Even in the COVID era, August can't officially start for the cybersecurity community without Black Hat USA researchers offering up some juicy exploit announcements and dropping useful security tools onto GitHub. This year's event is fully virtual, which means no rockin' Vegas parties—but still plenty of interesting research lined up.
Amongst the highlights, a number of researchers are bringing their A-game to help the security community deal with the growing problem of IoT visibility gaps. With billions of devices, sensors, gateways and more flooding enterprise networks and too many different protocols and embedded platforms to count, the security community has struggled to wrap their arms around the true risk posture posed by their deployed IoT infrastructure. The following are just a few tools highlighted by Black Hat researchers in regular briefing sessions and Arsenal tool demos.
Cotopaxi: IoT Protocols Security Testing Toolkit
Developed by the security team from Samsung, Cotopaxi first saw some limelight at DEFCON last year and continues to be updated. It's an IoT toolset for testing a range of different quirky IoT, industrial IoT, and machine-to-machine protocols in a one-stop-shop set-up. It's meant to fill the gap left by common tools like nmap that don't support many new IoT protocols
Find it now: https://github.com/Samsung/cotopaxi
Aimed most squarely at IoT tool vendors, UFO is an assessment tool meant to help firmware developers check for known vulnerabilities in their software dependencies, insecure storage of sensitive data, use of default or cracked passwords, hidden backdoors and more. On the flip side, UFO can also be used by enterprise red teams and pen testers as another arrow in their quiver of offensive security tools.
Cylons aims to provide a platform for security engineers and pen testers to better automate their black box testing of IoT infrastructure. Based on OpenWRT, the tool focuses on automating traffic monitoring and parsing tasks such as packet capture, port discovery and scanning, man-in-the-middle tests and more. It's written in Rust to balance performance with security, and includes a number of integration features such as RESTful API interface.
Kr00k vuln testing script
First identified earlier this year, the Kr00k vulnerability is an encryption flaw in chips used by WiFi capable devices that's been estimated to impact more than 1 billion mobile and IoT devices worldwide. The flaw makes it possible for attackers to incercept and decrypt some types of WiFi networki traffic. At Black Hat researchers plan to give the audience a rundown on this attack its relationship to the KRACK vulnerability found in 2017, and will release a new proof-of-concept script to make it easier to for organizations to detect the flaw on unpatched devices—a boon for many security teams assessing their IoT devices.
Developed to support the introduction of the IETF standardized mechanism for identifying IoT devices, Manufacturer Usage Description (MUD), this tool is meant to help enterprises scale their efforts of keeping track of access control status across a broad IoT portfolio. MUD-visualizer reads and validates MUD files and offers a way to create network visualizations of that data.
Find it now: https://github.com/iot-onboarding/mud-visualizer