Network Reconnaissance for the Internet of Things

Presenter

David Starobinski

Abstract

The rapid growth of the Internet of Things (IoT) has resulted in an array of competing, largely incompatible wireless communication technologies (e.g., BLE, Zigbee, LoRa, Z-Wave, etc.). This complex environment makes it difficult for organizations to come up with appropriate policies and tools to secure their operational environments. This talk introduces a holistic approach for IoT network reconnaissance, based on software-defined radio (SDR) technology. We demonstrate two concrete applications of this approach: (1) enumeration of IoT devices in one’s organization, including devices with no IP address; (2) verification of the authenticity of IoT devices based on the fuzzing of physical-layer signals.

References

• https://people.bu.edu/staro/IoT_Scan_CNS22.pdf
• https://people.bu.edu/staro/COMCOM___Testing___Fingerprinting_the_Physical_Layer.pdf