Index.
A
abuse types (see threat agents)
access tokens, 99, 210-213, 233
Accessory Protocol Interface Module (APIM), 166
Advanced Encryption Standards (AES), 50
advertising packet, 47
advertising, targeted, 244
Amazon Echo, 234-238
amplitude-shift keying (ASK) modulation, 160
Anonymous, 221
Apple, 99, 189
(see also iOS; iOS apps)
apps
Kevo Kwikset door lock, 45, 50-57
malicious, 166
native binaries, 124
Skype, 143-145
SmartThings (see SmartThings)
WeMo Switch, 78-83
Arduino microcontrollers, 41, 42
attack types (see threat agents)
attack vectors, future (see future threats)
audio-based personal assistants, 234-238
authentication challenge, 168
authentication, single- versus two-factor, 99
autopilot versus autonomous car technology,
185-187
B
baby monitors, 59-84
Belkin WeMo, 68-83, 84, 106
exploiting default credentials, 64-64
exploiting Dynamic DNS, 65-66
Foscam, 61-67, 84
history of, 59-60
locating on the Internet, 62
backdoors, 239
Barr, Aaron, 221
Belkin
WeMo baby monitor (see WeMo baby moni-
tor)
WeMo Switch, 78-83
blackouts
drive-by, 13
perpetual, 25
Bluetooth Low Energy (BLE), 45-50, 57
brute-force attacks vulnerability, 49
crackle tool, 50
packet-capture tools, 47-50
weaknesses in, 46-50
Bluetooth vulnerabilities in connected cars,
166-167
Bostrum, Nick, 247
botnets, 231
Brocious, Cody, 38, 41
brute-force attacks, 49, 174
buffer overflow attacks, 166
bug bounty programs, 227-228
bullying, 226-227
Burp Suite, 179
BusyBox system, 125C
CAN (controller area network) data, 159, 164-166
card security codes, 39
clear-text password reset link, 100
cloud-based attacks, 238-239265