With ever increases attack surfaces with IoT devices, physical hardening is also one of the important aspects of IoT Security. Many times these devices are being part of critical infrastructure and threat actors will desire to backdoor it abusing the OWASP top 10 vulnerabilities.
There are a majority of ways in which an Iot device can be compromised and exploited.
Let’s say your IoT product connects to the MQTT server remotely and exposes the root shell over UART, in this scenario an attacker can gain access to the device. After basic enumeration, they will find your credentials to connect to the MQTT instance on a device that you shipped to customers. And this MQTT server is being used for pushing sensor data and common for everyone since the same creds will be inside of the firmware on the production device. You can now understand how quickly one can escalate from physical to remote access in our own infrastructure.
One more example that can be added here is the case of smart locks. Often these fancy smart locks with fingerprint and mobile app-control lack a simple thing. Yes, you guess it right, it lacks physical hardening. See the video below really laughable case where you can just open the lock by removing three screws, despite having cool and advance technological features.
My personal one is supply chain attacks, for this, I would like to point out the wallet. fail research by Thomas Roth. He had found multiple vulnerabilities in 2018 for hardware-based cryptocurrency storage devices by Ledger. And none of these devices had any implementation to notify customers about physical tampering. In his talk at 35c3, he showcased a hardware implant to trigger malicious code remotely and was able to fit it inside that small device, in order to steal bitcoin transactions.
check out his research https://wallet.fail/
Mitigation for this class of OWASP top 10 vulnerabilities is fairly simple and already around us when you open screws in consumer devices such as laptops and smartphones they come with a colour coating that turns screw blue after coming in contact with air. It acts as an indicator of service personal to determine the warranty status of the product. Fairly simple but it can show whether the device has tampered with or not.