Latest revision as of 16:15, 6 January 2016

The Checklist

Originally presented by @wallarm at OWASP Russia Meetup #2.

Contents have been merged into the IoT Attack Surface Areas project with the permission of this article's original creator.

@@ Line 2: / Line 2: @@
 Originally presented by @wallarm at OWASP Russia Meetup #2.
+* Contents have been merged into the IoT Attack Surface Areas project with the permission of this article's original creator.
-== Threat model : neighbour ==
+* [https://www.owasp.org/index.php/OWASP_Internet_of_Things_Project#IoT_Attack_Surface_Areas_Project IoT Attack Surface Area Project]
-=== Unprotected wireless channel ===
-* Present
-* Not present
-== Threat model : guest ==
-=== Authentication between client and device ===
-* Not present
-* Login/password
-* Key
-=== Client-device encryption ===
-* Not present
-* Weak/strong
-* Symmetric/asymmetric
-* Encryption key length
-=== Authentication for firmware update ===
-* Not present
-* Login/password
-* Key
-=== Firmware integrity controls ===
-* Not present
-* Weak/strong
-* E-signature
-* Checksum
-* Self-written
-* Threat model applies for reseller too!
-== Threat model : vendor ==
-=== Hidden data exchange services ===
-* Present
-* Not present
-=== Backdoor accounts ===
-* Present
-* Not present
-== Threat model : website ==
-=== Client-side vulnerabilities in web interface ===
-* Present
-* Not present
-=== Server-side vulnerabilities in web interface ===
-* Present
-* Not present
-* Threat model applies for guest too!
-== Threat model : physical ==
-=== Physical protection from damage ===
-* Present
-* Not present