In many cases, obtaining the IoT device we want to analyze is complicated or even expensive. However, this is not a reason to stop the analysis, because not everything goes through device analysis. All IoT devices are controlled through applications that can be downloaded and reverse engineered. In fact, sometimes it is better to start by analyzing the applications that control smart devices to see which ones are most vulnerable and can allow us to perform better investigations.
Reverse engineering is used to understand how an application works from its executable or package. In the case of mobile applications, we can even obtain the source code denmark phone number data of these, which is very useful for analyzing their functions, understanding how it receives and sends information, locating users and hardcoded keys, and even discovering vulnerabilities and exploiting them. In some cases, it is even possible to find the download links for the firmware, which, once downloaded, also makes it possible to reverse engineer them.
In the case of mobile applications, one of the most widely used decompilers is JADX , which has a very user-friendly interface for analysis. In the following example, this decompiler was used to obtain the source code of an application that controls smart plugs. The most interesting functions found in this case were those responsible for encrypting and decrypting traffic between the application and the device, and from these functions being able to control the device remotely and without any type of authentication.
Example of using JDAX to get the source code of an application that controls smart plugs.
Traffic Analysis and MiTM
A large amount of information travels to and from devices, so being able to control it will give us a great advantage in controlling the device we are investigating. Whether because the device communicates through insecure protocols or because the communication has been decrypted (as in the previous case), by analyzing network traffic we can not only obtain sensitive information, but also understand and analyze communication protocols. We can also often modify the packets sent and received or even generate new packets. In other words, by manipulating the traffic of a device it becomes possible to control it.
The best way to capture these packets is through the use of a proxy, such as Burp Suite . Sometimes, capturing traffic can be a bit more tedious to analyze and we will have to resort to tools like Wireshark to make our work easier.
As an example, in the following images we can see the traffic between a webcam and the mobile application that controls it. In this case, the traffic is sent in plain text via HTTP and we can not only obtain information about the camera, but also about the images that are captured by it: