OWASP IoT (Internet of Things) Top 10 - 2014 Introductions: In Todays world things of everyday are becoming smart, every hour hundreds and thousands of smart devices are being added to the Internet whether it is a Toaster, Camera, Refrigerator, T.Vs, Cars etc. So it can be a target of attackers easily, here comes OWASP IoT Top 10 to address this issue. OWASP IoT Top 10 is designed to make the everyday devices secure on same lines of guidelines by OWASP TOP 10 for applications. The OWASP Internet of Things Top 10 - 2014 is as follows: I1 – Insecure Web Interface I2 – Insufficient Authentication/Authorization I3 – Insecure Network Services I4 – Lack of Transport Encryption I5 – Privacy Concerns I6 – Insecure Cloud Interface I7 – Insecure Mobile Interface I8 – Insufficient Security Configurability I9 – Insecure Software/Firmware I10 – Poor Physical Security How to test for OWASP IoT Top 10 I1 – Insecure Web Interface: Everyday devices have web ser
Lab 6 Advanced Encryption Today we are going to see the solution of basic encryption post in that no encryption was used for sensitive info. The solution is implementing the encryption and that we will try to bypass the encryption implementation as some times the developers store the hardcoded encryption key in the app itself. For this you need to install the BasicEncryptionSolution.apk. Now start this app and configure the credentials. Now app is configured and credentials are also stored as per design in preferences.xml but I am expecting some sort of encryption now as we have installed solution for this flaw. Browse to the /data/data/com.securitycompass.androidlabs.basicencryptionsolution/shared_prefs as you can see that all the credentials are encrypted. So now we go and disassemble the app and try to figure out is there any key hardcoded key in the app. You can disassemble the app by using EasyApkDisassembler tool as i d