Is that mobile app safe to use?

Would you readily give your residential address to a stranger? No? Aren’t you extra cautious while opening an email from an unknown sender? Yes? Good! How about extending the same sense of protection to your smart phone while downloading apps? In both these instances, you are necessarily safeguarding your home and yourself from prying eyes.…

Penetesting Industry 4.0 IoT Prototype – 4

Must have security measures for Industry 4.0 Firmware integrity and secure boot: Secure boot uses cryptographic code signing techniques, assures that a device only executes code generated by the device OEM or another trusted party. Use of protected boot technology restricts hackers from changing firmware with malicious instruction sets, thereby avoiding attacks. Unfortunately, not all…

Penetesting Industry 4.0 IoT Prototype – 3

Step 3: Hosting the payload on a Website To host the payload, we use the inbuilt apache server. Replacing the default “index.html” file with the generated payload file saved in “/var/www/html” folder is essential. We use the command shown in Fig 10 to host a page as shown in Fig 11. Fig 10: Start an…

Penetesting Industry 4.0 IoT Prototype – 2

Remotely Hacking into Raspberry Pi Step 1: Creating a TCP Tunnel The first step to hack into any device on a different network is to create a TCP tunnel. This can be done using a freely available application called ‘ngrok’. Open https://ngrok.com/download in browser and login/signup (Refer Fig 3). Fig 3: ngrok website Then download…

Penetesting Industry 4.0 IoT Prototype – 1

Penetesting Industry 4.0 IoT Prototype Why we did this? Valency Networks is established into VAPT market but walking path of making IoT based industries secure. There is a great deal of confusions around IoT and Industry 4.0, in terms of how those interact, what are their security challenges, what methods need to be followed etc.…