IOt has a complex architecture. Below is the checklist when examining an IOT device
- Software
- Common vulnerabilities
- XXS
- SQLi
- NoSQLi
- File Inclusion
- SSRF
- XML
- SSTI
- LFI/RFI
- Path Traversal
- Misc
- Harcoded passwords
- Exposed API keys
- Default passwords
- Common vulnerabilities
- API Vulnerabilities
- BOLA
- BOPLA
- Misc
- Zombie APIs
- Shadow APIs
- Mobile
- Android
- Hardcoded credentials
- IOS
- Android
- Cloud
- RFID
- Firmware
- Look for the following
- Default passwords
- Common services
- Bin files
- URLs & IP Address
- Configuration files
- Look for the following
- Hardware
- Look for the following interfaces
- SPI
- I2C
- UART
- Common Hardware Vulnerabilities
- Look for the following interfaces