search
GitHubDiscordLinkedInX
githubEdit

magnifying-glassOSINT (search the web)

OSINT (Open Source Intelligence) is the practice of collecting information from publicly available resources. In the context of IoT (Internet of Things) devices, this refers to gathering intelligence from a variety of sources to understand the ecosystem, identify potential vulnerabilities, or profile devices connected to networks. OSINT for a device is often overlooked. What to look for:

hashtag
1. Documentation

  • Manufacturers release documentation detailing device functionalities.

  • Key actions include Backup, USB Port usage, and Firmware Updates.

Search for user manuals or documentation of your target

hashtag
2. Firmware Updates

  • Public firmware may be available on manufacturers' websites.

  • Allows for reverse engineering without dumping firmware directly from the device.

Example: Netgear offers free firmware downloads

hashtag
3. Default Credentials

  • Devices often come with default credentials that are easily exploitable, check websites for them

  • A great database of default passwords can be found on Githubarrow-up-right

hashtag
4. Lookout for CVEs and blogs

  • Community forums may reveal unreported vulnerabilities.

  • Security research papers can highlight known exploits and weaknesses.

  • Search on CVEdetailsarrow-up-right for your target or vendor

hashtag
5. FCC ID

  • If your device can transmit data over radio frequencies and is sold in the USA, it requires an FCC ID

  • Often you can find it somewhere on the device label:

FCC ID found
Internal Photos of target device

  • Here an example, where we can already spot a potential debug interface:

Potential UART found on FCC picture
PreviousClosed deviceNextUSB Ports / SD-card

Last updated