Link Search Menu Expand Document

Things to hack

There are many potential targets for security assessments. Below are some suggestions, and if there is some product missing from the lab that you would like to use for your thesis you can head to the purchase form page.

  • Elk: The world’s fastest audio operating system
  • Power grid asset management equipment
  • Smart electricity meters
  • SCADA control system equipment such as programmable logic controllers (PLCs)
  • Open source IoT operating systems such as TinyOS, RIOT, Contiki, Mantis OS, Nano RK, LiteOS, FreeRTOS, Apache Mynewt, Zephyr OS, Ubuntu Core 16 (Snappy), ARM mbed, Yocto and Raspbian.
  • Google PlayStore 100M-user apps. Google offers a bug bounty on the biggest apps, which also vouches for the legality of security testing them.
  • Cloud providers with bug bounty programs, like Google Cloud Platform.
  • Alarm systems
  • nRF9160 which is used in a lot of IoT devices. Explore with Nordic Thingy:91.
  • JetBrain’s Code with Me. Jetbrains are a suspected attack vector in the recent SolarWinds attack.
  • Open source, like linux, nginx, apache, openssl, kvm, bash, vim, imagemagick, etc.
  • Sport-related equipment, e.g. Garmin’s sports watches, appear to feature large attack surfaces.
  • Health-related equipment, such as blood glucose meters, even pace makers, if we can get a hold of one
  • Smart power sockets and other home automation equipment
  • Smart glasses
  • VR headset
  • Robots
  • Baby monitors and similar home surveillance systems
  • Internet-connected toys (dolls with microphones, etc.)
  • Vehicle entertainment systems
  • Headphones
  • Industrial IoT (Cranes, heavy machinery, trucks)
  • Smart refrigerators
  • Connected pets?
  • Smart car alarms
  • Vehicles, e.g. electronic scooters
  • Electric mopeds (some come with GPS, smartphone apps and a kill switch, now-a-days).
  • OBD II dongles used to connect your smart phone to your car
  • Drones
  • Robot vacuum cleaners (particularly interesting if they have a camera)
  • Electronic door locks
  • Childrens’ smart watches

Division of Network and Systems Engineering | KTH