Log In
Or create an account -> 
Imperial Library
  • Home
  • About
  • News
  • Upload
  • Forum
  • Help
  • Login/SignUp

Index
Abusing the Internet of Things Preface
Who This Book Is For How to Use This Book Conventions Used in This Book Using Code Examples Safari® Books Online How to Contact Us Acknowledgments
1. Lights Out: Hacking Wireless Lightbulbs to Cause Sustained Blackouts
Why hue? Contolling Lights Via the Website Interface
Information Leakage Drive-by Blackouts Weak Password Complexity and Password Leaks
Controlling Lights Using the iOS App
Stealing the Token from a Mobile Device Malware Can Cause Perpetual Blackout
Changing Lightbulb State If This Then That (IFTTT) Conclusion
2. Electronic Lock Picking: Abusing Door Locks to Compromise Physical Security
Hotel Door Locks and Magnetic Stripes
The Onity Door Lock The Magnetic Stripe The Programming Port Security Issues
Microcontroller Vulnerability Master Keycode in Lock Memory Unencrypted Spare Cards
Vendor Response
The Case of Z-Wave-Enabled Door Locks
Z-Wave Protocol and Implementation Analysis Exploiting Key Exchange Vulnerability
Bluetooth Low Energy and Unlocking Via Mobile Apps
Understanding Weaknesses in BLE and Using Packet-Capture Tools Kevo Kwikset Mobile App Insecurities
Conclusion
3. Assaulting the Radio Nurse: Breaching Baby Monitors and One Other Thing
The Foscam Incident
Foscam Vulnerabilities Exposed by Researchers Using Shodan to Find Baby Monitors Exposed on the Internet Exploiting Default Credentials Exploiting Dynamic DNS The Foscam Saga Continues
The Belkin WeMo Baby Monitor
Bad Security by Design Malware Gone Wild
Some Things Never Change: The WeMo Switch Conclusion
4. Blurred Lines: When the Physical Space Meets the Virtual Space
SmartThings
Hijacking Credentials Abusing the Physical Graph SmartThings SSL Certificate Validation Vulnerability
Interoperability with Insecurity Leads to … Insecurity
SmartThings and hue Lighting SmartThings and the WeMo Switch
Conclusion
5. The Idiot Box: Attacking “Smart” Televisions
The TOCTTOU Attack
The SamSung LExxB650 Series The Exploit
You call that Encryption?
Understanding XOR I call it Encraption
Understanding and Exploiting the App World
Decrypting Firmware Cursory Exploration of the Operating System Remotely Exploiting a SamSung Smart TV
Inspecting Your Own Smart TV (and other IoT devices)
Say Hello to the Pineapple Mark V Capturing credentials and stripping TLS
Conclusion
6. Connected Car Security Analysis: From Gas to Fully Electric
Tire Pressure Monitoring System (TPMS)
Reversing TPMS Communication Eavesdropping and Privacy Implications Spoofing Alerts
Exploiting wireless connectivity
Injecting CAN Data Bluetooth Vulnerabilities Vulnerabilities in Telematics Significant Attack Surface
Tesla Model S
Locate and Steal a Tesla the Old Fashioned Way Social Engineering Tesla Employees and the Quest for Location Privacy Handing Out Keys to Strangers Or Just Borrow Someone’s Phone Additional Information and Potential Low Hanging Fruit Auto Pilot and the Autonomous Car
Conclusion
7. Secure Prototyping: littleBits and cloudBits
Introducing the cloudBit Starter Kit
Setting Up the cloudBit Designing the SMS Doorbell Oops, We Forgot the Button!
Security Evaluation
WiFi Insecurity, Albeit Brief Sneaking in Command Execution One Token to Rule them All Beware of Hardware Debug Interfaces
Abuse Cases in the Context of Threat Agents
Nation States, Including the NSA Terrorists Criminal Organizations Disgruntled or Nosy Employees Hacktivists Vandals Bullying Predators
Bug Bounty Programs Conclusion
8. Securely Enabling our Future: A Conversation on Upcoming Attack Vectors
The Thingbots Have Arrived The Rise of the Drones Cross Device Attacks Hearing Voices IoT Cloud Infrastructure Attacks Backdoors The Lurking Heartbleed Diluting the Medical Record The Data Tsunami Targeting Smart Cities Inter Space Communication Will be a Ripe Target The Dangers of Superintelligence Conclusion
9. Two Scenarios: Intentions and Outcomes
The Cost of a Free Beverage
There’s a Party at Ruby Skye Leveraging the “Buzz Word” The Board Meeting
A Case of Anger, Denial, and Self Destruction
The Benefit of LifeThings Social Engineering Customer Support by Spoofing SMS The (In)Secure Token Total Ownage The Demise of LifeThings
Conclusion
About the Author Copyright
  • ← Prev
  • Back
  • Next →
  • ← Prev
  • Back
  • Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion