnerabilities.

Modbus Protocol

  • Definition: A widely used industrial communication protocol for data exchange between devices.
  • Vulnerabilities: Open to exploitation due to lack of security measures.
  • Practical Attacks: Utilizing scripts to manipulate Modbus systems in industrial settings.

Conclusion

  • The IoT presents immense opportunities but also significant security challenges.
  • Understanding and addressing these challenges is vital for the safe integration of IoT technologies into everyday life.