OSINT (search the web)

OSINT (Open Source Intelligence) is the practice of collecting information from publicly available resources. In the context of IoT (Internet of Things) devices, this refers to gathering intelligence from a variety of sources to understand the ecosystem, identify potential vulnerabilities, or profile devices connected to networks. OSINT for a device is often overlooked. What to look for:

1. Documentation

• Manufacturers release documentation detailing device functionalities.

• Key actions include Backup, USB Port usage, and Firmware Updates.

2. Firmware Updates

• Public firmware may be available on manufacturers' websites.

• Allows for reverse engineering without dumping firmware directly from the device.

3. Default Credentials

• Devices often come with default credentials that are easily exploitable, check websites for them

• A great database of default passwords can be found on Github

4. Lookout for CVEs and blogs

• Community forums may reveal unreported vulnerabilities.

• Security research papers can highlight known exploits and weaknesses.

• Search on CVEdetails for your target or vendor

5. FCC ID

• If your device can transmit data over radio frequencies and is sold in the USA, it requires an FCC ID

• Often you can find it somewhere on the device label:

• On https://fccid.io/ you can search the FCC ID and will get documentation, external photos and very interesting for us: Internal photos

• Here an example, where we can already spot a potential debug interface: