Identification of vulnerable code in an IoT node

0 votes
I want to identify instructions in a code which are vulnerable to tampering.

The code would be running on an IoT device with the identification of instructions from either the source code or just the executable(with no source code).

Does anyone know about some tools or techniques?

In a nutshell, how to automatically locate security-sensitive code?

 I do not have to use a tool to protect but devise a technique of my own to protect my code statements(written in C Language) which are vulnerable. Especially Anti-debugging statements. Are there any heuristics to find out the vulnerable statements in the code... like authentication points and Debugging checks?
Aug 30, 2018 in IoT (Internet of Things) by Upasana
• 8,530 points
30 views

1 answer to this question.

0 votes

The software running on a device is no different than one running on a web server or a local PC.

You can look at all the individual components in your setup that might expose a vulnerability.

It contains:

  1. The device (often running C or C++ code)
  2. The connection to the cloud (like, https or a messaging service)
  3. The API to the cloud (often a RESTful API)
  4. The software on the cloud itself

You can go through these ones by one and identify what might be wrong. As a rule of thumb, you can always try to find the spot where an outside connection is made.

Following those four steps

  1. Check if the code can be tempered with before an outside connection is made. If your code is compiled and makes an outside connection, try to find an alternative that you can validate.
  2. Check certificates, messaging protocols etc. Makes sure all connections are following safety standards.
  3. Make sure your API follows proper RESTful security measures.
  4. Validate the software in the cloud, check certificates and use something like OATH.

Last, check services like https://www.checkmarx.com/

answered Aug 30, 2018 by Annie97
• 2,190 points

Related Questions In IoT (Internet of Things)

0 votes
1 answer

RPMs for IoT Agents of Backend Device Management GE in FIWARE IoT ecosystem

The RPMs for IDAS component are availaible. ...READ MORE

answered Jul 29, 2018 in IoT (Internet of Things) by DataKing99
• 8,130 points
51 views
0 votes
1 answer

The MQTT folder is missing in Bluemix IoT NodeJS code,

IoT-Workbench now uses new improved code generation ...READ MORE

answered Aug 8, 2018 in IoT (Internet of Things) by anonymous2
• 4,260 points
64 views
0 votes
1 answer

Need of mqtt broker in IoT Application

This is an architectural choice. IoT applications ...READ MORE

answered Sep 20, 2018 in IoT (Internet of Things) by anonymous2
• 4,260 points
176 views
0 votes
0 answers
0 votes
1 answer

IoT security - TLS/IPSec with AES

TBH, IPSec endpoints are really uncommon. And, ...READ MORE

answered Oct 15, 2018 in IoT (Internet of Things) by DataKing99
• 8,130 points
163 views
0 votes
1 answer

How do we authenticate user from http.signature.secret file?

hadoop.http.authentication.signature.secret.file: The signature secret file for signing ...READ MORE

answered Apr 24, 2018 in Big Data Hadoop by Shubham
• 13,300 points
168 views
0 votes
1 answer
0 votes
1 answer
0 votes
1 answer