Francesco Ongaro and Pasquale Fiorillo were featured speakers on September 22, 2023, at the event "Sempre Connessi all'Innovazione", a collaboration between ISGroup and Phoenix Informatica.
The concept of the Internet of Things (IoT) has become increasingly pervasive in our daily lives. In the past, IoT systems were primarily confined to industrial environments, driven by initiatives like Industry 4.0. Today, IoT devices, which combine hardware, software, and Internet connectivity (often cloud-based), are found everywhere, even in consumer products. These include smart home devices, energy management solutions, Smart Grids, and even appliances that begin to show intelligence, such as refrigerators that track food and ovens that start cooking before we arrive home.
From a security perspective, an IoT object can be divided into two distinct worlds: the physical object and the cloud. In this context, we focus on the physical component, which consists of various elements, including the processor, interfaces, data storage, and secrets like service access credentials, as well as sensors and Internet connectivity.
The processors of IoT objects can be divided into two main categories: microcontrollers, which perform specific operations without a full operating system, and more complex devices with processors similar to those in computers and smartphones, running full operating systems. These operating systems can vary, but are often based on Linux or derivatives like Android or WebOS.
In the process of analyzing the security of an IoT object, the device is examined in detail. All components on the board are described, and the chips are identified. Connectors, which could represent potential access points for attackers, are also identified. If the chip containing the software and operating system is located, extraction is performed, which can be more or less invasive. If direct extraction is not possible, the communication between the chip and other board components is analyzed until the communication protocol is deciphered. Subsequently, the extracted firmware is examined and studied through reverse engineering tools, allowing for an understanding of its operation and revealing any vulnerabilities.
