One of the main reasons I decided to get stuck into embedded stuff with the ESP* nodes, mesh networks, and IoT, was to shift the discussion away from how crap most IoT is (and it is, I will admit) into how one might go about securing it.
Today I performed a lengthy Threat Modeling exercise against my setup, including creating network architecture diagrams with data flows (including protocols/ports, etc), classification of data, and how it is stored/transmitted.

The idea was to hopefully share this process so
that others can see the benefit of doing a threat model, how it forces you to understand what you have and also create countermeasures for common threats.

It is easy to pwn IoT and feel smug about it but there aren't many showing how you harden and therein lies my concern
The first thing is that NO ONE documents their stuff. This is a major issue in our industry. Really poor network architecture diagrams with no data flows, where data is stored, protocols used, etc.

Seriously you cannot protect what you don't know home assistant architecture
My @home_assistant setup is small but has enough in there that means it is a risk to a number of threats. At least now I have a single place.

I'm using @IriusRisk here btw, it friggin rocks. Truly this is not the STRIDE model from decades ago. home assistant threats
Cool so lots to fix and here is where I add my countermeasures. How am I going to fix this and this is why I love threat models, they give you a friggin' list! threat model countermeasuresthreat model countermeasures
For example, I have the following threats assigned to sensors. Crap, some l337 hacker with a pineapple could get access to the wifi network and sniff traffic or manipulate the OTA update process.

That's bad threat model threats
Doing a penetration test against the setup (which everyone does I'm sure), I can see this is indeed a threat no crypto no love
So countermeasure would be something like this:
Ok adding a custom countermeasure be like and testing it be like...winna winna chikin dinna, that is no longer a threat and we mark it as so. custom countermeasure
Threat models aren't new, but it's the one thing this industry still doesn't like or do as much as we should do. Yes they are long, yes they can be boring but they are also fundamental to building secure $THINGS
Anyway I've gone on enough, here's the full threat model for those vaguely interested

github.com/danielcuthbert…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Daniel Cuthbert

Daniel Cuthbert Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @dcuthbert

11 Oct
Genuine question, not a troll. With yet another memory corruption vuln in iOS, CVE-2021-30883, why are tools like developer.apple.com/documentation/… not finding them?

What is happening with the code base to result in so many memory bugs? Is this too hard a problem to solve?
In July, this amazing post appeared that delved into what was a problem back then saaramar.github.io/IOMobileFrameB…
This stood out for me. No checks on input? Really?
Read 5 tweets
11 Oct
Nerd hour!

I wanted to create an automation that monitored Los Diablos's room temperature and turn on the fan when it hit a level. We've done such an amazing job insulating their room that it gets hot, very hot.

First, I need a name for this: Blåser
Next up, I need to turn on the old fan so for that, I need some plugs I can control. Because I now know the ESP8266 chipset well, I hunted around for something with that so I could flash it.

Hej min lilla vän, u so cute Sonoff plugs
Sonoff make the S26 that fits the bill sonoff.tech/product-docume…

Well, opening up time I guess? Sonoff S26 internals
Read 10 tweets
10 Oct
Sunday Nerd Sessions: Noise protocol and API encryption.

For those who aren't familiar with noise (as the dad of twin boys, by god am I, it's relentless), it's an epic protocol that allows you to create really simple crypto protocols noiseprotocol.org
Noise is based on the Diffie-Hellman key agreement. Both parties exchange DH public keys, perform a sequence of DH operations, then hash the DH results into a shared secret key. This is all part of the initial handshake.
What I like about Noise is that the exchange of ephemeral keys is standard, and this means perfect forward secrecy. Yup, the same thing Signal protocol uses.

But dude, who gives a?

Well my mini cactus deserves privacy like you and I do and this is one of the issues with IoT
Read 10 tweets
2 Aug
My wife and I are launching a new business and this week is menu prep and creation. Takoyakis made with proper Katsuobishi and Nori.

All hand made and yeah I think these will be popular Image
Second menu option testing. Chicken laksa curry learned from our time living in Singapore. We struggle to get a proper laksa here in London so time to change that. Image
Our take on a Malay/Singaporean classic Image
Read 5 tweets
1 Aug
It's a Sunday.
Kids are playing Lego
Wife is chilled

Guess this means it's teardown and tinker time with IKEAs indoor pollution sensor
Ok it's pretty well-designed. David Wahl is the designer, who's responsible for a lot of pretty damn good designs. Has usb-c to power but doesn't come with a cable.
Inside the beast.
Read 21 tweets
7 Jan
Sometimes you come across research that just blows you off your feet. This is that type of research

ninjalab.io/a-side-journey…
Simply put, Victor and Thomas performed a side-channel attack that targeted the Google Titan Security Key’s secure element (the NXP A700X chip)
Ok sure, side-channels are all the rage but they achieved this by observing local electromagnetic radiations made during ECDSA signatures (the core cryptographic operation of the FIDO U2F protocol)
Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

:(