1
00:00:01,610 --> 00:00:08,530
Hi there, welcome back to this course. In this lesson, I will talk about IoT Pentest methodology.

2
00:00:09,590 --> 00:00:17,060
We can start by defining three phases which make up the methodology for carrying out the Pentests of Iot

3
00:00:17,060 --> 00:00:17,890
devices.

4
00:00:18,650 --> 00:00:24,590
The first phase is used to define the attack surface of the Iot device.

5
00:00:25,040 --> 00:00:33,010
The next phase is the actual VAPT phase of the device on the base or the defined attack surface.

6
00:00:33,470 --> 00:00:40,370
The last phase consists in the preparation of the documentation and final reporting.

7
00:00:42,340 --> 00:00:50,590
The process of attack surface mapping consists of: the collection of information on the device to be

8
00:00:50,590 --> 00:00:51,380
tested.

9
00:00:52,470 --> 00:01:01,110
That is documentation, manuals, online resources, then understanding of the global architecture of

10
00:01:01,110 --> 00:01:11,700
the device or Iot system, list of components, that is hardware, embedded devices, firmware, software

11
00:01:11,700 --> 00:01:21,680
and applications, radio communications. And then identify the attack vectors for each component of

12
00:01:21,680 --> 00:01:22,620
the architecture.

13
00:01:25,950 --> 00:01:35,280
In this figure, we can see a Broadlink universal remote device and the FCC ID code of the device is

14
00:01:35,280 --> 00:01:44,370
indicated with the red arrow, which is then useful for retrieving information on the device itself.

15
00:01:48,170 --> 00:01:59,810
From the fccid.io web site, it is possible by entering the FCC ID code of the device

16
00:02:00,140 --> 00:02:05,180
to do a search, retrieving technical data of the device.

17
00:02:07,750 --> 00:02:17,140
So entering, for example, the FCC ID code of the Broadlink universal remote device and performing

18
00:02:17,140 --> 00:02:26,470
the search. You'll get technical data of the device very useful for a possible subsequent phase of

19
00:02:26,470 --> 00:02:28,630
vulnerability assessment.

20
00:02:30,730 --> 00:02:40,360
You can also download a whole series of technical manuals related to the operation of the device.

21
00:02:43,500 --> 00:02:50,220
Often there are also photos of the printed circuit board of the device from which information about

22
00:02:50,520 --> 00:02:52,950
the hardware can be detected visually.

23
00:02:57,160 --> 00:03:05,740
So going into the detail of a complete vulnerability assessment of an Iot architecture, it is necessary

24
00:03:06,460 --> 00:03:14,890
to contemplate tests relating to: the hardware of the Iot device, the network and radio communication

25
00:03:14,890 --> 00:03:26,980
protocols used by the Iot device, cloud and Web services tests, and any mobile app used for the management

26
00:03:26,980 --> 00:03:30,760
of the Iot architecture should be tested.

27
00:03:33,760 --> 00:03:36,130
OK, this lesson ends here.

28
00:03:36,700 --> 00:03:39,010
Thank you for your attention bye