Scribd
Upload
20 views4 pages

2.1 - IoT Attack-Surface - Vulnerability

The document outlines various vulnerabilities associated with the Internet of Things (IoT), categorized by attack surface areas such as device memory, web interfaces, and network services. It highlights specific risks including weak passwords, insecure data storage, and lack of encryption, along with references to OWASP guidelines. The document serves as a comprehensive overview of potential security issues in IoT ecosystems.

Uploaded by

Lê Đình Nam
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
20 views4 pages

2.1 - IoT Attack-Surface - Vulnerability

The document outlines various vulnerabilities associated with the Internet of Things (IoT), categorized by attack surface areas such as device memory, web interfaces, and network services. It highlights specific risks including weak passwords, insecure data storage, and lack of encryption, along with references to OWASP guidelines. The document serves as a comprehensive overview of potential security issues in IoT ecosystems.

Uploaded by

Lê Đình Nam
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

IoT Vulnerability

https://wiki.owasp.org/index.php/OWASP_Internet_of_Things_Project#IoT_Attack_Surface_Areas

Attack Surface Vulnerability

 Interoperability standards
 Data governance
 System wide failure
 Individual stakeholder risks
Ecosystem (general)
 Implicit trust between components
 Enrollment security
 Decommissioning system
 Lost access procedures
 Sensitive data
 Cleartext usernames
Device Memory  Cleartext passwords
 Third-party credentials
 Encryption keys
 Firmware extraction
 User CLI
 Admin CLI
 Privilege escalation
 Reset to insecure state
Device Physical Interfaces  Removal of storage media
 Tamper resistance
 Debug port
 UART (Serial)
 JTAG / SWD
 Device ID/Serial number exposure
 Standard set of web application vulnerabilities, see:
 OWASP Web Top 10
 OWASP ASVS
 OWASP Testing guide
 Credential management vulnerabilities:
Device Web Interface
 Username enumeration
 Weak passwords
 Account lockout
 Known default credentials
 Insecure password recovery mechanism
Device Firmware  Sensitive data exposure (See OWASP Top 10 - A6 Sensitive
data exposure):
 Backdoor accounts
 Hardcoded credentials
 Encryption keys
 Encryption (Symmetric, Asymmetric)
 Sensitive information
 Sensitive URL disclosure
 Firmware version display and/or last update date
 Vulnerable services (web, ssh, tftp, etc.)
 Verify for old sw versions and possible attacks
(Heartbleed, Shellshock, old PHP versions etc)
 Security related function API exposure
 Firmware downgrade possibility
 Information disclosure
 User CLI
 Administrative CLI
 Injection
 Denial of Service
 Unencrypted Services
 Poorly implemented encryption
 Test/Development Services
 Buffer Overflow
 UPnP
 Vulnerable UDP Services
Device Network Services  DoS
 Device Firmware OTA update block
 Firmware loaded over insecure channel (no TLS)
 Replay attack
 Lack of payload verification
 Lack of message integrity check
 Credential management vulnerabilities:
 Username enumeration
 Weak passwords
 Account lockout
 Known default credentials
 Insecure password recovery mechanism
 Standard set of web application vulnerabilities, see:
 OWASP Web Top 10
 OWASP ASVS
 OWASP Testing guide
 Credential management vulnerabilities:
 Username enumeration
 Weak passwords
Administrative Interface  Account lockout
 Known default credentials
 Insecure password recovery mechanism
 Security/encryption options
 Logging options
 Two-factor authentication
 Check for insecure direct object references
 Inability to wipe device
 Unencrypted data
 Data encrypted with discovered keys
Local Data Storage
 Lack of data integrity checks
 Use of static same enc/dec key
 Standard set of web application vulnerabilities, see:
 OWASP Web Top 10
 OWASP ASVS
 OWASP Testing guide
 Credential management vulnerabilities:
 Username enumeration
Cloud Web Interface
 Weak passwords
 Account lockout
 Known default credentials
 Insecure password recovery mechanism
 Transport encryption
 Two-factor authentication
 Unencrypted PII sent
 Encrypted PII sent
Third-party Backend APIs
 Device information leaked
 Location leaked
 Update sent without encryption
 Updates not signed
 Update location writable
 Update verification
Update Mechanism
 Update authentication
 Malicious update
 Missing update mechanism
 No manual update mechanism
 Implicitly trusted by device or cloud
 Username enumeration
 Account lockout
 Known default credentials
Mobile Application  Weak passwords
 Insecure data storage
 Transport encryption
 Insecure password recovery mechanism
 Two-factor authentication
 Inherent trust of cloud or mobile application
 Weak authentication
Vendor Backend APIs  Weak access controls
 Injection attacks
 Hidden services
Ecosystem Communication  Health checks
 Heartbeats
 Ecosystem commands
 Deprovisioning
 Pushing updates
 LAN
 LAN to Internet
 Short range
Network Traffic
 Non-standard
 Wireless (WiFi, Z-wave, XBee, Zigbee, Bluetooth, LoRA)
 Protocol fuzzing
 Authentication/Authorization related values (session key,
token, cookie, etc.) disclosure
 Reusing of session key, token, etc.
 Device to device authentication
Authentication/  Device to mobile Application authentication
Authorization
 Device to cloud system authentication
 Mobile application to cloud system authentication
 Web application to cloud system authentication
 Lack of dynamic authentication
 User data disclosure
Privacy  User/device location disclosure
 Differential privacy
 Sensing Environment Manipulation
Hardware (Sensors)  Tampering (Physically)
 Damage (Physicall)

You might also like