FIGURE 7-25. Additional IFTTT recipe to sound buzzer
Imagine waking up in the middle of the night with your doorbell screeching at you non-
stop. Some may have the courage to immediately check who is at the front door, only to be
further confused upon realizing there is no one there but the doorbell is still ringing. These
are the types of use cases—and abuse cases—designers need to begin to understand early on
in the prototyping process so that every subsequent iteration of their product lowers the prob-
ability of that product being abused to harm or inconvenience their customers.
Beware of Hardware Debug Interfaces
IoT devices often include hardware ports that are useful for debugging; they require physical
access to the device. Tinkerers and security researchers have found that it is often possible to
change the functionality of devices by using physical debug interfaces to modify the firmware.
It is also often possible to uncover stored secrets such as encryption keys that may be stored
on the device. If the same encryption key is used on all other devices of the same type, attack-
ers can use this information to compromise the integrity of other devices by having one-time
access to a candidate device and extracting the information.
Universal Asynchronous Receiver Transmitter (UART) chips are commonly found on
microcontrollers and often leveraged to implement debug functionality. They use serial (one
bit at a time at a specified rate) communication to transmit information between an attached
SECURITY EVALUATION 213