Difference between revisions of "Top IoT Vulnerabilities"

Revision as of 03:05, 30 November 2015

The top IoT vulnerabilities (DRAFT) are as follow:

Vulnerability	Attack Surface	Summary
Username Enumeration	Administrative Interface Device Web Interface Cloud Interface Mobile Application	Ability to collect a set of valid usernames by interacting with the authentication mechanism
Weak Passwords	Administrative Interface Device Web Interface Cloud Interface Mobile Application	Ability to set account passwords to '1234' or '123456' for example.
Account Lockout	Administrative Interface Device Web Interface Cloud Interface Mobile Application	Ability to continue sending authentication attempts after 3 - 5 failed login attempts
Unencrypted Services	Device Network Services	Network services are not properly encrypted to prevent eavesdropping by attackers
Two-factor Authentication	Administrative Interface Cloud Web Interface Mobile Application	Lack of two-factor authentication mechanisms such as a security token or fingerprint scanner
Poorly Implemented Encryption	Device Network Services	Encryption is implemented however it is improperly configured or is not being properly updated, e.g. using SSL v2
Update Sent Without Encryption	Update Mechanism	Updates are transmitted over the network without using TLS or encrypting the update file itself
Update Location Writable	Update Mechanism	Storage location for update files is world writable potentially allowing firmware to be modified and distributed to all users
Denial of Service	Device Network Services	Service can be attacked in a way that denies service to that service or the entire device
Removal of Storage Media	Device Physical Interfaces	Ability to physically remove the storage media from the device
No Manual Update Mechanism	Update Mechanism	No ability to manually force an update check for the device
Missing Update Mechanism	Update Mechanism	No ability to update device
Firmware Version Display and/or Last Update Date	Device Firmware	Current firmware version is not displayed and/or the last update date is not displayed

Revision as of 02:38, 30 November 2015 (view source) Craig Smith (talk \| contribs) (Created page with "= Top IoT Vulnerabilities = The top IoT vulnerabilities (DRAFT) are as follow: {\| border="1" class="wikitable" style="text-align: left" ! Vulnerability ! Attack Surface ! Su...")		Revision as of 03:05, 30 November 2015 (view source) Craig Smith (talk \| contribs) Newer edit →
Line 1:		Line 1:
−	~~= Top IoT Vulnerabilities =~~
−
	The top IoT vulnerabilities (DRAFT) are as follow:		The top IoT vulnerabilities (DRAFT) are as follow:

Difference between revisions of "Top IoT Vulnerabilities"

Revision as of 03:05, 30 November 2015

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools