HARDWARE ANALYSIS
An IoT device, in its generic form, can be defined as a tailored combination of hardware and software, mostly custom and the latter often not directly accessible to end-users. Hardware analysis addresses these needs through reverse engineering techniques applied at the PCB-level, in order to understand the inner workings an unknown IoT device. In the hardware context, the common goal for an attacker is retrieving the firmware, whenever unavailable, or tampering with the normal device execution (e.g., for debugging purposes).
Reply hardware analysis approaches can be broadly classified in two different solutions: passive and active.
First, passive PCB analysis consists in observing the device without interfering with its normal operations. As an example, this solution may include the following activities (the list is not all-inclusive): ICs identification (e.g. EEPROM, Flash, CPUs, etc.), Communication and debug interface to uncover insecure functionalities (JTAG, UART, I2C, SPI, etc.), Monitor data buses to identify protocols and determine exchanged data.
On the other side, active hardware analysis includes all those activities that involve some invasive action, including (but not limited to) the following: Live memory dumping though in-circuit techniques, De-soldering of non-volatile storage components from PCB, to extract their content (chip-off).