GitHub Discord LinkedIn X

GitHub Discord LinkedIn X

HardBreak - Hardware Hacking Wiki
Introduction
Hardware Hacking
Network Analysis
Radio Hacking
Contribute
- How to contribute
- Gitbook - Basics
About

Powered by GitBook

On this page

Was this helpful?

Hardware Hacking

Reconnaissance

Closed device

OSINT (search the web)

PreviousClosed device NextUSB Ports / SD-card

Last updated 2 months ago

OSINT (Open Source Intelligence) is the practice of collecting information from publicly available resources. In the context of IoT (Internet of Things) devices, this refers to gathering intelligence from a variety of sources to understand the ecosystem, identify potential vulnerabilities, or profile devices connected to networks. OSINT for a device is often overlooked. What to look for:

1. Documentation

Manufacturers release documentation detailing device functionalities.
Key actions include Backup, USB Port usage, and Firmware Updates.

2. Firmware Updates

Public firmware may be available on manufacturers' websites.
Allows for reverse engineering without dumping firmware directly from the device.

3. Default Credentials

Devices often come with default credentials that are easily exploitable, check websites for them
A great database of default passwords can be found on Github

4. Lookout for CVEs and blogs

Community forums may reveal unreported vulnerabilities.
Security research papers can highlight known exploits and weaknesses.
Search on CVEdetails for your target or vendor

5. FCC ID

If your device can transmit data over radio frequencies and is sold in the USA, it requires an FCC ID
Often you can find it somewhere on the device label:

On https://fccid.io/ you can search the FCC ID and will get documentation, external photos and very interesting for us: Internal photos

Here an example, where we can already spot a potential debug interface:

1. Documentation
2. Firmware Updates
3. Default Credentials
4. Lookout for CVEs and blogs
5. FCC ID