Practical IoT Hacking Cover

Practical IoT Hacking

The Definitive Guide to Attacking the Internet of Things
by Fotios Chantzis, Ioannis Stais, Paulino Calderon, Evangelos Deirmentzoglou, Beau Woods
March 2021, 464 pp.
Use coupon code PREORDER to get 25% off!


You can find the book's downloadable resources and latest updates on GitHub.

Practical IoT Hacking isn’t just another security book – it’s a philosophy on security testing developed by hackers for hackers, with a focus on concepts and techniques that will quickly get you testing actual IoT systems, devices and protocols.

The book starts with an introduction to the IoT security world, walking you through common IoT threats and giving you a framework for threat modeling that includes breaking down the architecture into components and using attack trees to identify threats. You’ll develop a security testing methodology, discover the silent art of passive reconnaissance, and conduct holistic manual security assessments on all layers of an IoT system. From there, you’ll enter the IoT network and perform VLAN hopping, crack MQTT authentication, punch holes through firewalls by abusing UPnP, develop an mDNS poisoner, and craft WS-Discovery attacks.

Later chapters deal specifically with hardware hacking, where you’ll uncover the inner workings of UART and JTAG/SWD, and explore how to leverage bus protocols (SPI, I²C) to attack embedded IoT devices. Radio hacking is also covered in-depth, with the authors demonstrating a variety of attacks against RFID systems, like cloning access cards, showing how to develop a LoRa traffic sniffer and helping you master techniques for attacking the Bluetooth Low Energy (BLE) protocol.

You’ll learn:

  • Common IoT threats, like signal-jamming, replay, and hardware-integrity attacks
  • Methods and tools for analyzing network protocols, like developing a Wireshark dissector for the DICOM protocol and writing a DICOM service scanner as an Nmap Scripting Engine (NSE) module
  • The DICOM protocol, and how to write a DICOM service scanner for the NSE module
  • How to hack a microcontroller through UART and SWD (Serial Wire Debug) interfaces
  • Techniques for reverse engineering firmware and analyzing mobile companion apps (both Android and iOS)
  • How to develop your own NFC fuzzer using Proxmark3
  • Wi-Fi association attacks against wireless clients, and ways of abusing Wi-Fi Direct
  • Techniques for hacking the smart home, like jamming wireless alarms, playing back IP camera feeds, and taking control of a smart treadmill

The authors demonstrate tools and use susceptible devices that are affordable and easy to obtain, so you can practice on your own throughout the book. In addition, there are custom code examples and proof-of-concept exploits that you can download from the book’s GitHub page:

Author Bio 

Fotios (Fotis) Chantzis is laying the foundation for a safe and secure Artificial General Intelligence (AGI) at OpenAI. He has been a member of the core Nmap development team since 2009 and is the creator of Ncrack, Nmap's network authentication cracking tool.

Ioannis Stais is a senior IT security researcher and Head of Red Teaming at CENSUS S.A. He has presented in the past in security conferences such as Black Hat Europe, Troopers and Security Bsides.

Paulino Calderon is a published author and international speaker with over 12 years of experience in network and application security. When he isn’t traveling to security conferences or consulting for Fortune 500 companies with Websec, a company he co-founded in 2011, he spends peaceful days enjoying the beach in Cozumel, Mexico.

Evangelos Deirmentzoglou is an information security professional interested in solving security problems at scale. He led and structured the cybersecurity capability of the financial tech startup Revolut. A member of the open-source community since 2015, he has made multiple contributions to Nmap and Ncrack.

Beau Woods is a cyber safety innovation fellow with the Atlantic Council and a leader with the I Am The Cavalry grassroots initiative. He is also the founder and CEO of Stratigos Security and sits on the board of several nonprofits. Beau is a published author and frequent public speaker.

Table of contents 



Part One: The IoT Threat Landscape
Chapter 1: The IoT Security World
Chapter 2: Threat Modeling
Chapter 3: A Security Testing Methodology

Part Two: Network Hacking
Chapter 4: Network Assessments
Chapter 5: Analyzing Network Protocols
Chapter 6: Exploiting Zero-configuration Networking

Part Three: Hardware Hacking
Chapter 7: UART and JTAG Exploitation
Chapter 8: Hacking SPI and I2C
Chapter 9: Firmware Hacking

Part Four: Radio Hacking
Chapter 10: Short Range Radio: Abusing RFID
Chapter 11: Bluetooth Low Energy
Chapter 12: Medium Range Radio: Hacking Wi-Fi
Chapter 13: Long Range Radio: LPWAN

Part Five: Targeting the IoT Ecosystem
Chapter 14: Attacking Mobile Applications
Chapter 15: Hacking the Smart Home

Appendix A: Tools for IoT Hacking

View the Copyright Page
View the detailed Table of Contents
View the Index


"I recommend this book to anyone technical who manufactures IoT devices or anyone with IoT devices in their homes or enterprise. At a time when securing our systems and protecting our information has never been more important, this book hits the mark. I’m truly excited for this book, seeing the work that was put into it, and I know it will help us design a more secure IoT infrastructure in the future."
—Dave Kennedy, founder of TrustedSec, Binary Defense