Hello. I am new to Bugcrowd and bug bounty hunting, and I’ve recently delved into the world of IoT pentesting. While I’m not new to web application testing, I decided to pursue a different route and learn more about IoT security. I find it extremely fascinating, and I’m excited to start finding bugs in IoT devices.
I’m aware that there are far fewer programs pertaining to IoT devices, which is part of the reason why I decided to get started in that area. I’ve also noticed that there are far fewer resources available, and more so, I’ve found that it’s not extremely common to see IoT vulnerabilities disclosed publicly. While I’m aware of the resources on this forum and I’ve read at least parts of the IoT Hacker’s Handbook, I learn best by example, and as a newcomer to the IoT world I’m curious as to what classes of IoT vulnerability are the most common. My question boils down to this: What are the most common types of IoT vulnerability reports that get accepted? Should I familiarize myself with ARM binary exploitation? Is a private SSL certificate for use with the web application found on the firmware a valid vulnerability? Or is it mainly only common to find bugs in mobile app to device communication? Just to clarify; I’m not asking for help finding resources on how to learn about IoT pentesting. I am capable of doing research. I’m simply asking what are some of the most common things that people prioritize when looking for IoT bugs. Speaking candidly with someone who is experienced in finding valid IoT bugs would be extremely helpful to me as a beginner.
Thank you for taking the time.