Attackers can use easy-to-guess or publicly available passwords to gain access to the systems. Using backdoors in device firmware or client software also grants unauthorized access to the deployed systems.
Vulnerable network services on any Internet-powered device can compromise the confidentiality, integrity/authenticity, or availability of information, and/or allow unauthorized remote control to any attacker
Components lying out of the device ecosystem, such as backend API, cloud, or mobile interfaces, might compromise the device if proper security controls are not in place. Common issues include a lack of authentication/authorization, a lack of or weak encryption, and a lack of input and output filtering.
This includes vulnerabilities such as lack of firmware validation on the device, lack of secure delivery, lack of anti-rollback mechanisms, and lack of notifications on security changes because of updates.
The use of insecure software components/libraries, such as insecure customization of operating system platforms and use of third-party software or hardware components, could allow the device to be compromised
Personal data or confidential data stored on the systems could be used insecurely if they are not protected using encryption or any other protection mechanisms
The sensitive data on a system or being transferred over the network should be encrypted properly
When no proper security mechanisms are applied to devices deployed in a production environment makes them more vulnerable to attacks
Devices with default configurations are exposed to attack. Moreover, allowing users to modify the configuration of devices might pose security risks.
With no physical hardening measures in place, attackers can gain unauthorized access to sensitive information stored on a device
▪ SQL Injection
o Vulnerability: SQL injection is a code injection technique where a malicious code is injected in the application to extract and modify the database content
o Consideration: Strong mitigation strategy against SQL injection includes the use of prepared statements with parameterized queries
▪ Cross-site Scripting
o Vulnerability: Cross-site scripting or XSS is a type of attack on web applications, using which an attacker can inject malicious code into the application to obtain unauthorized access to the web application
o Considerations: Carefully monitoring and validating all inputs that are assumed to be insecure, and not trusting data coming from an unknown source
▪ Cross-site Request Forgery o Vulnerability: A cross-site request forgery is a type of attack in which a malicious web site, blog, instant message, or program causes a user’s web browser to behave abnormally on a trusted site for which the user is authenticated at that moment.
o Considerations: Adoption of additional authentication data into requests that allow the web application to detect requests from unauthorized locations.
o Vulnerability: User Enumeration is a technique in which an attacker finds out whether some username is already existing or not with the help of forgot password form. Once a set of existing or valid usernames are obtained, they can be used to obtain further access to their accounts.
o Considerations: Applications should specify their own usernames, they should not be predictable, and CAPTCHA can be used to avoid user enumeration to a certain extent.
o Vulnerability: Weak or easy-to-guess passwords can be easily brute-forced by an attacker to access the user’s personal and confidential data
o Considerations: Strong passwords with lower case, upper case, and alpha-numeric characters should be used. One should also avoid using dictionary words as their password, as they are easy to crack.
o Vulnerability: An account lockout mechanism is used to prevent the system from brute-force password guessing attacks. The absence of a lockout mechanism can allow an attacker to brute force the password and gain access to the user’s account and access his/her private data.
o Considerations: A proper lockout mechanism should be implemented, which locks out an individual’s account of after 3-5 unsuccessful login attempts for a certain period
▪ Known Default Credentials
o Vulnerability: If default credentials are not changed, they can be easily cracked, and the device can go into wrong hands
o Considerations: Users should change the credentials of any device they buy to prevent it from any unauthorized access.
▪ Hardcoded Credentials
o Vulnerability: Most devices bought by a customer come with default credentials set by manufacturing companies, and users usually do not reset the default credentials, making them vulnerable to unauthorized access. After successfully compromising such devices, hackers can turn them into a bot.
o Consideration: IoT device users need to change/reset the default credentials to obtain an additional layer of security against attacks
o Vulnerability: Leak of sensitive or confidential data via URLs may expose the devices to attacks
o Consideration: All information transmitted through URLs must be properly encrypted. Firmware should be designed in such a way that the information stored in a device is strongly encrypted.
▪ Encryption Keys
o Vulnerability: Access to encryption keys may result in the decryption of and access to confidential data.
o Consideration: The encryption keys used for decrypting the data should not be available directly from the device’s memory; rather, it should be stored in the cloud and sent across the network to the device when required.
o Vulnerability: Sensitive information about the device (such as credentials, controls keys, update information, etc.) should not be visible to all, that is, it should be encrypted and not shared among devices.
o Consideration: The preferred approach would be to use separate control keys, and the same credentials or control keys should not be shared across the network. Different security keys for different devices provide an additional level of security against threats.
▪ Information Disclosure
o Vulnerability: Leak of sensitive or confidential data may expose a device to attacks
o Consideration: Firmware should be designed in such a way that the information stored in a device is strongly encrypted
▪ Denial-of-Service
o Vulnerability: Any denial-of-service attack may impact the services offered by the cloud
o Consideration: An intrusion detection mechanism should be deployed to handle different denial-of-service attacks.
▪ UPnP
o Vulnerability: Unwanted ports such as Universal Plug and Play (UPnP) devices are enabled by default in some devices, putting their security at risk as it allows malware to enter and destroy the device and the local network.
o Consideration: The manufacturer should design the devices such that these types of vulnerable ports are disabled by default
▪ Vulnerable UDP Services
o Vulnerability: Vulnerable UDP services can put the security of a system at high risk. Certain unwanted or malicious files can be transferred using such services, which can destroy the system and important data.
o Consideration: Firmware should be designed in such a way that certain risky services are disabled by default.
▪ User and admin CLI
▪ Injection and unencrypted services
▪ Poorly implemented encryption
▪ SQL injection
▪ Cross-site scripting and Cross-site request forgery
▪ Username enumeration and known default credentials
▪ Weak passwords and account lockout
▪ Security/encryption and logging options
▪ Two-factor authentication
▪ Inability to wipe device
▪ Unencrypted Data
o Vulnerability: Clear-text or unencrypted communications in a network are prone to attacks such as data interception
o Consideration: Strong encryption mechanisms that encrypt data should be adopted so that it cannot go into wrong hands and cannot be misused
o Vulnerability: Can lead to ransomware attacks where an attacker who has encrypted the data and has the keys can ask for the ransom to decrypt the data
o Consideration: Update the device on a regular basis and avoid opening an email from an unknown source, as it might contain a malicious attachment
o Vulnerability: Weak encryption mechanisms may result in data interception and loss of important information.
o Consideration: Security considerations for such issues should consider the use of strong encryption techniques such as transport layer security (TLS).
Cloud Web Interface
▪ Transport Encryption
o Vulnerability: Transport encryption is an essential step toward device security, a lack of which can result in the loss of important information, loss of privacy, and compromised devices.
o Consideration: Proper transport encryption techniques should be implemented to keep the data encrypted and protected when in transit.
▪ SQL injection
▪ Cross-site scripting and cross-site request forgery
▪ Username enumeration and known default credentials
▪ Weak passwords and account lockout
▪ Insecure password recovery mechanism
▪ Two-factor authentication
Update Mechanism
o Vulnerability: Unavailability of secure update transferring mechanism opens the door for cyber-attacks
o Consideration: Tested and strong encryption mechanisms should be incorporated to secure the transmission of updates to devices
▪ Updates Not Signed
o Vulnerability: Updates that are not signed from a trusted or reliable source might contain malicious files that can harm the device or the system
o Consideration: Verify whether the updates to be installed are signed and are from a trusted source. If not, avoid installing them.
▪ Update Verification
o Vulnerability: The update verification mechanism verifies the updates that will be installed in a device. If this option is not turned on, then the system would not be able to distinguish between malicious and genuine updates that can eventually harm the device.
o Consideration: Keep the update verification option turned on so that when some malicious updates or updates from an unknown source pops up, it will be discarded.
o Vulnerability: Provides unauthorized access to attackers, using which he/she can perform malicious activities using the device
o Consideration: Verify if the update is from a trusted source; if not, it should be discarded
▪ Missing Update Mechanism
o Vulnerability: Usually, updates remove system vulnerabilities, thus preventing various attacks. Missing update mechanisms can make the device or system prone to various online and offline attacks.
o Consideration: Make sure any device you buy has an update mechanism installed in it; if it is already there, ensure it is turned on.
▪ No Manual Update Mechanism
o Vulnerability: Some updates are not automatically installed in your system; you must install them manually. Therefore, the absence of a manual update mechanism can make your device vulnerable to certain attacks. Updates usually include various security patches to update the device’s software and remove all existing vulnerabilities.
o Consideration: Make sure the device you buy has a manual update mechanism present in it and gives you the liberty of manually updating the device for updates that are not installed automatically.
Third-party Backend APIs
▪ Unencrypted PII sent
o Vulnerability: Unencrypted personally identifiable information (PII) can potentially identify a specific individual. It contains important information that can distinguish one person from another. Therefore, if the hackers get access to this information, they can carry out malicious activities such as identity theft by accessing the device illegitimately.
o Consideration: PII should be kept and sent in encrypted form, so that the hackers will not be able to see the information in clear text or will be unable to decrypt it.
o Vulnerability: Lack of information storage security policies can lead to information leak, the consequences of which could be a loss of sensitive and confidential data that, in turn, could help the hackers gain unauthorized access to the device.
o Consideration: Firmware should incorporate certain security policies that keep personal as well as device information protected
▪ Location Leaked
o Vulnerability: Leak of a device location could result in physically accessing the device and the information in it or compromising the device.
o Consideration: Firmware should ensure that sensitive information such as location, identity, device banner, etc. is encrypted so that it becomes inaccessible to the attacker through debugging or at a physical level.
▪ Implicitly Trusted by Device or Cloud
o Vulnerability: Trusting each device connected to the network or the cloud without having any doubts about it can be risky. For example, a device connected to the network might be fake or infected, connection to which can infect the entire network.
o Consideration: Implementation of trust policies is appropriate to counter this problem. Policies should be such that a device or the cloud should be properly analyzed (based on identity, location, not infected, etc.) before it is considered trusted.
o Vulnerability: Some web applications have a security loophole where they reveal whether an entered username exists on the system. Exploiting this vulnerability, an attacker can guess and find the username, and then, can gain access to the device with that username using brute-force attacks.
o Consideration: Best practice to overcome this issue would be to design a system where the usernames cannot be easily found, and after certain failed attempts, the application should stop responding or providing service to the user for a certain period of time, and this time may continue increasing with an increase in the number of failed attempts.
o Vulnerability: Unavailability of account lockout mechanism after a certain period of inactivity on a system can result in unauthorized access to the device by hackers.
o Consideration: Account lockout mechanism incorporated in the device should lock out the user after a defined period of time so that no illegitimate users can access the account and obtain important information.
▪ Known Default Credentials or Weak Passwords
o Vulnerability: Lack of proper authentication mechanism or known default usernames and passwords may increase the chances of a credentials leak, which can put the device at risk.
o Consideration: An authentication mechanism should be used from the cloud side. Rather than transferring the credentials to the cloud every time, a mechanism such as a token should be used; keeping the token’s life span short (a few minutes) can automatically increase the security level.
o Vulnerability: Unsecured data storage can lead to a leak or exposure of sensitive or confidential data.
o Consideration: Firmware should be designed in such a way that all data storage layers of IoT is properly protected. Some storage layers in memory are NoSQL, RDBMS, and Big Data Hadoop.
▪ Transport Encryption, insecure password recovery mechanism, and two-factor authentication
▪ Inherent Trust of Cloud or Mobile Application
o Vulnerability: Trusting each mobile application or cloud without having any doubts about it leads to high risks. For example, a device using a malicious mobile application that may be fake or infected could result in the entire network being infected.
o Consideration: The implementation of trust policies is a perfect step to counter this problem. Policies should be such that a mobile application or the cloud is properly analyzed (based on identity, script, not infected, etc.) before it can be trusted.
o Vulnerability: As security is entirely dependent on the strength of the authentication mechanism and credentials used, a weak authentication mechanism may lead to device security issues such as loss of privacy, unauthorized access, change in device settings, and infection of different device components.
o Consideration: Two-factor or multi-factor authentication mechanisms should be used to increase the device’s security level
o Vulnerability: Failing to properly define the purpose of each device and its access level may result in a situation known as right escalation.
o Consideration: Proposing a method where each device can be configured, and its functionalities can be defined. ACL should be implemented at the device and network levels, which would eventually decrease the security gaps and improve the control over the devices.
▪ Health Checks
o Vulnerability: Any vulnerability present in a health care device can be exploited by an attacker and can put a patient’s life at risk. Vulnerable medical devices are also connected to many monitors and sensors, making them potential entry points to the larger network of a hospital.
o Consideration: Manufacturing companies, rather than increasing other features in healthcare devices, should increase security features, thus making it impossible for attackers to bypass the device’s security.
o Vulnerability: Security flaws in a pacemaker or features that make it accessible from a remote location, can be exploited by the potential hacker, which can even result in the death of a patient.
o Consideration: Manufacturing companies should emphasize more on medical device security and secure devices from potential attacks
▪ Ecosystem Commands
o Vulnerability: Lack of verification of any command coming from the system exposes it to exploits or attacks
o Consideration: Commands that alter the system or update the device’s configuration should have additional verification systems to check whether the command is from a genuine source
▪ De-provisioning
o Vulnerability: Devices that are not in use but still connected to the Internet can also lead to various attacks on the device and the network
o Consideration: Unused devices should be detached or terminated from the Internet. Removal of access to certain devices is also an effective solution to this problem.
▪ Pushing Updates
o Vulnerability: Malicious updates from the attackers through an attachment in the email or through compromised third parties can impact the system security badly by installing unwanted or malicious files that can lead to data loss and an inability to access the device or ransom demands to get access back to the device.
o Consideration: Device users should be more cautious while opening some links or attachments that seem suspicious or come from unknown sources
network Traffic
▪ LAN
o Vulnerability: The absence of robust security or configured security, lack of secure locations, and lack of network monitoring can result in problems such as connection interception, jamming signal attacks, man-in-the-middle attacks, etc.
o Consideration: Before deploying a LAN, its location security must be ensured, and a software level firewall should be deployed to keep hackers away from the network.
▪ LAN to Internet
o Vulnerability: Not having proper security infrastructure (Firewall, anti-virus, DMZ), lack of proper network monitoring, and insecure location of deployment can result in various attacks from internal or external networks.
o Consideration: The very first consideration when deploying a LAN is the location. Ensure that it is secure and proper security policies and practices are followed to enhance the network’s security, making it difficult for the attacker to breach the network security.
Short Range
o Vulnerability: Short-range devices such as Bluetooth devices are vulnerable to various attacks if the frequency on which they work is known to the intruder. They can easily see all personal or sensitive information present in your device.
o Consideration: In order to secure short-range communication, a good security design should be implemented to harden the device’s security.
▪ Non-standard
o Vulnerability: Non-standardized network traffic might contain malicious files that could harm the network security and devices
o Consideration: Each piece of passing network traffic should be standardized and checked before entering or leaving the network