Our book “Practical IoT Hacking” was finally published by No Starch Press! We had been working on it for the past two years and thought that I would give a brief overview of how it came to be.
This book wasn’t to be about IoT initially - in fact, the original proposal had nothing to do with IoT hacking. The first idea proposal we sent to Bill Pollock at No Starch Press was about analyzing and attacking the authentication of network protocols. This came naturally as I had created Ncrack, the network authentication cracking tool of the Nmap project, Evangelos had contributed to it during Google Summer of Code 2017, at which I had mentored, and Paulino has been a long-time core member of the Nmap-dev community.
The first team was just the three of us. I knew Evangelos Deirmentzoglou because of our common past employment at CENSUS, a highly reputable security consulting company with clients worldwide. Paulino Calderon I knew from our involvement in the Nmap project - from general code contributions to participating in Google Summer of Code programs.
So my initial thought was that we would explore authentication protocols in a way similar to this. Bill’s feedback, however, was that this would likely have a very niche audience and was better suited as a series of blog posts, instead of a book.
Therefore, we then pivoted to the idea of medical device hacking. This was another field that I had particular experience in because of my job as principal security engineer at the Clinical Information Security department of Mayo Clinic. Evangelos also had a background in pentesting medical devices from past gigs and Paulino had general IoT experience and was already a published author with two books on Nmap and NSE. We wrote another 10-page proposal on how we would showcase techniques to attack and defend implantable pacemakers, infusion pumps, blood analyzers and ultrasound machines among other things.
At that time, I asked Beau Woods to join our team. I had worked with Beau in organizing the CTF of the Biohacking Village at DEF CON in the summer of that year (DEF CON 26 - 2018) along with some of my colleagues at Mayo Clinic. We also organized the Biohacking Village CTF for DEF CON 27 the following summer. Beau is actively involved in the I Am The Cavalry grassroots initiative, the Biohacking Village at DEF CON (and others) and would provide valuable consulting and networking for our team.
This time, Bill’s feedback was overwhelmingly more positive but he still thought we should target an even broader audience by encompassing a superset of medical devices: IoT. That’s how we came to the current version of the book.
Enter “Practical IoT Hacking”. Of course the title wasn’t even finalized yet back then - we had other title ideas like “Hack All the Things” or “How to Hack Every THING: Attacking and Defending the Internet of Things” and others before deciding on the current one - which was actually proposed by No Starch Press themselves.
At that point, I had George Chatzisofroniou join our effort by providing us valuable consultation on the Wi-Fi chapter. This was no accident as George is the creator of wifiphisher and has extensive knowledge on Wi-Fi attacks. He’s also a contributor to the Nmap project, a past colleague at CENSUS and a then newly hired colleague at Mayo Clinic.
Ioannis Stais joined as the fifth and final official member of the team shortly afterwards. We had collaborated with Ioannis in the past at CENSUS as well. He has a very broad background in information security, both in research and in leading red teams, and his contribution to the book has been immense.
After deciding on the overall direction of the book, we still had to revise the actual contents of the chapters multiple times. As we progressed on our research of which protocols, target devices and tools to demonstrate, we had to iterate and refine each individual chapter. We scheduled monthly voice calls for setting long-term goals but had weekly (and sometimes daily) interaction on WhatsApp and on google docs. The hardest part was to maintain consistency on reaching our intermediary milestones for each chapter, since the book was a side-project for all of us and time to work on it would vary greatly between each author and during different time periods. It was also tough to estimate how many weeks (or months) each chapter would take in total, especially in the beginning when we had to go through multiple idea iterations and conduct all the required research to decide what to include and what to omit.
It’s worthwhile pointing out that there were a handful of topics in the book that we had never tackled with in the past so researching them took even more time. A prominent such example was LoRa/LoRaWAN for which I knew almost nothing about before and had no equipment for it either. However, I still thought that it would be a great addition to our book since it has recently seen wide adoption and hasn’t been demonstrated in any other IoT-related books. As I described in the previous article about “What writing my first book taught me”, teaching is learning.
It took us about two years to finish the book - we had initially estimated to take us only one. It took us one year and a few months to have most of the chapters in draft form but refining them, having them reviewed by No Starch Press and their rigorous process and finalizing them brought us to a total of two years. In my view, the extra effort was well worth it. We hope you enjoy the book and learn from it at least as much as we did writing it!