Questions tagged [iot]
Questions about the Internet of Things: network-connected devices whose core functions do not include general-purpose interactive computing (e.g. cars, home appliances, consumer-grade routers) and whose potential software vulnerabilities are often overlooked by both users and manufacturers.
151 questions
0 votes
0 answers
49 views
What is commonly done in embedded/IoT systems to encrypt flash storage? Is TPM, PUFs, eFUSEs, TEE used to get the decryption key?
Assuming that RAM is inside the SoC, nullifying the possibility of cold-boot attacks, the only other way to obtain the decryption key is to extract it from the secure storage in which it is saved. I ...
- 537
0 votes
2 answers
145 views
How do embedded systems protect encryption keys when no user authentication is possible at startup?
Embedded and IoT systems power on autonomously, without user input (unlike PCs or phones requiring a PIN/password). If the manufacturer wants to encrypt the flash storage: Must the decryption key be ...
- 537
2 votes
0 answers
135 views
Pros and Cons of implementing custom certificate provisioning for IoT devices
I`m working on a project for improving security of IoT devices by using per device X.509 certificate for authentication. The company uses IoT sensors, created inhouse, to gather data for analytics. ...
- 21
1 vote
0 answers
102 views
Sony tv is sending udp packets to my firewall [closed]
I've noticed that the sony bravia tv is sending udp packets to my ip and they are blocked by ufw (firewall) Jan 09 16:56:09 my_host kernel: [UFW BLOCK] IN=wlp58s0 OUT= MAC=4c:1d:96:8b:8a:44:e8:6f:38:...
- 11
0 votes
0 answers
183 views
HTTPS and TLS for IoT devices
I have a Raspberry Pi-based device running an ASP.NET Core API. Each user can set up their device's IP address. I'm looking to implement authentication and authorization to enhance security. To ...
- 11
1 vote
0 answers
78 views
self-healing key management in iot-based wsn
I’m a student currently working on a project involving designing a new key management for iot-based Wireless Sensor Networks, with a focus on developing a self-healing mechanism and integrating AI in ...
2 votes
0 answers
123 views
Possible attacks againts head unit of contemporary cars
I purchased a new car this week. It has multimedia unit (sometimes called head unit of car). It has FM/AM/DAB radio functions (with its radio antenna) ,bluetooth 5.0,Wireless CarPlay – Android Auto, ...
9 votes
3 answers
3k views
What techniques are there for preventing radio-signal replay attacks?
I am now researching RF security on IoT devices such as doors, cars, etc. I have a HackRF device for performing RF-signal manipulations such as replay attacks. It is very easy to record the signals ...
1 vote
1 answer
243 views
Why does AWS strongly recommend a non-self-signed, code-signing certificate?
I am developing a hardware device that utilizes AWS IoT OTA via FreeRTOS. On this AWS web page, it says We recommend that you purchase a code-signing certificate from a company with a good ...
- 113
0 votes
0 answers
145 views
AWS IoT - Use a temporary certificate created at build time to authenticate a device for self-enrolment
Let's say we produce IoT devices and want them to access AWS IoT Core. The best solution is something like: every device has a (unique) private key and a public X.509 certificate signed by a valid ...
- 101
0 votes
1 answer
2k views
How can one use HTTPS without a domain name, or on a local network?
I was looking at the LXI Device Specification 2022 Version 1.6. For those not familiar with LXI, it is a standard for lab instruments like oscilloscopes, function generators, LCR meters and many more ...
- 103
0 votes
1 answer
194 views
How to resolve an issue with potential mismatch between device certificate and CA certificate?
I have an IoT device which is failing to establish a connection with the cloud. The problem is related to the device X509 certificate (to the best of my understanding). I've posted a version of this ...
- 113
1 vote
1 answer
163 views
Write message that can be verified by any member of a group
I am trying to develop a scheme for publishing a message to a group of recipients. Any recipient needs to be able to verify who the message was sent by. There may be tens of messages generated each ...
- 111
0 votes
2 answers
304 views
Hosting a Honeypot to collect data [closed]
I want to collect IoT botnets in order to analyze them. Are there any good VPS providers who allow to do that? - I'm a little cautious about this because of possible misconfigurations that could ...
- 103
3 votes
1 answer
438 views
Next movement in IoT pentest when you have restricted information
I am a newbie cyber security engineer working on IoT. Today, a task is given to me. The task was making pentest to a cooker. Because of the privacy, I cannot share the brand of the cooker. The cooker ...