xorl %eax, %eax

Practical IoT Hacking: The Definitive Guide to Attacking the Internet of Things

leave a comment »

A month or so ago, I was thrilled when I saw that this book was published. First because it covers a very interesting topic that not a lot of information of that level of detail was ever consolidated so nicely to a single place before, and secondly because one of the authors is an old friend of mine, Fotios Chantzis (AKA ithilgore).


The reasons why it took me so long to write about it was because I had to study it and it’s quite extensive, including several hands-on exercises and even VMs to run them on! It’s a large (464 pages long) book but it doesn’t fill this space with unnecessary information. It’s a book that can get anyone without any prior knowledge of IoT hacking and raise them to a level that they’d feel comfortable with debugging hardware devices, understanding the most common exploitation avenues, and have a solid foundation for the most frequently used protocols and standards.


Table of contents 



Part One: The IoT Threat Landscape
Chapter 1: The IoT Security World
Chapter 2: Threat Modeling
Chapter 3: A Security Testing Methodology

Part Two: Network Hacking
Chapter 4: Network Assessments
Chapter 5: Analyzing Network Protocols
Chapter 6: Exploiting Zero-configuration Networking

Part Three: Hardware Hacking
Chapter 7: UART, JTAG, and SWD Exploitation
Chapter 8: Hacking SPI and I2C
Chapter 9: Firmware Hacking

Part Four: Radio Hacking
Chapter 10: Short Range Radio: Abusing RFID
Chapter 11: Bluetooth Low Energy
Chapter 12: Medium Range Radio: Hacking Wi-Fi
Chapter 13: Long Range Radio: LPWAN

Part Five: Targeting the IoT Ecosystem
Chapter 14: Attacking Mobile Applications
Chapter 15: Hacking the Smart Home

Appendix A: Tools for IoT Hacking


If you are an experienced IoT security researcher you might find some of the content too basic for you since the book assumes the reader has no prior experience with this field. However, even for those experienced IoT hackers, there are lots of in-depth details that you might not be aware of.

Now, if you are not that experienced but interested in this subject, then that’s the best resource that is currently available to get you from zero knowledge to a competent IoT security researcher. 

I know F. Chantzis for almost two decades now and from the day he started working on this I was certain the end result would be a world-class book. Just to be clear, I am not discrediting the other authors and contributors, just saying that knowing Fotis I had no doubt that he wouldn’t let something below perfect to be released with his name attached to it.

To summarize, this is the most complete IoT hacking book to get someone with no knowledge of the domain or even a seasoned professional, and elevate them to level where they won’t just feel comfortable performing IoT security research, but they’d also have all the required skills to do so.

Written by xorl

March 29, 2021 at 13:51

Posted in books

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: