Skip to main content

Awesome Embedded and IoT Security

A curated list of awesome resources about embedded and IoT security. The list contains software and hardware tools, books, research papers and more.

Botnets like Mirai have proven that there is a need for more security in embedded and IoT devices. This list shall help beginners and experts to find helpful resources on the topic.
If you are a beginner, you should have a look at the Books and Case Studies sections.
If you want to start right away with your own analysis, you should give the Analysis Frameworks a try. They are easy to use and you do not need to be an expert to get first meaningful results.

Items marked with πŸ’Ά are comercial products.

Contents​

Software Tools​

Software tools for analyzing embedded/IoT devices and firmware.

Analysis Frameworks​

Analysis Tools​

  • Binwalk - Searches a binary for "interesting" stuff, as well as extracts arbitrary files.
  • emba - Analyze Linux-based firmware of embedded devices.
  • Firmadyne - Tries to emulate and pentest a firmware.
  • Firmwalker - Searches extracted firmware images for interesting files and information.
  • Firmware Slap - Discovering vulnerabilities in firmware through concolic analysis and function clustering.
  • Ghidra - Software Reverse Engineering suite; handles arbitrary binaries, if you provide CPU architecture and endianness of the binary.
  • Radare2 - Software Reverse Engineering framework, also handles popular formats and arbitrary binaries, has an extensive command line toolset.
  • Trommel - Searches extracted firmware images for interesting files and information.

Extraction Tools​

  • FACT Extractor - Detects container format automatically and executes the corresponding extraction tool.
  • Firmware Mod Kit - Extraction tools for several container formats.
  • The SRecord package - Collection of tools for manipulating EPROM files (can convert lots of binary formats).

Support Tools​

  • JTAGenum - Add JTAG capabilities to an Arduino.
  • OpenOCD - Free and Open On-Chip Debugging, In-System Programming and Boundary-Scan Testing.

Misc Tools​

  • Cotopaxi - Set of tools for security testing of Internet of Things devices using specific network IoT protocols.
  • dumpflash - Low-level NAND Flash dump and parsing utility.
  • flashrom - Tool for detecting, reading, writing, verifying and erasing flash chips.
  • Samsung Firmware Magic - Decrypt Samsung SSD firmware updates.

Hardware Tools​

  • Bus Blaster - Detects and interacts with hardware debug ports like UART and JTAG.
  • Bus Pirate - Detects and interacts with hardware debug ports like UART and JTAG.
  • Shikra - Detects and interacts with hardware debug ports like UART and JTAG. Among other protocols.
  • JTAGULATOR - Detects JTAG Pinouts fast.
  • Saleae - Easy to use Logic Analyzer that support many protocols πŸ’Ά.
  • Ikalogic - Alternative to Saleae logic analyzers πŸ’Ά.
  • HydraBus - Open source multi-tool hardware similar to the BusPirate but with NFC capabilities.
  • ChipWhisperer - Detects Glitch/Side-channel attacks.
  • Glasgow - Tool for exploring and debugging different digital interfaces.
  • J-Link - J-Link offers USB powered JTAG debug probes for multiple different CPU cores πŸ’Ά.

Bluetooth BLE Tools​

  • UberTooth One - Open source 2.4 GHz wireless development platform suitable for Bluetooth experimentation.
  • Bluefruit LE Sniffer - Easy to use Bluetooth Low Energy sniffer.

ZigBee Tools​

  • ApiMote - ZigBee security research hardware for learning about and evaluating the security of IEEE 802.15.4/ZigBee systems. Killerbee compatible.
  • Atmel RZUSBstick - Discontinued product. Lucky if you have one! - Tool for development, debugging and demonstration of a wide range of low power wireless applications including IEEE 802.15.4, 6LoWPAN, and ZigBee networks. Killerbee compatible.
  • Freakduino - Low Cost Battery Operated Wireless Arduino Board that can be turned into a IEEE 802.15.4 protocol sniffer.

SDR Tools​

  • RTL-SDR - Cheapest SDR for beginners. It is a computer based radio scanner for receiving live radio signals frequencies from 500 kHz up to 1.75 GHz.
  • HackRF One - Software Defined Radio peripheral capable of transmission or reception of radio signals from 1 MHz to 6 GHz (half-duplex).
  • YardStick One - Half-duplex sub-1 GHz wireless transceiver.
  • LimeSDR - Software Defined Radio peripheral capable of transmission or reception of radio signals from 100 KHz to 3.8 GHz (full-duplex).
  • BladeRF 2.0 - Software Defined Radio peripheral capable of transmission or reception of radio signals from 47 MHz to 6 GHz (full-duplex).
  • USRP B Series - Software Defined Radio peripheral capable of transmission or reception of radio signals from 70 MHz to 6 GHz (full-duplex).

RFID NFC Tools​

  • Proxmark 3 RDV4 - Powerful general purpose RFID tool. From Low Frequency (125kHz) to High Frequency (13.56MHz) tags.
  • ChamaleonMini - Programmable, portable tool for NFC security analysis.
  • HydraNFC - Powerful 13.56MHz RFID / NFC platform. Read / write / crack / sniff / emulate.

Books​

Research Papers​

Case Studies​

Free Training​

Websites​

Blogs​

Tutorials and Technical Background​

Conferences​

Conferences focused on embedded and/or IoT security.

  • Hardwear.io
    • EU, The Hague, September.
    • USA, Santa Clara, June.

Contribute​

Contributions welcome! Read the contribution guidelines first.

License​

https://creativecommons.org/publicdomain/zero/1.0/

To the extent possible under law, Fraunhofer FKIE has waived all copyright and related or neighboring rights to this work.

Contribute to this list: https://github.com/fkie-cad/awesome-embedded-and-iot-security