🎯 Goal
Learn to assess and secure Internet of Things devices and embedded systems—from hardware interfaces to firmware, communication protocols, and cloud backends. This path covers reverse engineering, hardware hacking, and securing constrained devices.
🔑 Key Skills to Learn
- Embedded Systems Basics: Microcontrollers, SoCs, memory (Flash, EEPROM, RAM), bootloaders (U-Boot, barebox), real-time operating systems (FreeRTOS, Zephyr).
- Hardware Interfaces & Debugging: UART, JTAG, SWD, SPI, I²C – identifying, connecting, and extracting firmware or logging.
- Firmware Extraction & Analysis: Obtaining firmware from flash chips (using programmers, logic analyzers), downloading from vendor sites, unpacking (binwalk, unsquashfs).
- Firmware Reverse Engineering: Static analysis with Ghidra/IDA (ARM, MIPS, Xtensa), hardcoded secrets, backdoor accounts.
- Communication Protocol Analysis: BLE, Zigbee, Z-Wave, MQTT, CoAP, LoRaWAN – sniffing, replay, and injection attacks.
- Hardware Hacking: Voltage glitching, side-channel analysis (introductory), secure boot bypass, debug interface abuse.
- IoT Cloud & API Security: How devices authenticate to cloud (MQTT over TLS, device certificates), mobile app-to-device communication, API vulnerabilities in IoT platforms.
- Supply Chain & Lifecycle Security: Secure boot, firmware signing, OTA update mechanisms and their flaws.
🛠️ Essential Tools & Technologies
| Tool | Purpose |
|---|---|
| Binwalk | Firmware analysis and extraction tool. |
| Ghidra / IDA Free | Disassemble and decompile firmware binaries (ARM, MIPS, etc.). |
| Bus Pirate / Logic Analyzer (Saleae clone) | Interfacing with UART, SPI, I²C, and sniffing communication. |
| JTAGulator | Identify JTAG/SWD pinouts on unknown boards. |
| flashrom / CH341A programmer | Read/write SPI flash chips (firmware extraction). |
| Wireshark | Analyze MQTT, CoAP, BLE (with a sniffer) traffic. |
| Bettercap / Gattacker | BLE and Wi-Fi manipulation tools. |
| Firmwalker | Scan extracted firmware for common vulnerabilities (scripts, passwords). |
| EMBA / FACT | Automated firmware security analysis platforms. |
| Proxmark3 / Chameleon | RFID/NFC analysis and emulation (relevant for IoT access control). |
📖 Free Learning Resources
- Hardware Hacking 101 (Workshop by Badge.Team) – Free slide decks and exercises. Search online.
- IoT Security 101 (Smart Home Inspector) – Free practical guide and labs by OWASP. Link
- OWASP IoT Top 10 – Most critical risks for IoT devices. Link
- Flashback – The DEF CON IoT Village Talks – YouTube channel with years of free presentations. Link
- Joe FitzPatrick (securinghardware.com) – Free training content on hardware hacking and fault injection. Link
- Hackaday.io / Hackster.io – Community projects and tutorials on embedded devices and reverse engineering.
- Opensource Embedded/IoT Security Projects (GitHub) – Search "awesome-embedded-security" for a curated list of tools and resources. Link
- Microcorruption (Embedded CTF) – Browser-based MSP430 microcontroller exploitation challenges. Link
🔗 Roadmap Placement
- Prerequisites: Strong Linux, basic programming (C, Python), and ideally some reverse engineering fundamentals. Knowledge of electronics is helpful but can be learned alongside.
- Directly Enables: IoT Security Researcher, Embedded Security Engineer, Product Security roles in consumer electronics, automotive or medical device security.
- Next Steps: Specialize further in Automotive Security, Industrial Control Systems (ICS/SCADA), or Medical Device Security.