Google Cloud IoT Core Device Key
Service Name: Google Cloud IoT Core
Service Description: Google Cloud IoT Core is a fully managed service that allows you to easily and securely connect, manage, and ingest data from millions of globally dispersed devices. It provides a complete solution for collecting, processing, analyzing, and visualizing IoT data in real time.
Service Address: https://cloud.google.com/iot/docs
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the project level using VPC Service Controls and firewall rules.
Secret Access Scope: Grants authentication and access for IoT devices to connect to Google Cloud IoT Core, allowing devices to publish telemetry data and receive configuration updates.
Secret Revokement URL: https://cloud.google.com/iot/docs/how-tos/devices#delete-device
Secret Example:
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC+Z2mi8shZ9h0e
ekj1bq+P8bRfwIZ5pXYW9ULgezGJUXEJYT4l4hYYgCEEYHKJt7KxPXHgEgXHhCFCg
-----END PRIVATE KEY-----
Suspicious Activity Investigation Instructions:
- Review Cloud Audit Logs for unusual device authentication or data publishing patterns
- Check for unexpected device registrations or modifications in the IoT Core registry
- Monitor for unusual data transmission volumes or frequencies from devices
- Examine device state changes and configuration updates
- Review network traffic patterns for IoT devices connecting to Google Cloud
- Check for geographic anomalies in device connections
Mitigation Instructions:
- Navigate to the Google Cloud Console and open the IoT Core section
- Locate the affected device in the device registry
- Delete the compromised device credentials by selecting the device and clicking Delete credentials
- Generate new device credentials if the device is still needed
- Consider rotating all device credentials as a precautionary measure
- Update the device with the new credentials
- Review and strengthen IAM permissions for IoT Core device management
- Enable enhanced monitoring for IoT device activities
- Consider implementing device-level authentication policies