WEBVTT 1 00:00:00.080 --> 00:00:02.520 Okay, so you sent over a ton of info on 2 00:00:02.640 --> 00:00:04.400 this whole IoT hacking thing. 3 00:00:04.719 --> 00:00:08.839 Yeah, it's it's pretty fascinating stuff. You know. It kind 4 00:00:08.839 --> 00:00:12.480 of combines that traditional cybersecurity world, right with the unique 5 00:00:12.519 --> 00:00:15.679 vulnerabilities you get with physical devices. 6 00:00:15.320 --> 00:00:20.800 So not just software anymore exactly. Yeah, talking hardware, radio signals, 7 00:00:21.079 --> 00:00:24.600 even like the physical environment. Yeah, these devices operated. 8 00:00:24.480 --> 00:00:27.000 It really expands the attack surface, you know what I mean. 9 00:00:27.519 --> 00:00:29.719 We're going to try and like give you a clear 10 00:00:29.839 --> 00:00:32.759 picture of the security landscape of the whole Internet of things. 11 00:00:32.960 --> 00:00:36.640 I think the first question here, Yeah, what exactly are 12 00:00:36.640 --> 00:00:38.719 we even talking about when we say IoT. 13 00:00:39.200 --> 00:00:41.000 Yeah, that's a great question, and you're. 14 00:00:40.920 --> 00:00:43.439 Right, everything has a chip and WiFi these days. 15 00:00:43.200 --> 00:00:46.320 It seems like it, right. Yeah, there's not like a 16 00:00:46.439 --> 00:00:50.159 single universal definition, okay, but for our purposes, we're going 17 00:00:50.200 --> 00:00:52.960 to use the one from practical IoT hacking, right, which 18 00:00:53.039 --> 00:00:57.159 is physical devices that have computing power and can transfer 19 00:00:57.359 --> 00:01:03.039 data over networks, yet don't typically require human to computer interaction. 20 00:01:03.719 --> 00:01:06.040 Okay, So like my smart refrigerator that tells me when 21 00:01:06.079 --> 00:01:06.599 I'm low. 22 00:01:06.480 --> 00:01:11.439 On milk exactly, or like a smart thermostat, security cameras, 23 00:01:12.120 --> 00:01:15.599 even things like connected insulin pumps Wow. And here's where 24 00:01:15.640 --> 00:01:19.840 it gets really interesting. The book actually paints this picture 25 00:01:20.159 --> 00:01:23.280 of a city skyline Okay, not just with buildings, but 26 00:01:23.319 --> 00:01:29.480 with this dense network of antennas and sensors connecting all 27 00:01:29.519 --> 00:01:33.959 these devices, millions of points of data, all talking to 28 00:01:34.040 --> 00:01:34.480 each other. 29 00:01:34.599 --> 00:01:37.719 So this isn't like some futuristic concept, not at all. 30 00:01:37.799 --> 00:01:38.799 This is already happening. 31 00:01:38.879 --> 00:01:41.000 It's woven into the fabric of our lives. 32 00:01:41.519 --> 00:01:41.879 Wow. 33 00:01:42.040 --> 00:01:45.200 Yeah, so you're starting to understand why security for all 34 00:01:45.200 --> 00:01:46.280 this is so crucial. 35 00:01:46.680 --> 00:01:50.599 Absolutely, it goes beyond just protecting data, right, this is 36 00:01:50.719 --> 00:01:55.920 like protecting our physical safety, yes, our privacy, even critical 37 00:01:55.959 --> 00:01:57.319 infrastructure exactly. 38 00:01:57.319 --> 00:01:59.920 I mean if someone can hack into like a power 39 00:02:00.040 --> 00:02:04.760 grid or a traffic management system, consequences can be really devastating. 40 00:02:04.959 --> 00:02:07.680 Okay, that's making this feel very real. Yeah, so how 41 00:02:07.760 --> 00:02:11.280 is this different from the traditional IT security that we're 42 00:02:11.360 --> 00:02:12.159 used to hearing about. 43 00:02:12.360 --> 00:02:15.680 Well, one major difference is that IoT devices often have 44 00:02:15.800 --> 00:02:19.919 limited resources. Okay, you know, they don't necessarily have the 45 00:02:20.159 --> 00:02:23.639 processing power or memory to handle complex security. 46 00:02:23.800 --> 00:02:26.039 Oh so it's like, yeah, trying to install a bank 47 00:02:26.120 --> 00:02:27.599 vault door on a garden shed. 48 00:02:27.680 --> 00:02:28.599 That's a great analogy. 49 00:02:28.680 --> 00:02:29.560 Yeah, it's just not. 50 00:02:30.080 --> 00:02:32.560 It's not designed designed for that level of for that 51 00:02:32.639 --> 00:02:33.759 level of security exactly. 52 00:02:33.840 --> 00:02:34.120 Okay. 53 00:02:34.719 --> 00:02:38.360 Another challenge is just the sheer diversity of technologies okay, 54 00:02:38.520 --> 00:02:45.400 countless hardware and software, combinations, different communication protocols. It creates 55 00:02:45.439 --> 00:02:48.360 this massive attack surface for hackers to exploit. 56 00:02:48.680 --> 00:02:52.159 And unlike a server and a data center, right, so 57 00:02:52.319 --> 00:02:56.159 many of these devices are just physically accessible, yeah, exactly, 58 00:02:56.199 --> 00:02:57.479 anyone could tamper with them. 59 00:02:57.599 --> 00:03:01.599 Anyone could. Yeah. And we can't forget the lack of 60 00:03:01.680 --> 00:03:05.520 security awareness among some manufacturers. A lot of times the 61 00:03:05.520 --> 00:03:07.240 focus is just on, you know. 62 00:03:07.439 --> 00:03:10.159 Getting it to market, getting cort quickly and cheaply. 63 00:03:09.960 --> 00:03:14.039 Quickly and cheaply, rather than building in those robust security features. 64 00:03:14.199 --> 00:03:16.479 Okay, let's get out of theory, okay and talk about 65 00:03:16.479 --> 00:03:20.639 some real world examples. Sure, the book talks about Jay Radcliffe, right, 66 00:03:20.800 --> 00:03:25.080 the security researcher who found vulnerabilities in his own insulin pump. 67 00:03:25.280 --> 00:03:28.439 Yeah, so he realizes that a hacker could potentially like 68 00:03:29.319 --> 00:03:32.680 manipulate the dosage, putting his life at risk. 69 00:03:32.840 --> 00:03:33.400 Wow. 70 00:03:33.680 --> 00:03:36.759 It really highlights the potential life or death consequences of 71 00:03:36.879 --> 00:03:39.960 insecure IoT medical devices. 72 00:03:40.120 --> 00:03:43.120 That's terrifying. It is that really hits home how high 73 00:03:43.159 --> 00:03:44.039 the stakes are here. 74 00:03:44.159 --> 00:03:47.439 Another example that might surprise you is the vulnerability of 75 00:03:47.560 --> 00:03:49.039 VoIP phones. 76 00:03:48.800 --> 00:03:51.280 Voy p Those are just internet phones, yeah, pretty much. 77 00:03:51.319 --> 00:03:52.639 How could those be a security risk? 78 00:03:52.680 --> 00:03:55.639 Well, they're often overlooked from a security standpoint, but they 79 00:03:55.639 --> 00:03:58.759 can actually be used as entry points, oh wow, to 80 00:03:58.879 --> 00:04:03.759 gain access to corporate networks, including those with sensitive IoT devices. 81 00:04:04.080 --> 00:04:07.840 So even a seemingly harmless device, yeah, can be a 82 00:04:07.879 --> 00:04:09.000 weak link in the chain. 83 00:04:09.240 --> 00:04:10.960 It can absolutely. 84 00:04:10.599 --> 00:04:12.479 Okay, I'm starting to see how all this connects it. 85 00:04:12.479 --> 00:04:13.280 It's all connected. 86 00:04:13.479 --> 00:04:16.879 So how does a hacker actually target these devices? 87 00:04:17.079 --> 00:04:19.399 Well, they usually follow like a systematic. 88 00:04:18.839 --> 00:04:22.319 Approach okay, So they don't just randomly start not usually 89 00:04:22.399 --> 00:04:23.360 no poken around. 90 00:04:23.480 --> 00:04:27.199 It often starts with reconnaissance okay, gathering information about the 91 00:04:27.240 --> 00:04:34.279 target device, it's network configuration, any available documentation or firmware updates. 92 00:04:34.480 --> 00:04:37.639 So like doing their homework before making a move. 93 00:04:37.639 --> 00:04:41.079 Exactly like casing the joint in a heist movie. 94 00:04:41.199 --> 00:04:41.560 Okay. 95 00:04:41.759 --> 00:04:44.680 Once they have a good understanding of the device, huh, 96 00:04:44.800 --> 00:04:48.360 they move on to vulnerability analysis okay. This is where 97 00:04:48.399 --> 00:04:53.439 they identify potential weaknesses in the software, hardware, or communication. 98 00:04:53.000 --> 00:04:56.600 Protocols, looking for those chinks in the armor exactly. Yeah, 99 00:04:56.639 --> 00:05:00.319 and I'm guessing the final step is the actual attack. 100 00:05:00.199 --> 00:05:03.480 Yes, the exploitation phase. This is where they use the 101 00:05:03.680 --> 00:05:08.759 identified vulnerabilities to gain control of the device, access sensitive data, 102 00:05:09.279 --> 00:05:10.800 or disrupt its operation. 103 00:05:11.600 --> 00:05:14.680 So let's get into some of the specific hacking techniques. Okay, 104 00:05:14.959 --> 00:05:20.000 what are some of the more shall we say, ingenious ones. 105 00:05:20.160 --> 00:05:25.199 Well, one example is VLAN hopping, which involves exploiting misconfigured 106 00:05:25.199 --> 00:05:28.120 network switches to gain access to restricted vlands. 107 00:05:28.240 --> 00:05:30.439 Wait, can you back up a second, sure, what exactly 108 00:05:30.480 --> 00:05:31.000 is a vlan? 109 00:05:31.120 --> 00:05:35.439 Think of it as like creating separate virtual networks within 110 00:05:35.480 --> 00:05:39.000 a larger physical network, having different lanes on a highway 111 00:05:39.439 --> 00:05:42.680 to separate different types of traffic. So in a company, 112 00:05:43.000 --> 00:05:45.839 they might use VLANs to separate sensitive data from the 113 00:05:45.879 --> 00:05:48.920 rest of the network. Vland hopping allows a hacker to 114 00:05:49.040 --> 00:05:52.639 jump between those lanes and access information they shouldn't be 115 00:05:52.680 --> 00:05:53.360 able to see. 116 00:05:53.600 --> 00:05:57.199 So like finding a secret passageway to bypass security checkpoint. 117 00:05:57.279 --> 00:06:01.079 That's a very act analogy. Another fastenating technique is the 118 00:06:01.199 --> 00:06:06.319 MQTT attack. IMQTT it stands for Message Queuing Telemetry Transport. 119 00:06:07.079 --> 00:06:11.360 It's a lightweight messaging protocol often used in IoT ecosystems 120 00:06:11.959 --> 00:06:15.839 for communication between devices. Okay, the book details a way 121 00:06:15.879 --> 00:06:18.879 to create a custom and crack module that's a password 122 00:06:18.920 --> 00:06:23.439 cracking tool to crack the authentication of an MQTT broker. 123 00:06:23.560 --> 00:06:24.120 A broker. 124 00:06:24.279 --> 00:06:27.839 Think of it as like a central hub that manages 125 00:06:27.879 --> 00:06:31.800 the communication between all the devices. So by cracking the broker, 126 00:06:31.879 --> 00:06:35.680 the attacker gains control over an entire network of devices. 127 00:06:36.040 --> 00:06:39.199 Wow, so it's like finding the master key that unlocks 128 00:06:39.240 --> 00:06:40.160 every door in the building. 129 00:06:40.199 --> 00:06:43.920 You're catching on quickly. Then there's UPnP exploitation. 130 00:06:44.519 --> 00:06:45.000 UPNB. 131 00:06:45.240 --> 00:06:48.040 It stands for Universal plug and Play. Okay, it's designed 132 00:06:48.040 --> 00:06:50.560 to make it super easy to like set up devices 133 00:06:50.600 --> 00:06:53.959 on a network, but it can also be a security. 134 00:06:53.560 --> 00:06:55.360 Nightmare, so convenience often comes at. 135 00:06:55.319 --> 00:07:00.079 A cost unfortunately. Yes, hackers can exploit flaws in UPNKE 136 00:07:00.319 --> 00:07:03.639 to open up ports in a router's firewall, exposing internal 137 00:07:03.680 --> 00:07:04.759 devices to the Internet. 138 00:07:04.959 --> 00:07:07.360 So it's like leaving the front door wide open with 139 00:07:07.399 --> 00:07:10.560 the big scien and says come on in exactly. Yikes. 140 00:07:10.720 --> 00:07:13.000 Yeah, it's a good reminder to be careful about what 141 00:07:13.079 --> 00:07:14.879 features you enable on your router. 142 00:07:15.560 --> 00:07:18.839 Speaking of sneaky techniques, yeah, what about these man in 143 00:07:18.879 --> 00:07:22.519 the middle attacks? Using mDNS and WS discovery. 144 00:07:22.839 --> 00:07:27.720 So mDNS and WS discovery are meant for simple device 145 00:07:27.800 --> 00:07:31.160 discovery on local networks. Like say you want to print 146 00:07:31.199 --> 00:07:35.560 something and your computer needs to find the printer on 147 00:07:35.600 --> 00:07:39.439 your home network. Right, these protocols help with that, okay, 148 00:07:39.480 --> 00:07:44.199 But hackers can abuse them to intercept and manipulate communications, 149 00:07:44.519 --> 00:07:46.680 even impersonating legitimate devices. 150 00:07:46.920 --> 00:07:49.560 So it's like intercepting a phone call and pretending to 151 00:07:49.600 --> 00:07:51.079 be the person on the other end exactly. 152 00:07:51.240 --> 00:07:53.839 Oh wow, And these attacks can be used to steal data, 153 00:07:54.079 --> 00:07:57.199 disrupt operations, or even gain control of devices. 154 00:07:57.360 --> 00:07:59.879 And I'm guessing it's pretty hard to detect it can be. 155 00:08:00.279 --> 00:08:01.879 Ye is getting seriously intense. 156 00:08:02.040 --> 00:08:04.199 Let's bring it back to something a little more tangible 157 00:08:04.240 --> 00:08:07.240 and maybe a little scary. The book talks about RFID 158 00:08:07.399 --> 00:08:12.079 tag cloning, using readily available tools to potentially gain access 159 00:08:12.160 --> 00:08:14.160 to buildings or systems. 160 00:08:14.319 --> 00:08:18.199 So it's not just about securing the digital world. Yeah, 161 00:08:18.240 --> 00:08:18.800 it's also the. 162 00:08:18.720 --> 00:08:20.120 Physical physical implication. 163 00:08:20.199 --> 00:08:20.399 Yeah. 164 00:08:20.399 --> 00:08:23.519 Absolutely, And that brings us to another crucial point, the 165 00:08:23.600 --> 00:08:28.399 vulnerability of mobile apps that are often used to control 166 00:08:28.439 --> 00:08:30.279 and configure IoT devices. 167 00:08:30.360 --> 00:08:32.600 Right those appsolutely, you adjust your thermostat from. 168 00:08:32.480 --> 00:08:35.759 Your phone, exactly, or check your security cameras while you're away. 169 00:08:36.240 --> 00:08:39.159 The problem is these apps can be easier targets than 170 00:08:39.200 --> 00:08:42.840 the devices themselves. Oh wow, they might store data insecurely 171 00:08:43.720 --> 00:08:47.399 or be susceptible to injection attacks where malicious code is inserted. 172 00:08:47.600 --> 00:08:50.720 So hacking the app could give the attack or backdoor. 173 00:08:50.279 --> 00:08:53.279 Access to the device and the entire network. Wow, it's 174 00:08:53.279 --> 00:08:54.600 connected to It's. 175 00:08:54.440 --> 00:08:57.840 A sobering thought. His It seems like with all this connectivity, 176 00:08:58.080 --> 00:09:00.919 there's always some new vulnerability to worry about. 177 00:09:01.039 --> 00:09:04.159 It's a constantly evolving landscape. That's why it's so important 178 00:09:04.159 --> 00:09:08.559 to understand like the hacking mindset. By learning how attackers think, 179 00:09:08.679 --> 00:09:11.799 we can better anticipate their moves and protect ourselves. 180 00:09:12.320 --> 00:09:14.279 Knowledge is power, exactly. 181 00:09:14.559 --> 00:09:18.159 But before we go full on cyber detective, right, let's 182 00:09:18.200 --> 00:09:21.080 remember that not all hacking is malicious, right. 183 00:09:21.120 --> 00:09:23.080 There are ethical hackers exactly right. 184 00:09:23.279 --> 00:09:27.440 Ethical hackers use their skills to find and report vulnerabilities, 185 00:09:27.639 --> 00:09:29.360 helping to make systems more secure. 186 00:09:29.600 --> 00:09:32.399 So they're like the white hats in an old Western right, 187 00:09:32.519 --> 00:09:34.399 using their knowledge for good exactly. 188 00:09:35.039 --> 00:09:40.240 Practical IoT hacking actually emphasizes the importance of ethical hacking, okay, 189 00:09:40.279 --> 00:09:43.960 and working within those legal frameworks. It even mentions specific 190 00:09:44.080 --> 00:09:48.519 laws like the Digital Millennium Copyright Act and the Computer 191 00:09:48.600 --> 00:09:51.159 Fraud and Abuse Act that govern these activities. 192 00:09:51.240 --> 00:09:53.840 So we've got legal and ethical guidelines we do to 193 00:09:53.879 --> 00:09:56.000 consider as well. Yeah, that's a whole other layer. 194 00:09:55.879 --> 00:09:59.600 Of complexity, it is, but it's an important one. Cybersecurity 195 00:09:59.679 --> 00:10:03.879 isn't just about technical skills. It's also about understanding the 196 00:10:03.919 --> 00:10:07.120 implications of what we do and making sure we're using 197 00:10:07.120 --> 00:10:08.399 our knowledge responsibly. 198 00:10:08.840 --> 00:10:10.840 Okay, we've covered a lot of ground here. We have 199 00:10:11.159 --> 00:10:16.519 define the IoT, explored its unique security challenges, h delved 200 00:10:16.519 --> 00:10:20.559 into real world examples, and even peaked into the hacker's toolbox. 201 00:10:20.759 --> 00:10:23.480 We've only just scratched the surface, though, Right, there's so 202 00:10:23.639 --> 00:10:26.919 much more to learn about this, this rapidly evolving field. 203 00:10:26.919 --> 00:10:29.240 But hopefully this has given you a solid foundation to 204 00:10:29.240 --> 00:10:29.799 build upon. 205 00:10:30.000 --> 00:10:32.559 It definitely has. Yeah, it seems like we're just at 206 00:10:32.600 --> 00:10:35.240 the beginning, I think so of a much larger conversation 207 00:10:35.879 --> 00:10:40.159 about how we secure this right increasingly interconnected world. 208 00:10:40.360 --> 00:10:43.000 You're absolutely right, the security of the IoT is not 209 00:10:43.120 --> 00:10:46.039 just a technical issue. It's a societal issue. 210 00:10:46.240 --> 00:10:46.519 Wow. 211 00:10:46.639 --> 00:10:51.159 As our world becomes increasingly interconnected, the line between the 212 00:10:51.240 --> 00:10:55.960 digital and physical realms is blurring. What happens in cyberspace 213 00:10:56.039 --> 00:10:58.759 can have very real consequences. 214 00:10:58.039 --> 00:10:59.919 And that's a thought we should all be grappling with. 215 00:11:00.240 --> 00:11:02.320 We'll dive deeper into that in the next part of 216 00:11:02.360 --> 00:11:05.919 our deep dive. We'll explore some advanced hacking techniques and 217 00:11:06.000 --> 00:11:11.039 discuss the broader implications of the IoT security landscape. Sounds 218 00:11:11.039 --> 00:11:16.039 like a plan until then, stay curious and stay vigilant. 219 00:11:15.519 --> 00:11:19.799 Seed in part two. Okay, so last time we were 220 00:11:19.799 --> 00:11:24.279 talking about the importance of understanding the hacker's mindset and 221 00:11:24.320 --> 00:11:25.960 how they approach these IoT. 222 00:11:25.720 --> 00:11:28.679 Systems, and now we're going to explore some of those 223 00:11:28.720 --> 00:11:32.480 advanced hacking techniques that kind of take that understanding a 224 00:11:32.480 --> 00:11:35.320 step for it air, It's like peeling back the layers 225 00:11:35.360 --> 00:11:39.200 of an onion, uncovering like new levels of complexity. 226 00:11:39.399 --> 00:11:41.879 Okay, you've intrigued me, but I'm also a little nervous. 227 00:11:42.240 --> 00:11:46.799 Let's start with network sniffing and protocol analysis. Okay, this 228 00:11:46.840 --> 00:11:49.679 is where things get a bit more technical. Oka, but 229 00:11:49.759 --> 00:11:54.360 it's really crucial for understanding how attackers can intercept and 230 00:11:54.480 --> 00:11:58.519 manipulate data that's flowing between these IoT devices. 231 00:11:58.519 --> 00:12:01.039 Okay, I'll try and keep up. So network sniffing. 232 00:12:01.320 --> 00:12:03.639 Yeah, it sounds kind of ominous, it doesn't it. What 233 00:12:03.679 --> 00:12:04.440 exactly is it? 234 00:12:04.799 --> 00:12:09.000 Think of it like eavesdropping on a conversation. When devices 235 00:12:09.039 --> 00:12:13.080 communicate over a network, they send these packets of data 236 00:12:13.159 --> 00:12:17.279 back and forth. A network sniffer is a tool that 237 00:12:17.480 --> 00:12:21.320 captures those packets, allowing a hacker to see what information 238 00:12:21.399 --> 00:12:22.360 is being transmitted. 239 00:12:22.440 --> 00:12:26.120 So they're basically spying on the conversation between the devices. 240 00:12:26.159 --> 00:12:28.320 But it's not enough just to see the data. You 241 00:12:28.360 --> 00:12:32.000 need to understand what it means. And that's where protocol 242 00:12:32.000 --> 00:12:37.600 analysis comes in. Different types of data use different communication protocols, 243 00:12:38.159 --> 00:12:41.080 which are kind of like sets of rules for how 244 00:12:41.080 --> 00:12:44.480 the information is structured and transmitted. 245 00:12:43.960 --> 00:12:47.799 So like different languages for different types of data exactly. 246 00:12:47.960 --> 00:12:52.679 And by analyzing those protocols, hackers can decipher the meaning 247 00:12:53.240 --> 00:12:57.039 of the data they're intercepting. Once they understand the language, 248 00:12:57.320 --> 00:13:00.840 they can start manipulating the data, injecting their own commands 249 00:13:00.919 --> 00:13:04.879 oh okay, or even like disrupting the communication entirely. 250 00:13:04.559 --> 00:13:09.480 So it's not just passively listening. They can actually interfere. 251 00:13:09.159 --> 00:13:10.000 With the conversation. 252 00:13:10.679 --> 00:13:13.000 Yeah, it can be a problem. This is getting scary, 253 00:13:13.159 --> 00:13:16.320 especially if the protocols being used aren't very secure. 254 00:13:16.840 --> 00:13:17.200 Okay. 255 00:13:17.240 --> 00:13:18.919 The book actually gives the example of. 256 00:13:18.919 --> 00:13:21.200 Di com DICOM. That sounds familiar. 257 00:13:21.279 --> 00:13:25.600 It stands for Digital Imaging and Communications in Medicine, right, Okay. 258 00:13:25.639 --> 00:13:29.080 It's how medical images like X rays and CT scams 259 00:13:29.320 --> 00:13:33.360 are stored and transmitted. If someone were able to intercept 260 00:13:33.360 --> 00:13:37.200 and manipulate those images, the consequences could be serious. 261 00:13:37.360 --> 00:13:40.759 Okay, that's definitely unsettling. Yeah, but surely it's not that 262 00:13:40.879 --> 00:13:43.039 easy to just sniff network traffic. 263 00:13:43.679 --> 00:13:46.600 Well, there are security measures in place, but they're not 264 00:13:46.639 --> 00:13:49.200 always fool proof okay, and sometimes hackers have to get 265 00:13:49.240 --> 00:13:52.639 a little creative and develop their own tools to analyze 266 00:13:52.639 --> 00:13:53.960 and manipulate these protocols. 267 00:13:54.039 --> 00:13:54.279 Okay. 268 00:13:54.639 --> 00:13:56.919 The book talks about extending wire shark. 269 00:13:57.039 --> 00:13:59.879 Wire Shark is that something anyone can use well? Or 270 00:14:00.080 --> 00:14:02.240 is that like specialized hacker software. 271 00:14:02.720 --> 00:14:06.679 Wireshark itself is actually a legitimate tool used by network 272 00:14:06.720 --> 00:14:12.039 administrators and security professionals okay, for troubleshooting and analysis. It's 273 00:14:12.080 --> 00:14:16.639 open source, meaning anyone can download and use it. But 274 00:14:16.720 --> 00:14:19.080 in the wrong hands, it can also be used for 275 00:14:19.120 --> 00:14:20.360 those malicious purposes. 276 00:14:20.480 --> 00:14:24.039 So it's like any powerful tool. It could be used 277 00:14:24.080 --> 00:14:26.600 for good or evil it can depending on the intentions 278 00:14:26.600 --> 00:14:29.200 of the user exactly. The book also explains how to 279 00:14:29.200 --> 00:14:33.120 write custom modules for enmap, which is another powerful network 280 00:14:33.159 --> 00:14:37.200 scanning tool. It is to identify and target new network protocols. 281 00:14:37.360 --> 00:14:40.720 It's like giving hackers a set of lock picks for 282 00:14:40.840 --> 00:14:43.240 any type of digital door they encounter. 283 00:14:43.080 --> 00:14:46.200 So they're constantly developing new ways they are to exploit 284 00:14:46.240 --> 00:14:47.399 weaknesses in these systems. 285 00:14:47.519 --> 00:14:50.279 Yeah, it feels like an arms race almost between the 286 00:14:50.279 --> 00:14:52.840 hackers and the security professionals. 287 00:14:53.120 --> 00:14:57.759 Speaking of exploiting weaknesses, you mentioned manipulating data earlier. Can 288 00:14:57.799 --> 00:15:00.440 you give me like a specific example of what that 289 00:15:00.519 --> 00:15:01.120 might look like. 290 00:15:01.279 --> 00:15:04.039 One common technique is called a bit flipping attack. 291 00:15:04.200 --> 00:15:04.440 Okay. 292 00:15:04.720 --> 00:15:08.039 It involves changing specific bits in a data packet. 293 00:15:08.279 --> 00:15:12.039 Hold on, bakup bits. Yeah, like ones and zeros. 294 00:15:11.759 --> 00:15:15.440 Exactly, those tiny ones and zeros that make up all 295 00:15:15.559 --> 00:15:16.519 digital information. 296 00:15:16.960 --> 00:15:17.320 Okay. 297 00:15:17.480 --> 00:15:21.159 By flipping just a few bits, an attacker can potentially 298 00:15:21.240 --> 00:15:25.159 change the meaning of a message wow, corrupt data, or 299 00:15:25.200 --> 00:15:28.080 even trigger unexpected behavior in a device. 300 00:15:28.399 --> 00:15:28.759 Okay. 301 00:15:28.960 --> 00:15:32.080 Imagine like changing a single letter in a recipe. 302 00:15:32.320 --> 00:15:32.519 Right. 303 00:15:33.480 --> 00:15:37.440 It might seem small, but it could drastically alter the outcome. 304 00:15:38.039 --> 00:15:40.720 That's what bitflipping does to digital data. 305 00:15:40.799 --> 00:15:43.519 So they're basically introducing like typos. 306 00:15:43.639 --> 00:15:45.759 That's a good analogy under the code to mess things 307 00:15:45.840 --> 00:15:49.240 up exactly. And the scary thing is these attacks can 308 00:15:49.279 --> 00:15:52.840 be difficult to detect, oh wow, because they often don't 309 00:15:52.960 --> 00:15:54.679 leave any obvious traces. 310 00:15:54.960 --> 00:15:57.399 So it's like a ghost in the machine it is. 311 00:15:57.480 --> 00:16:01.279 So we've covered network sniffing right and data manipulation. What 312 00:16:01.320 --> 00:16:03.919 are the tricks do the cybern inges have up their sleeves. 313 00:16:03.960 --> 00:16:07.279 Well, let's shift gears a bit and talk about hardware hacking. 314 00:16:07.679 --> 00:16:10.720 This is where we delve into the physical world of circuits, 315 00:16:10.759 --> 00:16:14.559 micro controllers, and all sorts of electronic components. 316 00:16:14.799 --> 00:16:18.960 Hardware hacking. Yeah, so like soldering irons and server boards. 317 00:16:19.360 --> 00:16:20.519 That sounds pretty hardcore. 318 00:16:20.679 --> 00:16:23.759 It can be. Yeah. The goal of hardware hacking is 319 00:16:23.840 --> 00:16:27.879 usually to gain access to a device's firmware, which is 320 00:16:27.960 --> 00:16:31.960 the low level software that controls its operation. Think of 321 00:16:31.960 --> 00:16:35.840 it like the operating system for a specific piece of hardware. 322 00:16:35.879 --> 00:16:36.200 Got it. 323 00:16:36.440 --> 00:16:41.720 By modifying the firmware, an attacker can potentially bypass security mechanisms, 324 00:16:42.080 --> 00:16:46.360 installed back doors, or even completely reprogram the device to 325 00:16:46.399 --> 00:16:47.960 do something it wasn't intended to do. 326 00:16:48.360 --> 00:16:51.639 So like taking apart a car engine and rewiring it. Yeah, 327 00:16:51.679 --> 00:16:52.519 to make it go faster. 328 00:16:52.639 --> 00:16:55.360 That's a pretty good analogy, okay. And the motivations for 329 00:16:55.399 --> 00:16:58.120 hardware hacking can vary, right. Some people do it for 330 00:16:58.200 --> 00:17:02.679 research purposes to understand how devices work and find vulnerabilities. 331 00:17:03.039 --> 00:17:06.759 Others might do it to unlock hidden features okay, or 332 00:17:06.839 --> 00:17:09.039 customize the device's functionality. 333 00:17:09.279 --> 00:17:11.119 But I'm guessing there are also those who do it 334 00:17:11.160 --> 00:17:12.400 for less noble reasons. 335 00:17:12.680 --> 00:17:17.519 Unfortunately. Yes, yeh, a hacker could use hardware hacking techniques 336 00:17:17.559 --> 00:17:22.839 to steal data, disrupt operations, or even cause physical damage. 337 00:17:22.920 --> 00:17:26.440 This is getting into like some serious spy thriller territory here. 338 00:17:26.359 --> 00:17:29.279 It is. Yeah. The book talks about using techniques like 339 00:17:29.440 --> 00:17:32.440 side channel analysis and fault injection. 340 00:17:32.920 --> 00:17:35.799 Okay. Side channel analysis, yeah, fault injection. 341 00:17:35.880 --> 00:17:37.880 I'm gonna need a little more explanation on those, I 342 00:17:37.880 --> 00:17:41.400 think so so. Side channel analysis involves monitoring the physical 343 00:17:41.480 --> 00:17:47.519 properties of a device, like its power consumption or electromagnetic emissions, okay, 344 00:17:47.759 --> 00:17:52.000 to glean information about its internal workings. It's like listening 345 00:17:52.079 --> 00:17:54.599 to the subtle clicks and wars of a safe right 346 00:17:54.720 --> 00:17:58.359 to figure out the combination. Fault injection, on the other hand, 347 00:17:58.440 --> 00:18:03.039 involves deliberately introduced seeing errors or glitches okay into a 348 00:18:03.119 --> 00:18:07.559 device's operation, right, to force it to reveal secrets or 349 00:18:07.599 --> 00:18:09.079 behave in unexpected ways. 350 00:18:09.119 --> 00:18:11.359 So you're basically trying to Yeah, it's. 351 00:18:11.240 --> 00:18:13.519 Like jostling a vending machine to try and get a 352 00:18:13.559 --> 00:18:14.160 free snack. 353 00:18:14.359 --> 00:18:14.960 Right right. 354 00:18:15.440 --> 00:18:18.759 Those are some pretty clever, albeit devious techniques. 355 00:18:18.920 --> 00:18:21.680 It seems like these hackers are always thinking outside the box. 356 00:18:21.960 --> 00:18:24.359 They are. That's why it's so important to stay ahead 357 00:18:24.359 --> 00:18:24.839 of the curve. 358 00:18:25.119 --> 00:18:27.920 Speaking of staying ahead of the curve, what are some 359 00:18:28.039 --> 00:18:32.440 common tools and techniques used for this kind of hardware hacking? 360 00:18:33.200 --> 00:18:37.079 Well, one popular tool is the JTAG interface JTAG. Yeah, 361 00:18:37.079 --> 00:18:40.200 it stands for Joint Test Action Group. It's a standard 362 00:18:40.279 --> 00:18:44.039 for testing and debugging electronic Circuitskay. Think of it like 363 00:18:44.079 --> 00:18:47.880 a backdoor into the device's brain, allowing a hacker to 364 00:18:47.920 --> 00:18:50.759 connect to a device and read or write data to 365 00:18:50.799 --> 00:18:53.640 its memory, including the firmware. 366 00:18:53.920 --> 00:18:56.559 JTAG Is that something that anyone can get their hands on. 367 00:18:56.799 --> 00:19:00.599 JTAG interfaces themselves are fairly common. Yeah, you can find 368 00:19:00.599 --> 00:19:04.119 them online or at electronics stores. They're often used by 369 00:19:04.200 --> 00:19:08.039 engineers and hobbyists for legitimate purposes, but again, in the 370 00:19:08.079 --> 00:19:10.759 wrong hands. They can also be used for malicious hacking. 371 00:19:11.119 --> 00:19:14.319 So, like most of these tools, it's not the tool itself, No, 372 00:19:14.720 --> 00:19:16.480 that's good or bad. It's the intention. 373 00:19:16.680 --> 00:19:17.839 It's the intention behind it. 374 00:19:17.960 --> 00:19:20.359 Another technique is called you ARET sniffing. 375 00:19:20.759 --> 00:19:24.359 You ARE stands for universal asynchronous receiver transmitter Okay, and 376 00:19:24.400 --> 00:19:28.160 it's a common interface for serial communication between different components 377 00:19:28.200 --> 00:19:28.839 of a device. 378 00:19:29.079 --> 00:19:31.160 Okay, you're losing me a bit with the technical jargon. 379 00:19:31.200 --> 00:19:34.039 Imagine you have a walkie talkie conversation with a friend, right, 380 00:19:34.400 --> 00:19:36.319 you are is kind of like the channel you're using 381 00:19:36.359 --> 00:19:39.720 to communicate. By listening in on that channel, a hacker 382 00:19:40.000 --> 00:19:41.519 could intercept your conversation. 383 00:19:41.839 --> 00:19:46.799 So by sniffing the art traffic, they're essentially eavesdropping on 384 00:19:46.839 --> 00:19:47.519 the conversation. 385 00:19:47.640 --> 00:19:48.440 That's a good way to put it. 386 00:19:48.480 --> 00:19:50.079 Yeah, between different parts of a device. 387 00:19:50.319 --> 00:19:52.839 The book gives an example of using you ARET sniffing 388 00:19:52.960 --> 00:19:55.599 to extract the firmware from a smart loock. 389 00:19:55.759 --> 00:19:56.079 Okay. 390 00:19:56.240 --> 00:19:59.480 Once they have the firmware, they can analyze it for vulnerabilities, 391 00:20:00.000 --> 00:20:03.759 tracked encryption keys, or even modify it to change the 392 00:20:03.799 --> 00:20:04.880 device's behavior. 393 00:20:05.400 --> 00:20:08.160 So they're basically rewriting the rules of the game in 394 00:20:08.200 --> 00:20:08.599 a way. 395 00:20:08.839 --> 00:20:12.000 Yes, and that's why hardware hacking, yeah, could be. 396 00:20:11.920 --> 00:20:15.559 Such a serious threat, especially in the context of the IoT. 397 00:20:15.839 --> 00:20:18.720 Can you elaborate on that a bit sure. Why is 398 00:20:18.759 --> 00:20:23.160 hardware hacking particularly dangerous for IoT devices? 399 00:20:23.559 --> 00:20:29.279 Well, as we discussed earlier, many IoT devices are physically accessible, right. 400 00:20:29.319 --> 00:20:33.720 They're in our homes, our offices, even our cars. This 401 00:20:33.799 --> 00:20:37.480