Other versions by this Author
The definitive guide to hacking the world of the Internet of Things (IoT) -- Internet connected devices such as medical devices, home assistants, smart home appliances and more.
Geared towards security researchers, IT teams, and penetration testers, application testers, developers, and IT administrators, this book teaches you how to get started with hacking Internet connected devices. You'll dig deep into technical (and related legal) issues, as you learn what kinds of devices to use as hacking tools and which make the best targets. The authors, all experts in the field, cover the kinds of vulnerabilities found in IoT devices, explain how to exploit their network protocols, and how to leverage security flaws and certain hardware interfaces found in the physical devices themselves.
The book begins with threat modeling and a security testing methodology, then covers how to attack hardware interfaces such as UART, I²C, SPI, JTAG / SWD and IoT network protocols like UPnP, WS-Discovery, mDNS, DNS-SD, RTSP / RTCP / RTP, LoRa / LoRaWAN, Wi-Fi / Wi-Fi Direct, RFID / NFC, BLE, MQTT, CDP and DICOM. Examples throughout offer custom code designed to demonstrate specific vulnerabilities and tools to help readers reproduce the attacks. Practical IoT Hacking is full of practical exercises and hands-on examples taken from the authors' own research that teach you things like how to bypass the authentication of an STM32F103 device (black pill) through SWD; reverse firmware; exploit zero-configuration networking; use low-cost equipment to capture LoRa network traffic; analyze IoT companion mobile apps, take over and remotely control an Android based treadmill, jam wireless devices such as home alarm systems, hijack Bluetooth Low Energy connections and how to circumvent modern RFID and NFC enabled smart door locks.
Practical IoT Hacking The Definitive Guide to Attacking the Internet of Things
by Chantzis, Fotios; Stais, Ioannis; Calderon, Paulino; Deirmentzoglou, Evangelos; Woods, BeauFormat: Paperback
Pub. Date: 2021-04-09
Publisher(s): No Starch Press
-
This Item Qualifies for Free Shipping!*
*Excludes marketplace orders.
List Price: $52.49
Buy New
Arriving Soon. Will ship when available.
$49.99
Rent Book
Select for Price
Used Book
We're Sorry
Sold Out
eBook
We're Sorry
Not Available
How Marketplace Works:
- This item is offered by an independent seller and not shipped from our warehouse
- Item details like edition and cover design may differ from our description; see seller's comments before ordering.
- Sellers much confirm and ship within two business days; otherwise, the order will be cancelled and refunded.
- Marketplace purchases cannot be returned to eCampus.com. Contact the seller directly for inquiries; if no response within two days, contact customer service.
- Additional shipping costs apply to Marketplace purchases. Review shipping costs at checkout.
Summary
Author Biography
Fotios (Fotis) Chantzis is laying the foundation for a safe and secure Artificial General Intelligence (AGI) at OpenAI. Previously, he worked as a principal information security engineer at Mayo Clinic, where he managed and conducted technical security assessments on medical devices, clinical support systems, and critical healthcare infrastructure.
Ioannis Stais is a senior IT security researcher and head of red teaming at CENSUS S.A., a company that offers specialized cybersecurity services. He has participated in dozens of security assessment projects, including the assessment of communication protocols, web and mobile banking services, ATMs and point-of-sale systems, and critical medical appliances.
Paulino Calderon is a published author and international speaker with over 12 years of experience in network and application security. When he isn't traveling to security conferences or consulting for Fortune 500 companies with Websec, a company he co-founded in 2011, he spends peaceful days enjoying the beach in Cozumel, Mexico.
Evangelos Deirmentzoglou is an information security professional interested in solving security problems at scale. He led and structured the cybersecurity capability of the financial tech startup Revolut. A member of the open-source community since 2015, he has made multiple contributions to Nmap and Ncrack.
Beau Woods is a cyber safety innovation fellow with the Atlantic Council and a leader with the I Am The Cavalry grassroots initiative. He is also the founder and CEO of Stratigos Security and sits on the board of several nonprofits. Beau is a published author and frequent public speaker.
Ioannis Stais is a senior IT security researcher and head of red teaming at CENSUS S.A., a company that offers specialized cybersecurity services. He has participated in dozens of security assessment projects, including the assessment of communication protocols, web and mobile banking services, ATMs and point-of-sale systems, and critical medical appliances.
Paulino Calderon is a published author and international speaker with over 12 years of experience in network and application security. When he isn't traveling to security conferences or consulting for Fortune 500 companies with Websec, a company he co-founded in 2011, he spends peaceful days enjoying the beach in Cozumel, Mexico.
Evangelos Deirmentzoglou is an information security professional interested in solving security problems at scale. He led and structured the cybersecurity capability of the financial tech startup Revolut. A member of the open-source community since 2015, he has made multiple contributions to Nmap and Ncrack.
Beau Woods is a cyber safety innovation fellow with the Atlantic Council and a leader with the I Am The Cavalry grassroots initiative. He is also the founder and CEO of Stratigos Security and sits on the board of several nonprofits. Beau is a published author and frequent public speaker.
Table of Contents
Preface
Foreword
Part One: The IoT Threat Landscape
Chapter 1: The IoT Security World
Chapter 2: Threat Modeling
Chapter 3: A Security Testing Methodology
Part Two: Network Hacking
Chapter 4: Network Assessments
Chapter 5: Analyzing Network Protocols
Chapter 6: Exploiting Zero-configuration Networking
Part Three: Hardware Hacking
Chapter 7: UART and JTAG Exploitation
Chapter 8: Hacking SPI and I2C
Chapter 9: Firmware Hacking
Part Four: Radio Hacking
Chapter 10: Abusing RFID
Chapter 11: Exploiting Bluetooth Low Energy
Chapter 12: Wi-Fi Hacking
Chapter 13: Exploiting LPWAN
Part Five: Targeting the IoT Ecosystem
Chapter 14: Attacking Mobile Applications
Chapter 15: Hacking the “Smart” Home
Appendix A: Tools for IoT Hacking
Foreword
Part One: The IoT Threat Landscape
Chapter 1: The IoT Security World
Chapter 2: Threat Modeling
Chapter 3: A Security Testing Methodology
Part Two: Network Hacking
Chapter 4: Network Assessments
Chapter 5: Analyzing Network Protocols
Chapter 6: Exploiting Zero-configuration Networking
Part Three: Hardware Hacking
Chapter 7: UART and JTAG Exploitation
Chapter 8: Hacking SPI and I2C
Chapter 9: Firmware Hacking
Part Four: Radio Hacking
Chapter 10: Abusing RFID
Chapter 11: Exploiting Bluetooth Low Energy
Chapter 12: Wi-Fi Hacking
Chapter 13: Exploiting LPWAN
Part Five: Targeting the IoT Ecosystem
Chapter 14: Attacking Mobile Applications
Chapter 15: Hacking the “Smart” Home
Appendix A: Tools for IoT Hacking
An electronic version of this book is available through VitalSource.
This book is viewable on PC, Mac, iPhone, iPad, iPod Touch, and most smartphones.
By purchasing, you will be able to view this book online, as well as download it, for the chosen number of days.
Digital License
You are licensing a digital product for a set duration. Durations are set forth in the product description, with "Lifetime" typically meaning five (5) years of online access and permanent download to a supported device. All licenses are non-transferable.
More details can be found here.
A downloadable version of this book is available through the eCampus Reader or compatible Adobe readers.
Applications are available on iOS, Android, PC, Mac, and Windows Mobile platforms.
Please view the compatibility matrix prior to purchase.