# OSINT (search the web)

OSINT (Open Source Intelligence) is the practice of collecting information from publicly available resources. In the context of IoT (Internet of Things) devices, this refers to gathering intelligence from a variety of sources to understand the ecosystem, identify potential vulnerabilities, or profile devices connected to networks. OSINT for a device is often overlooked. What to look for:

### **1. Documentation**

* Manufacturers release documentation detailing device functionalities.
* Key actions include Backup, USB Port usage, and Firmware Updates.

<figure><img src="/files/TTlQFRKfL02z2yRRA9E6" alt=""><figcaption><p>Search for user manuals or documentation of your target</p></figcaption></figure>

### **2. Firmware Updates**

* Public firmware may be available on manufacturers' websites.
* Allows for reverse engineering without dumping firmware directly from the device.

<figure><img src="/files/BAW3b9NDrHLyEZvKTYW7" alt=""><figcaption><p>Example: Netgear offers free firmware downloads</p></figcaption></figure>

### **3. Default Credentials**

* Devices often come with default credentials that are easily exploitable, check websites for them
* A great database of default passwords can be found on [Github](https://github.com/ihebski/DefaultCreds-cheat-sheet/blob/main/DefaultCreds-Cheat-Sheet.csv)

### **4. Lookout for CVEs and blogs**

* Community forums may reveal unreported vulnerabilities.
* Security research papers can highlight known exploits and weaknesses.
* Search on [CVEdetails](https://www.cvedetails.com/) for your target or vendor

### 5. FCC ID

* If your device can transmit data over radio frequencies and is sold in the USA, it requires an FCC ID
* Often you can find it somewhere on the device label:

<figure><img src="/files/o3cHySpIyUI1CVF6Scq6" alt="" width="383"><figcaption><p>FCC ID found</p></figcaption></figure>

* On <https://fccid.io/> you can search the FCC ID and will get documentation, external photos and very interesting for us: Internal photos

<figure><img src="/files/i4rx52H8qzoUV42Y9xjC" alt="" width="563"><figcaption><p>Internal Photos of target device</p></figcaption></figure>

* Here an example, where we can already spot a potential debug interface:

<figure><img src="/files/PrMProYnPABVrIgD8f72" alt="" width="563"><figcaption><p>Potential UART found on FCC picture</p></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://www.hardbreak.wiki/hardware-hacking/reconnaissance/closed-device/osint-search-the-web.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.