Abusing the Internet of Things

cloudBit, 190-202
evaluating security risks with, 204-216
access tokens, 210-213
hardware debug interfaces, 213-216
WiFi, 205-210
setup, 192-198
SMS doorbell design, 199-202
starter kit components, 190-191
.cmk files, 140
connected car security, 157-188
autopilot/autonomous car technology, 185-187
CAN data, 159
exploiting wireless connectivity, 163-170
injecting CAN data, 164-166
password security, 174-177
session token storage risk, 181
significant attack surface, 169-170
social engineering threats, 178-179
telematics vulnerabilities, 167-168
Tesla, 170-188
(see also Tesla)
third-party app risks, 179-181
tire pressure monitoring system (TPMS),
158-163, 187
crackle, 50
cross-device attacks, 233
cryptography (see encryption)
cyberbullies, 226-227
cyberterrorism, 218

D
data origin authentication key, 44
denial of service (DoS) attacks, 221
digital spread spectrum, 60
disgruntled employees, 219-221
Disruption-Tolerant Networking (DTN), 247
door locks, 37-58
Bluetooth Low Energy (BLE), 45-50
hotel door locks, 38-43
magnetic stripes, 39-41
master keycard creation, 41
microcontroller vulnerability, 41
Onity HT lock, 38-38
programming port, 41
security issues, 41-43
unencrypted spare cards, 42
unlocking via mobile apps, 45-57
Z-Wave protocol, 43-45
drive-by blackouts, 13
drones, 232-233

Dynamic DNS, 65

dynamic link libraries, 124

E

Egyptian lock, 37

electrical power dependence, 1

electronic control units (ECUs), 159

employees as threats, 219-221

encryption, 129-136, 154

exeDSP binaries, 125, 126, 128, 139

F

Facebook, 228

Firestone, 158

Ford, 158

Foscam baby monitors, 61-67, 84

exploiting default credentials, 64-64

exploiting Dynamic DNS, 65

locating on the Internet, 62

Fouladi, Behrang, 44

frame encryption key, 44

frequency-shift keying (FSK) modulation, 160

future threats, 231-249

backdoors, 239

drones, 232-233

Heartbleed, 240-240, 248

interspace communication, 246-247

IoT cloud-based infrastructure attacks, 238-239

medical records data tampering, 241-244

smart cities, 245-246, 249

speech-recognition technologies, 234-238

superintelligence, 247-248

targeted ads, 244

thingbots, 231

G

Gates, Bill, 77, 247

Ghanoun, Sahand, 44

Good, Irving John, 247

Google, 99

Grattafiori, Aaron, 142

Gumstix expansion board, 126-129

H

HackerOne, 228

hacktivists, 221-222

Halligan, Ryan Patrick, 226

hardware debug interfaces, 213-216

266 INDEX