HardSploit: A Framework To Audit IoT Devices Security.

Image:Informationsecuritybuzz.com

IoT or the Internet Of Things is gaining popularity rapidly and at the same time, their security is also becoming a matter of concern. Recently there has been reports about various IoTs being vulnerable to hacking, like hacking baby monitors, Hacking Smart Cars, Hacking Gas Stations & Blowing them up and even Smart Fridges which can lead to compromising Gmail accounts. So far there is no comprehensive tool dedicated specially for auditing the security of Internet Of things.

Need for a new framework to audit Electronics/Embedded systems security.

There are many tools for assessing the security of web applications, computers, network devices etc. However according to the makers of HardSploit

"The technical knowledge needed to assess the security level of electronic equipment aren’t generally acquired by stakeholders (industry, software or IT security consultants, software pentesters etc.). This type of audit requires a wide range of electronics skills like analog signal processing, FPGA or the use of specific measurement tools(oscilloscope, logic analyzer, etc.)." 

Hence they have developed a dedicated tool to audit the IoTs and thus HardSploit was born.

What is HardSploit?

HardSploit is an all-in-one hacking tool for hardware security audits, especially for the IoT devices. It is a complete toolbox (Hardware + Software), a Framework which aims to:

• Facilitate the audit of electronic systems for industry ‘security’ workers (Consultant, Auditor, Pentesters, product designer etc.) 
• Increase the level of security (and trust!) of new communicating products designed by industry 

According to the creators, HardSploit is a tool with software and electronic aspects. They called it a framework because that is a technical and modular platform (using FPGA) to perform security tests on electronic communications interfaces of embedded devices.

      

Features & Functions Of HardSploit

HardSploit comprises of  hardware security audit functions like

• Sniffer,
• Scanner,
• Proxy,
• Interact,
• Dump memory

Significance Of HardSploit Project

It also helps the pen-tester to intercept, replay and/or and send data via each type of electronic bus used by the Hardware Target.

It has also got an important feature called Assisted visual wiring function, which provides a GUI interface for all the devices connected.

Conclusion:

HardSploit is an absolutely game-changer in the field of IoT security. It sounds similar to Metasploit, the popular framework for computer hacking and security audits. The software part of the HardSploit is compatible with Metasploit and other existing tools. Hope it will soon be the Metasploit framework of embedded systems/electronics. More details can be found at the developer's site. 

Also Read: IoT Security: Hacking Baby Monitors. 
                    IoT Security: Hacking Gmail With Fridge.