IoT and Raspberry Pi Hacker's Toolkit

Dear readers,

The presence of IoT devices in our lives is getting more and more visible each day. Watches, lights, cars, cameras, doorbells, locks – every smart device is a potential target of a hacker’s attack. That is why we decided to dedicate our September issue to the topic of IoT hacking and to focus on a more offensive approach, using the fan favourite Raspberry Pi! Let’s dive into it!

We’re starting off with a great article Hacking IoT with IoT, in which Dan Dieterle explains how to attack an office building security camera system with Raspberry Pi. Later on we have IoT Bug Bounty 101 – this article can serve as a guide for those of you, who want to start penetration testing on IoT devices. 

In Device and Network Based Attacks the author explains and analyses various kinds of attack scenarios, targeted toward IoT devices. The next article, Raspberry Pi “Evil Server”, is a tutorial on how to install an evil server on a Raspberry Pi and how to perform different forms of cyber attacks with it. 

In Security Vulnerabilities in Using Home IoT Devices During Pandemic Period you’ll learn how the pandemic influenced IoT security and what are the newest types of IoT vulnerabilities that emerged during that time. Coming back to the topic of Raspberry Pi, in Pi-Injector you can learn how to implement this tool, which is used for keystroke injection in wireless mice and keyboards. 

Later on, in How I Learned That I Should Worry About my Connected Devices and Not Just the Morning Before a Pentest, one of our authors explains how important it is to prepare your smart device for pentesting, and how to do it properly. Then, in CVE-2021-33056 Linphone SIP Protocol Stack, the author covers a case of one of the recently discovered Linphone SIP vulnerabilities. 

If you’d like to have a little bit more variety, the last two articles are for you! One of them is a beginner-friendly tutorial on Network Vulnerability Scan Using OpenVAS. The second one will teach you how to Crack Password-Protected Microsoft Office Documents. 

As you can see, this issue is full of quality articles. We hope you enjoy them, and make good use of the knowledge they are providing. 

We would like to thank our amazing contributors, reviewers, and proofreaders, without whom this issue wouldn’t be possible. 

Stay safe and enjoy!

---

Table of Contents

Hacking IoT with IoT

Daniel W. Dieterle

IoT (Internet of Things) vs IOT - reminiscent of the old Mad Magazine “Spy vs Spy” cartoon where there were two identical-looking cartoon spies of different colors that were always trying to kill each other. The rise of vulnerable deployed IoT devices and the offensive use of IoT devices is skyrocketing. In this article, we will cover attacking an IoT device, an office building security camera system, with another IoT device, a Raspberry Pi.

---

IoT Bug Bounty 101: Hacking the Internet of Things From a Beginner Point of View

Mark Antwi Acquaisie

IoT bug bounty compared to the other categories has a more flexible entry barrier, targets can be easily found because of performing very easy tasks, it’s less competitive as compared to the other categories and due to the wide market demand of IoT devices, manufacturers keep on making unsecured products. You might be wondering, what does it take, where do I go and how do I join this fun but educative and adventurous journey that comes with a reward? How cool is that? This article will serve as a guide for persons wanting to start penetration testing on IoT devices.

---

Device and Network Based Attacks

Mukul Kantiwal

IoT security is an important field that spreads over device security, network security and a lot more. To dive into IoT security, one should have a basic knowledge of the Linux operating system and basic knowledge of computer networks. The reason is that these devices communicate over the network and are majorly created by using the components of Linux-based operating systems. This article provides an overview of Bootloader, MQTT and AMQP. As for the network-based attacks, we investigate two issues, one of them being the RAM overflow vulnerability in the Mosquitto (MQTT) service running on a machine and we were able to terminate the service using our attack.

---

Raspberry Pi "Evil Server"

Atlas Stark

A vast assortment has been written about various Raspberry Pi projects and add-ons to date and all of them are fun and useful in their own way. This article is geared for anyone that is interested in getting started with the Raspberry Pi platform in the realm of penetration testing or security research. Even if you are an experienced Pi user, this tutorial may provide you with an additional set of skills that you can implement in your research or accompany you on your next engagement.

---

Security Vulnerabilities in Using Smart Home IoT Devices During Pandemic Period. A Case Study on Personal and Business Impacts

Lochana Koralage

During this period of global chaos caused by the pandemic, a ‘new norm’ has set out around the world. This new norm has resulted in a set of new threats and vulnerabilities, social and cultural impacts, mental and physical health issues, etc. Through this case study, the security impacts set out by the use of home IoT devices, such as baby monitors, are to be discussed in general, and in specific relation to special conditions set out by the pandemic situation, Covid-19, starting at the end of 2019, continuing for almost two years.

---

Pi-Injector

Mayank Tanna

Pi-Injector is a tool used for keystroke injection in wireless mice and keyboards using Raspberry Pi. This works with certain types of vulnerable mice and keyboards that are still used today. Many companies in the current day and age are using dated wireless mice and keyboards, which enables hackers to easily gain access - which in turn may lead to data breach, privilege escalation, etc.

---

How I Learned That I Should Worry About my Connected Devices and Not Just the Morning Before a Pentest

Jean-Georges Valle 

A common question is shared by both the young and ruthless pentester preparing for a connected or embedded device test and the (probably hired last minute) IoT Security analyst, shot into a project that has to hit the market in two weeks, while having to face a firmware development team that discreetly tests if crosses and holy water reveals the demon (Robin from testing “involuntarily” dropping a glass of “totally mundane” water on you this morning? You bet…) they are sure he is. This article explains how important it is to prepare your smart device for pentesting, and how to do it properly.

---

CVE-2021-33056 Linphone SIP Protocol Stack

Felipe Hifram

For starters, in case you are not familiar with SIP, it is a protocol whose abbreviation means "Session Initiation Protocol", it is a fundamental basis in the communication of systems (including IoT) that use video and voice, and is very present in companies of different sectors. Widely used in security systems, such as more modern cameras and doorbells, as reported by Claroty itself, the company responsible for discovering the vulnerability described in this article.

---

Network Vulnerability Scan Using OpenVAS

Matheus Rebouças

OpenVAS is an open-source vulnerability scanner developed by Greenbone Networks, which can perform unauthenticated as well as authenticated scans. In this article you will learn how to install, create targets, tasks and generate reports using OpenVAS.

---

Crack Password Protected Microsoft Office Documents

Dr. Akashdeep Bhardwaj

The password protection of Microsoft Office files prevents falsification and ensures data integrity. However, documents with passwords secured from previous versions of Office may be retrieved and hashes extracted. It just takes a few seconds to recover hashes from Microsoft Office files that are password-protected. Although encryption standards have changed throughout the years across various Office programmers, neither can handle some of the instruments utilized in this laboratory experiment.