5 Tools Out of Black Hat to Gain Better IoT Visibility

Reading time: 6 min
Share this Share on email Share on twitter Share on linkedin Share on facebook

Even in the COVID era, August can't officially start for the cybersecurity community without Black Hat USA researchers offering up some juicy exploit announcements and dropping useful security tools onto GitHub. This year's event is fully virtual, which means no rockin' Vegas parties—but still plenty of interesting research lined up.

Amongst the highlights, a number of researchers are bringing their A-game to help the security community deal with the growing problem of IoT visibility gaps. With billions of devices, sensors, gateways and more flooding enterprise networks and too many different protocols and embedded platforms to count, the security community has struggled to wrap their arms around the true risk posture posed by their deployed IoT infrastructure. The following are just a few tools highlighted by Black Hat researchers in regular briefing sessions and Arsenal tool demos.

Cotopaxi: IoT Protocols Security Testing Toolkit

Developed by the security team from Samsung, Cotopaxi first saw some limelight at DEFCON last year and continues to be updated. It's an IoT toolset for testing a range of different quirky IoT, industrial IoT, and machine-to-machine protocols in a one-stop-shop set-up. It's meant to fill the gap left by common tools like nmap that don't support many new IoT protocols

Find it now: https://github.com/Samsung/cotopaxi

Relevant talk: https://www.blackhat.com/us-20/arsenal/schedule/index.html#cotopaxi-iot-protocols-security-testing-toolkit-21082


Aimed most squarely at IoT tool vendors, UFO is an assessment tool meant to help firmware developers check for known vulnerabilities in their software dependencies, insecure storage of sensitive data, use of default or cracked passwords, hidden backdoors and more. On the flip side, UFO can also be used by enterprise red teams and pen testers as another arrow in their quiver of offensive security tools.

Relevant talk: https://www.blackhat.com/us-20/arsenal/schedule/index.html#ufo-a-security-verification-tool-for-iot-device-firmware-19845


Cylons aims to provide a platform for security engineers and pen testers to better automate their black box testing of IoT infrastructure. Based on OpenWRT, the tool focuses on automating traffic monitoring and parsing tasks such as packet capture, port discovery and scanning, man-in-the-middle tests and more. It's written in Rust to balance performance with security, and includes a number of integration features such as RESTful API interface.

Relevant talk: https://www.blackhat.com/us-20/arsenal/schedule/index.html#cylons-an-automated-iot-security-assessment-platform-based-on-openwrt-21045

Kr00k vuln testing script

First identified earlier this year, the Kr00k vulnerability is an encryption flaw in chips used by WiFi capable devices that's been estimated to impact more than 1 billion mobile and IoT devices worldwide. The flaw makes it possible for attackers to incercept and decrypt some types of WiFi networki traffic. At Black Hat researchers plan to give the audience a rundown on this attack its relationship to the KRACK vulnerability found in 2017, and will release a new proof-of-concept script to make it easier to for organizations to detect the flaw on unpatched devices—a boon for many security teams assessing their IoT devices.

Relevant talk: https://www.blackhat.com/us-20/briefings/schedule/index.html#krk-serious-vulnerability-affected-encryption-of-billion-wi-fi-devices-20414


Developed to support the introduction of the IETF standardized mechanism for identifying IoT devices, Manufacturer Usage Description (MUD), this tool is meant to help enterprises scale their efforts of keeping track of access control status across a broad IoT portfolio. MUD-visualizer reads and validates MUD files and offers a way to create network visualizations of that data.

Find it now: https://github.com/iot-onboarding/mud-visualizer

Relevant talk: https://www.blackhat.com/us-20/arsenal/schedule/index.html#mud-visualizer-21053