- Lack of security
- Speed at which IoT is advancing makes it harder to keep up with evolving security requirements.
- Being short on processing power and memory leads to lack of security solutions and encryption protocols.
- Vulnerable interfaces
- For both device interfaces and other interfaces (e.g. cloud) it interacts with
- E.g. lack of authentication/authorization, lacking or weak encryption, and a lack of input and output filtering.
- Physical security risk
- Cannot secure them as traditional devices by e.g. the storage of routers in secure cabinets
- Lack of vendor support
- The support of a certain device may get discontinued
- Difficult to update firmware and OS
- Some require manual intervention to be upgraded, some cannot be upgraded at all
- Being compliant makes harder to do changes to e.g. medical devices.
- Interoperability issues
- Interoperability: "the ability to make systems and organizations work together" | Wikipedia
- Each solution provides its own IoT infrastructure, devices, APIs, and data formats
- Caused by competitive nature of IoT e.g. vendor lock-in
- OWASP Internet of Things Top Ten was introduced in 2004 and updated in 2018
- Weak, guessable, or hardcoded passwords
- Use of easily bruteforced, publicly available, or unchangeable credentials
- Including backdoors in firmware or client software that grants unauthorized access to deployed systems
- Insecure network services
- Unneeded or insecure network services running on the device itself
- Bigger threat for those that are expose to the internet
- Allows compromise confidentiality, integrity/authenticity, or availability of information or allow unauthorized remote control...
- Insecure ecosystem interfaces
- Includes web, backend API, cloud, or mobile interfaces outside of the device
- Allows compromise of the device or its related components.
- E.g. lack of authentication/authorization, lacking or weak encryption, a lack of input and output filtering.
- Lack of secure update mechanism
- Lack of firmware validation on device
- Lack of secure delivery (un-encrypted in transit)
- Lack of anti-rollback mechanisms
- Lack of notifications of security changes due to updates.
- Use of insecure or outdated components
- Use of deprecated or insecure software components/libraries
- Insecure customization of operating system platforms
- Use of third-party software or hardware components from a compromised supply chain
- Insufficient privacy protection
- Use of users personal information insecurely, improperly, or without permission.
- Insecure data transfer and storage
- Lack of encryption or access control of sensitive data
- Can be anywhere within the ecosystem e.g. at rest, in transit, or during processing.
- Lack of device management
- Lack of security support on devices deployed in production
- Capabilities include e.g. asset management, update management, secure decommissioning, systems monitoring, and response.
- Insecure default settings
- Can be shipped with insecure settings or without ability to make restrictions.
- Lack of physical hardening
- Easily accessible physically
- Access control
- E.g. remote access control or gaining access to administration panels
- BlueBorn Attack
- Amalgamation of techniques and attacks against known, already existing Bluetooth vulnerabilities
- Jamming Attack
- Also known as signal jamming attack
- Jamming the signal to prevent the communication of devices
- Man-in-the-middle attack
- E.g. by sniffing through Foren6
- Passive sniffer
- Reconstruct a visual and textual representation of network information to support real-world Internet of Thingl
- E.g. by sniffing through Foren6
- HVAC attack
- Takes place when one hacks IoT devices in order to shut down air conditioning services.
- Backdoor (not just IoT related)
- Exploit kits
- Replay attack
- Ransomware attack
- Privilege escalation
- Side channel attack
- Web application attacks, web server attacks
- Cloud computing attacks
- Mobile application threats
- DoS / DDoS
- Forged malicious devices
- Resetting to an insecure state
- Removal of storage media
- Firmware attack
- Network service attacks
- Unencrypted local data storage
- Confidentiality and integrity issues
- Malicious updates
- Insecure APIs
- Eavesdropping
- Sybil attack
- Also known as hopping code attack.
- Used in keyless entry systems such as garage door openers and keyless car entry systems.
- Attacker capture signal from transmitter device, simultaneously blocking the receiver to receive the signal
- Attacker uses the signal to gain unauthorized access
- E.g. stealing car with captured signal
- Tools include HackRF One hardware tool.
- Allows looking for data in filesystem or reverse engineering it for vulnerabilities.
- Flow example:
binwalkis a common tool for it found on Kali Linux.firmwalkerto list vulnerabilities by scanning all files.
- Can be used for reading/manipulating data
- Allows pushing firmware updates
- Enables usage of devices to other devices in the network
- IP address
- Running protocols
- Open ports
- Type of device
- Vendor
- Shodan is a helpful search engine for IoT
- Scanning the network and devices to find vulnerabilities
- Search for weak password
- Software and firmware vulnerabilities
- Tools
nmaphping- Firmalyzer
- Security assessments with risk analysis in IoT networks
- Proprietary platform
- Exploiting vulnerabilities
- E.g. running rolling code attack
- Gain unauthorized access
- Privilege escalation
- Install backdoor
- Logging out
- Clearing logs
- Covering tracks
- Firmware update
- Block unnecessary ports
- Disable telnet as it's insecure protocol
- Use encrypted communication (SSL/TLS)
- Use strong password
- Encrypt drives
- Periodic assessment of devices
- Secure password recovery
- Two-Factor Authentication
- Disable UPnP