256 CHAPTER 13 Attacking Smart Devices In reviewing the resulting modules, we realized that Metasploit only contained exploits for two Apache vulnerabilities for the UNIX operating system. However, both these vulnerabilities were for plug-ins not installed or utilized by the TED 5000 Smart Device. At this point, it was apparent that the TED 5000 Smart Device was not going to be compromised via Exploit Testing. However, Exploit Testing is the culmination of the OSSTMM, and successfully exploiting vulner- abilities can allow attackers to perform subsequent attacks until they attain their ultimate objective. SUMMARY In Chapter 12, "Attacking Smart Meters," we discussed the common methodologies used to perform security testing. In this chapter, we applied ISECOM's OSSTMM methodology to attack smart devices. Much like smart meters, smart devices will be subject to those with access to them. However, unlike smart meters, the current availability of smart devices is widespread. While the successful compromise of a smart device will most likely have significantly less impact than a successful com-