Hardware security must also be evaluated. This may be a challenge given the relative lack of test tools available for this activity; however, there are security platforms that are beginning to emerge. One example, created by researchers Julien Moinard and Gwenole Audic, is known as Hardsploit.
Hardsploit is designed as a flexible and modular tool that can be used to interface with various data bus types, including UART, Parallel, SPI, CAN Modbus, and others. More information about Hardsploit is available at https://hardsploit.io/.
The process for evaluating hardware security in an enterprise IoT implementation is straightforward. Testers need to understand whether hardware devices introduce new weaknesses in a system that detracts from the ability to protect system assets and data. A typical IoT hardware evaluation flow during a penetration test would go as follows:
- Information gathering and reconnaissance
- External and internal analysis of the hardware
- Identifying communication interfaces (for example, USB, SPI, I2C, and so on)
- Acquiring data using hardware communication techniques (sniffing busses)
- Exploitation of hardware debug testing points (for example, UART, JTAG, and so on) for firmware exploitation
- Extract firmware and analyze firmware