Question

A security engineer is assessing a new IoT product. The product interfaces with the ODBII port of a vehicle and uses a Bluetooth connection to relay data to an onboard data logger located in the vehicle. The data logger can only transfer data over a custom USB cable. The engineer suspects a relay attack is possible against the cryptographic implementation used to secure messages between segments of the system.

Which of the following tools should the engineer use to confirm the analysis?

A. Vulnerability scanner
B. Wireless protocol analyzer
C. Log analysis and reduction tools
D. Network-based fuzzer

Answer 1

The security engineer should use a Wireless protocol analyzer to confirm the possibility of a relay attack on the cryptographic implementation between the IoT product and data logger by monitoring the Bluetooth traffic.

Step-by-step explanation:

To confirm the possibility of a relay attack on the cryptographic implementation securing messages between the IoT product and the data logger, the security engineer should use a Wireless protocol analyzer. This tool will allow the engineer to inspect the Bluetooth traffic between the IoT device and the data logger. By analyzing the cryptographic protocols and the actual data being transferred, the engineer can potentially identify weaknesses, such as replayed or unauthorized messages indicative of a relay attack.

A vulnerability scanner could be helpful more broadly in assessing known vulnerabilities, but it might not be able to analyze cryptographic issues at the level required. Log analysis and reduction tools might help in post-attack analysis, but they are not suitable for real-time cryptographic analysis. A network-based fuzzer would be effective in identifying input-related vulnerabilities and could be used to test the robustness of the protocol against malformed input, but it is not the best tool for investigating a potential relay attack.