A curated list of awesome resources about embedded and IoT security. The list contains software and hardware tools, books, research papers and more.
Botnets like Mirai have proven that there is a need for more security in embedded and IoT devices. This list shall help beginners and experts to find helpful resources on the topic.
If you are a beginner, you should have a look at the and sections.
If you want to start right away with your own analysis, you should give the a try.
They are easy to use and you do not need to be an expert to get first meaningful results.
Items marked with 💶 are comercial products.
- Software Tools
- Hardware Tools
- Research Papers
- Case Studies
- Free Training
Software tools for analyzing embedded/IoT devices and firmware.
- EXPLIoT – Pentest framework like Metasploit but specialized for IoT.
- FACT – The Firmware Analysis and Comparison Tool – Full-featured static analysis framework including extraction of firmware, analysis utilizing different plug-ins and comparison of different firmware versions.
- Improving your firmware security analysis process with FACT – Conference talk about FACT 📺.
- FwAnalyzer – Analyze security of firmware based on customized rules. Intended as additional step in DevSecOps, similar to CI.
- HAL – The Hardware Analyzer – A comprehensive reverse engineering and manipulation framework for gate-level netlists.
- HomePWN – Swiss Army Knife for Pentesting of IoT Devices.
- IoTSecFuzz – Framework for automatisation of IoT layers security analysis: hardware, software and communication.
- Killerbee – Framework for Testing & Auditing ZigBee and IEEE 802.15.4 Networks.
- PRET – Printer Exploitation Toolkit.
- Routersploit – Framework dedicated to exploit embedded devices.
- Binwalk – Searches a binary for “interesting” stuff, as well as extracts arbitrary files.
- emba – Analyze Linux-based firmware of embedded devices.
- Firmadyne – Tries to emulate and pentest a firmware.
- Firmwalker – Searches extracted firmware images for interesting files and information.
- Firmware Slap – Discovering vulnerabilities in firmware through concolic analysis and function clustering.
- Ghidra – Software Reverse Engineering suite; handles arbitrary binaries, if you provide CPU architecture and endianness of the binary.
- Radare2 – Software Reverse Engineering framework, also handles popular formats and arbitrary binaries, has an extensive command line toolset.
- Trommel – Searches extracted firmware images for interesting files and information.
- FACT Extractor – Detects container format automatically and executes the corresponding extraction tool.
- Firmware Mod Kit – Extraction tools for several container formats.
- The SRecord package – Collection of tools for manipulating EPROM files (can convert lots of binary formats).
- JTAGenum – Add JTAG capabilities to an Arduino.
- OpenOCD – Free and Open On-Chip Debugging, In-System Programming and Boundary-Scan Testing.
- Cotopaxi – Set of tools for security testing of Internet of Things devices using specific network IoT protocols.
- dumpflash – Low-level NAND Flash dump and parsing utility.
- flashrom – Tool for detecting, reading, writing, verifying and erasing flash chips.
- Samsung Firmware Magic – Decrypt Samsung SSD firmware updates.
- Bus Blaster – Detects and interacts with hardware debug ports like UART and JTAG.
- Bus Pirate – Detects and interacts with hardware debug ports like UART and JTAG.
- Shikra – Detects and interacts with hardware debug ports like UART and JTAG. Among other protocols.
- JTAGULATOR – Detects JTAG Pinouts fast.
- Saleae – Easy to use Logic Analyzer that support many protocols 💶.
- Ikalogic – Alternative to Saleae logic analyzers 💶.
- HydraBus – Open source multi-tool hardware similar to the BusPirate but with NFC capabilities.
- ChipWhisperer – Detects Glitch/Side-channel attacks.
- Glasgow – Tool for exploring and debugging different digital interfaces.
- J-Link – J-Link offers USB powered JTAG debug probes for multiple different CPU cores 💶.
Bluetooth BLE Tools
- UberTooth One – Open source 2.4 GHz wireless development platform suitable for Bluetooth experimentation.
- Bluefruit LE Sniffer – Easy to use Bluetooth Low Energy sniffer.
- ApiMote – ZigBee security research hardware for learning about and evaluating the security of IEEE 802.15.4/ZigBee systems. Killerbee compatible.
- Atmel RZUSBstick – Discontinued product. Lucky if you have one! – Tool for development, debugging and demonstration of a wide range of low power wireless applications including IEEE 802.15.4, 6LoWPAN, and ZigBee networks. Killerbee compatible.
- Freakduino – Low Cost Battery Operated Wireless Arduino Board that can be turned into a IEEE 802.15.4 protocol sniffer.
- RTL-SDR – Cheapest SDR for beginners. It is a computer based radio scanner for receiving live radio signals frequencies from 500 kHz up to 1.75 GHz.
- HackRF One – Software Defined Radio peripheral capable of transmission or reception of radio signals from 1 MHz to 6 GHz (half-duplex).
- YardStick One – Half-duplex sub-1 GHz wireless transceiver.
- LimeSDR – Software Defined Radio peripheral capable of transmission or reception of radio signals from 100 KHz to 3.8 GHz (full-duplex).
- BladeRF 2.0 – Software Defined Radio peripheral capable of transmission or reception of radio signals from 47 MHz to 6 GHz (full-duplex).
- USRP B Series – Software Defined Radio peripheral capable of transmission or reception of radio signals from 70 MHz to 6 GHz (full-duplex).
RFID NFC Tools
- Proxmark 3 RDV4 – Powerful general purpose RFID tool. From Low Frequency (125kHz) to High Frequency (13.56MHz) tags.
- ChamaleonMini – Programmable, portable tool for NFC security analysis.
- HydraNFC – Powerful 13.56MHz RFID / NFC platform. Read / write / crack / sniff / emulate.
- 2020, Fotios Chantzis, Evangel Deirme, Ioannis Stais, Paulino Calderon, Beau Woods: Practical IoT Hacking
- 2020, Jasper van Woudenberg, Colin O’Flynn: The Hardware Hacking Handbook: Breaking Embedded Security with Hardware Attacks
- 2019, Yago Hansen: The Hacker’s Hardware Toolkit: The best collection of hardware gadgets for Red Team hackers, Pentesters and security researchers
- 2019, Aditya Gupta: The IoT Hacker’s Handbook: A Practical Guide to Hacking the Internet of Things
- 2018, Mark Swarup Tehranipoor: Hardware Security: A Hands-on Learning Approach
- 2018, Mark Carney: Pentesting Hardware – A Practical Handbook (DRAFT)
- 2018, Qing Yang, Lin Huang Inside Radio: An Attack and Defense Guide
- 2017, Aditya Gupta, Aaron Guzman: IoT Penetration Testing Cookbook
- 2017, Andrew Huang: The Hardware Hacker: Adventures in Making and Breaking Hardware
- 2016, Craig Smith: The Car Hacker’s Handbook: A Guide for the Penetration Tester
- 2015, Keng Tiong Ng: The Art of PCB Reverse Engineering
- 2015, Nitesh Dhanjan: Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts
- 2015, Joshua Wright , Johnny Cache: Hacking Wireless Exposed
- 2014, Debdeep Mukhopadhyay: Hardware Security: Design, Threats, and Safeguards
- 2014, Jack Ganssle: The Firmware Handbook (Embedded Technology)
- 2013, Andrew Huang: Hacking the XBOX
- 2020, Oser et al: SAFER: Development and Evaluation of an IoT Device Risk Assessment Framework in a Multinational Organization
- 2019, Agarwal et al: Detecting IoT Devices and How They Put Large Heterogeneous Networks at Security Risk
- 2019, Almakhdhub et al: BenchIoT: A Security Benchmark for the Internet of Things
- 2019, Alrawi et al: SoK: Security Evaluation of Home-Based IoT Deployments
- 2019, Abbasi et al: Challenges in Designing Exploit Mitigations for Deeply Embedded Systems
- 2019, Song et al: PeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary
- 2018, Muench et al: What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices
- 2017, O’Meara et al: Embedded Device Vulnerability Analysis Case Study Using Trommel
- 2017, Jacob et al: How to Break Secure Boot on FPGA SoCs through Malicious Hardware
- 2017, Costin et al: Towards Automated Classification of Firmware Images and Identification of Embedded Devices
- 2016, Kammerstetter et al: Embedded Security Testing with Peripheral Device Caching and Runtime Program State Approximation
- 2016, Chen et al: Towards Automated Dynamic Analysis for Linux-based Embedded Firmware
- 2016, Costin et al: Automated Dynamic Firmware Analysis at Scale: A Case Study on Embedded Web Interfaces
- 2015, Shoshitaishvili et al:Firmalice – Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware
- 2015, Papp et al: Embedded Systems Security: Threats, Vulnerabilities, and Attack Taxonomy
- 2014, Zaddach et al: Avatar: A Framework to Support Dynamic Security Analysis of Embedded Systems’ Firmwares
- 2014, Alimi et al: Analysis of embedded applications by evolutionary fuzzing
- 2014, Costin et al: A Large-Scale Analysis of the Security of Embedded Firmwares
- 2013, Davidson et al: FIE on Firmware: Finding Vulnerabilities in Embedded Systems using Symbolic Execution
- Binary Hardening in IoT products
- Cracking Linksys “Encryption”
- Deadly Sins Of Development – Conference talk presenting several real world examples on real bad implementations 📺.
- Dumping firmware from a device’s SPI flash with a buspirate
- Hacking the DSP-W215, Again
- Hacking the PS4 – Introduction to PS4’s security.
- IoT Security@CERN
- Multiple vulnerabilities found in the D-link DWR-932B
- Pwning the Dlink 850L routers and abusing the MyDlink Cloud protocol
- PWN Xerox Printers (…again)
- Reversing Firmware With Radare
- Reversing the Huawei HG533
- CSAW Embedded Security Challenge 2019 – CSAW 2019 Embedded Security Challenge (ESC).
- Embedded Security CTF – Microcorruption: Embedded Security CTF.
- Hardware Hacking 101 – Workshop @ BSides Munich 2019.
- IoTGoat – IoTGoat is a deliberately insecure firmware based on OpenWrt.
- Rhme-2015 – First riscure Hack me hardware CTF challenge.
- Rhme-2016 – Riscure Hack me 2 is a low level hardware CTF challenge.
- Rhme-2017/2018 – Riscure Hack Me 3 embedded hardware CTF 2017-2018.
- Hacking Printers Wiki – All things printer.
- OWASP Embedded Application Security Project – Development best practices and list of hardware and software tools.
- OWASP Internet of Things Project – IoT common vulnerabilities and attack surfaces.
- Router Passwords – Default login credential database sorted by manufacturer.
- Siliconpr0n – A Wiki/Archive of all things IC reversing.
- /dev/ttyS0’s Embedded Device Hacking
- jcjc’s Hack The World
- wrong baud
- Firmware Security
- GracefulSecurity – Hardware tag
- Black Hills – Hardware Hacking tag
Tutorials and Technical Background
- Azeria Lab – Miscellaneous ARM related Tutorials.
- JTAG Explained – A walkthrough covering UART and JTAG bypassing a protected login shell.
- Reverse Engineering Serial Ports – Detailed tutorial about how to spot debug pads on a PCB.
- UART explained – An in depth explanation of the UART protocol.
Conferences focused on embedded and/or IoT security.
- EU, The Hague, September.
- USA, Santa Clara, June.