https://wiki.owasp.org/index.php?action=history&feed=atom&title=IoT_Attack_Surface_Areas
IoT Attack Surface Areas - Revision history
2026-04-25T20:02:52Z
Revision history for this page on the wiki
MediaWiki 1.27.2
https://wiki.owasp.org/index.php?title=IoT_Attack_Surface_Areas&diff=203976&oldid=prev
Craig Smith at 03:08, 30 November 2015
2015-11-30T03:08:49Z
<p></p>
<table class="diff diff-contentalign-left" data-mw="interface">
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;' lang='en'>
<td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 03:08, 30 November 2015</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l1" >Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"><center>[https://www.owasp.org/index.php/OWASP_Internet_of_Things_Project#tab=IoT_Attack_Surface_Areas Back To The IoT Attack Surface Areas Project]</center></ins></div></td></tr>
<tr><td colspan="2"> </td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;"></ins></div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>The OWASP IoT Attack Surface Areas (DRAFT) are as follows:</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>The OWASP IoT Attack Surface Areas (DRAFT) are as follows:</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
</table>
Craig Smith
https://wiki.owasp.org/index.php?title=IoT_Attack_Surface_Areas&diff=203953&oldid=prev
Craig Smith: Created page with "The OWASP IoT Attack Surface Areas (DRAFT) are as follows: {| border="1" class="wikitable" style="text-align: left" ! Attack Surface ! Vulnerability |- | '''Ecosystem Access..."
2015-11-30T02:23:49Z
<p>Created page with "The OWASP IoT Attack Surface Areas (DRAFT) are as follows: {| border="1" class="wikitable" style="text-align: left" ! Attack Surface ! Vulnerability |- | '''Ecosystem Access..."</p>
<p><b>New page</b></p><div>The OWASP IoT Attack Surface Areas (DRAFT) are as follows:<br />
<br />
{| border="1" class="wikitable" style="text-align: left"<br />
! Attack Surface<br />
! Vulnerability<br />
|- <br />
| '''Ecosystem Access Control'''<br />
|<br />
* Implicit trust between components<br />
* Enrollment security<br />
* Decommissioning system<br />
* Lost access procedures<br />
|- <br />
| '''Device Memory'''<br />
|<br />
* Cleartext usernames<br />
* Cleartext passwords<br />
* Third-party credentials<br />
* Encryption keys<br />
|- <br />
| '''Device Physical Interfaces'''<br />
|<br />
* Firmware extraction<br />
* User CLI<br />
* Admin CLI<br />
* Privilege escalation<br />
* Reset to insecure state<br />
* Removal of storage media<br />
|-<br />
| '''Device Web Interface'''<br />
|<br />
* SQL injection<br />
* Cross-site scripting<br />
* Cross-site Request Forgery<br />
* Username enumeration<br />
* Weak passwords<br />
* Account lockout<br />
* Known default credentials<br />
|- <br />
| '''Device Firmware'''<br />
|<br />
* Hardcoded credentials<br />
* Sensitive information disclosure<br />
* Sensitive URL disclosure<br />
* Encryption keys<br />
* Firmware version display and/or last update date<br />
|- <br />
| '''Device Network Services'''<br />
|<br />
* Information disclosure<br />
* User CLI<br />
* Administrative CLI<br />
* Injection<br />
* Denial of Service<br />
* Unencrypted Services<br />
* Poorly implemented encryption<br />
* Test/Development Services<br />
* Buffer Overflow<br />
* UPnP<br />
* Vulnerable UDP Services<br />
* DoS<br />
|- <br />
| '''Administrative Interface'''<br />
|<br />
* SQL injection<br />
* Cross-site scripting<br />
* Cross-site Request Forgery<br />
* Username enumeration<br />
* Weak passwords<br />
* Account lockout<br />
* Known default credentials<br />
* Security/encryption options<br />
* Logging options<br />
* Two-factor authentication<br />
* Inability to wipe device<br />
|- <br />
| '''Local Data Storage'''<br />
|<br />
* Unencrypted data<br />
* Data encrypted with discovered keys<br />
* Lack of data integrity checks<br />
|- <br />
| '''Cloud Web Interface'''<br />
|<br />
* SQL injection<br />
* Cross-site scripting<br />
* Cross-site Request Forgery<br />
* Username enumeration<br />
* Weak passwords<br />
* Account lockout<br />
* Known default credentials<br />
* Transport encryption<br />
* Insecure password recovery mechanism<br />
* Two-factor authentication<br />
|- <br />
| '''Third-party Backend APIs'''<br />
|<br />
* Unencrypted PII sent<br />
* Encrypted PII sent<br />
* Device information leaked<br />
* Location leaked<br />
|- <br />
| '''Update Mechanism'''<br />
|<br />
* Update sent without encryption<br />
* Updates not signed<br />
* Update location writable<br />
* Update verification<br />
* Malicious update<br />
* Missing update mechanism<br />
* No manual update mechanism<br />
|- <br />
| '''Mobile Application'''<br />
|<br />
* Implicitly trusted by device or cloud<br />
* Username enumeration<br />
* Account lockout<br />
* Known default credentials<br />
* Weak passwords<br />
* Insecure data storage<br />
* Transport encryption<br />
* Insecure password recovery mechanism<br />
* Two-factor authentication<br />
|- <br />
| '''Vendor Backend APIs'''<br />
|<br />
* Inherent trust of cloud or mobile application<br />
* Weak authentication<br />
* Weak access controls<br />
* Injection attacks<br />
|- <br />
| '''Ecosystem Communication'''<br />
|<br />
* Health checks<br />
* Heartbeats<br />
* Ecosystem commands<br />
* Deprovisioning<br />
* Pushing updates<br />
|- <br />
| '''Network Traffic'''<br />
|<br />
* LAN<br />
* LAN to Internet<br />
* Short range<br />
* Non-standard<br />
|- <br />
|}</div>
Craig Smith