Chapter 31 Further Reading: IoT and Embedded Systems Hacking

Books

  • "The IoT Hacker's Handbook" by Aditya Gupta (Apress, 2019). A practical guide to IoT security testing covering firmware analysis, hardware hacking, radio protocol testing, and embedded web security. Includes hands-on exercises and tool walkthroughs.

  • "Practical IoT Hacking" by Fotios Chantzis, Ioannis Stais, Paulino Calderon, Evangelos Deirmentzoglou, and Beau Woods (No Starch Press, 2021). Comprehensive coverage of IoT penetration testing methodology, including MQTT, CoAP, BLE, Zigbee, and LPWAN protocol testing. Excellent coverage of healthcare and automotive IoT security.

  • "Practical Hardware Pentesting" by Jean-Georges Valle (Packt, 2021). Focused on the hardware side of IoT security, covering PCB analysis, UART, JTAG, SPI, I2C, and side-channel attacks. Includes practical lab exercises with detailed tool setups.

  • "The Hardware Hacking Handbook" by Jasper van Woudenberg and Colin O'Flynn (No Starch Press, 2021). Advanced hardware security topics including glitching, side-channel analysis, and hardware security modules. Essential for penetration testers who want to go beyond basic hardware interface access.

  • "Hacking Connected Cars" by Alissa Knight (Wiley, 2020). Focused on automotive IoT security, covering CAN bus, cellular telematics, V2X communication, and the regulatory landscape. Relevant for understanding safety-critical IoT systems.

  • "Industrial Network Security" by Eric D. Knapp and Joel Thomas Langill (Syngress, 2014). Comprehensive coverage of ICS/SCADA security including Modbus, DNP3, EtherNet/IP, and the Purdue Model. Essential background for anyone testing industrial IoT environments.

Research Papers and Reports

  • Antonakakis, Manos, et al. "Understanding the Mirai Botnet." USENIX Security Symposium, 2017. The definitive academic analysis of the Mirai botnet, including its scanning behavior, infection mechanism, and DDoS attack patterns. Available freely online.

  • Miller, Charlie, and Chris Valasek. "Remote Exploitation of an Unaltered Passenger Vehicle." Black Hat USA, 2015. The complete technical paper on the Jeep Cherokee remote hack, detailing the cellular attack vector, QNX exploitation, and CAN bus manipulation.

  • OWASP. "Internet of Things (IoT) Top 10" (2018). The top ten IoT vulnerabilities, providing a structured framework for IoT security assessment. Categories include weak passwords, insecure network services, insecure ecosystem interfaces, lack of update mechanisms, and more.

  • NIST. "Recommendations for IoT Device Manufacturers" (NISTIR 8259, 2020). Federal guidance on IoT device security capabilities, covering device identification, device configuration, data protection, logical access, software update, and cybersecurity state awareness.

  • ENISA. "Baseline Security Recommendations for IoT" (2017). European guidance on IoT security, covering hardware, firmware, networking, and organizational security measures.

Online Resources and Training

  • Attify — IoT Security Training Platform (attify.com). Provides IoT security training courses, the AttifyOS toolkit (a Linux distribution pre-configured for IoT testing), and the Damn Vulnerable IoT Device (DVID) practice platform.

  • IoTGoat — OWASP IoT Intentionally Vulnerable Firmware. A deliberately insecure firmware project for learning IoT security testing, aligned with the OWASP IoT Top 10.

  • Firmware.RE — Firmware Analysis Platform. An online platform for automated firmware analysis, maintaining a large database of analyzed firmware images. Useful for comparative analysis and vulnerability research.

  • SANS ICS Security Courses. ICS515 (ICS Visibility, Detection, and Response), ICS410 (ICS/SCADA Security Essentials), and SEC556 (IoT Penetration Testing) provide structured training in industrial and IoT security.

  • Azeria Labs — ARM Exploit Development (azeria-labs.com). Comprehensive tutorials on ARM architecture exploitation, essential for analyzing and exploiting binaries found in IoT device firmware.

Tools and Documentation

  • Binwalk Documentation (github.com/ReFirmLabs/binwalk). Firmware analysis and extraction tool documentation, including signature scanning, entropy analysis, and extraction capabilities.

  • OpenOCD Documentation (openocd.org/doc). Open On-Chip Debugger documentation for JTAG and SWD interfacing. Covers supported adapters, target configurations, and scripting.

  • Firmadyne (github.com/firmadyne). Automated firmware analysis platform that can emulate Linux-based IoT firmware for dynamic analysis. Documentation covers setup, supported architectures, and analysis workflows.

  • KillerBee (github.com/riverloopsec/killerbee). Zigbee security testing framework documentation, covering sniffing, injection, replay attacks, and key recovery.

  • Flashrom Documentation (flashrom.org). Comprehensive documentation for SPI flash chip reading/writing, including supported programmers, chip models, and troubleshooting.

  • Mosquitto MQTT Documentation (mosquitto.org/documentation). MQTT broker and client tools documentation, including security configuration (TLS, authentication, ACLs).

Blogs and Ongoing Research

  • /dev/ttyS0 Blog (devttys0.com). Craig Heffner's blog on embedded systems security, featuring detailed firmware analysis walkthroughs, hardware reverse engineering, and tool development.

  • Pen Test Partners IoT Research (pentestpartners.com/security-blog). Regular publications on IoT security research, including automotive, medical device, smart home, and industrial IoT assessments.

  • Attify Blog (blog.attify.com). IoT security research, tool development, and training content covering firmware analysis, hardware hacking, and protocol testing.

  • Cybergibbons Blog (cybergibbons.com). Detailed hardware teardowns and security analyses of consumer IoT devices, with practical exploitation demonstrations.

  • Quarkslab Blog (blog.quarkslab.com). Advanced embedded security research including firmware reverse engineering, side-channel analysis, and secure element testing.

Standards and Regulations

  • IEC 62443 (Industrial Automation and Control Systems Security). The international standard for ICS cybersecurity, covering system security requirements, component security requirements, and security management.

  • ETSI EN 303 645 (Consumer IoT Security). European standard for consumer IoT device security, establishing baseline security requirements. Basis for the UK PSTI Act and informing the EU Cyber Resilience Act.

  • FDA Guidance on Medical Device Cybersecurity. U.S. FDA guidance documents on cybersecurity for medical devices, covering premarket submissions, postmarket management, and vulnerability disclosure. Directly relevant to MedSecure's medical devices.

  • UNECE WP.29 (Automotive Cybersecurity Regulation). United Nations regulation requiring automotive manufacturers to implement cybersecurity management systems and vehicle type approval for cybersecurity. Mandatory for new vehicle types in many countries.

  • NIST Cybersecurity for IoT Program. NIST's ongoing program developing IoT security standards, guidelines, and tools, including NISTIR 8259 series for manufacturers and NIST SP 800-183 for networks of things.

Hardware Resources

  • Joe Grand (Grand Idea Studio) — Hardware Hacking Tools and Training. Creator of the JTAGulator and veteran hardware hacker. Provides training, tools, and educational content on hardware security.

  • Samy Kamkar — Hardware and IoT Research. Security researcher known for innovative hardware hacking projects including the Proxmark clone, MagSpoof, and KeySweeper. Conference talks and tools available online.

  • Sparkfun and Adafruit Tutorials. While oriented toward makers, these sites provide excellent tutorials on serial protocols (UART, SPI, I2C), microcontroller programming, and electronic fundamentals that form the foundation of hardware security testing knowledge.