OWASP Top 10 IoT Vulnerabilities
1. Weak or Guessable Passwords
Attackers can use easy-to-guess or publicly available passwords to gain access to the systems. Using backdoors in device firmware or client software also grants unauthorized access to the deployed systems.
Vulnerable network services on any Internet-powered device can compromise the confidentiality, integrity/authenticity, or availability of information, and/or allow unauthorized remote control to any attacker
3. Insecure Ecosystem Interfaces
Components lying out of the device ecosystem, such as backend API, cloud, or mobile interfaces, might compromise the device if proper security controls are not in place. Common issues include a lack of authentication/authorization, a lack of or weak encryption, and a lack of input and output filtering.
4. Lack of Secure Update Mechanism
This includes vulnerabilities such as lack of firmware validation on the device, lack of secure delivery, lack of anti-rollback mechanisms, and lack of notifications on security changes because of updates.
5. Use of Insecure or Outdated Components
The use of insecure software components/libraries, such as insecure customization of operating system platforms and use of third-party software or hardware components, could allow the device to be compromised
6. Insufficient Privacy Protection
Personal data or confidential data stored on the systems could be used insecurely if they are not protected using encryption or any other protection mechanisms
7. Insecure Data Transfer and Storage
The sensitive data on a system or being transferred over the network should be encrypted properly
When no proper security mechanisms are applied to devices deployed in a production environment makes them more vulnerable to attacks
Devices with default configurations are exposed to attack. Moreover, allowing users to modify the configuration of devices might pose security risks.
10. Lack of Physical Hardening
With no physical hardening measures in place, attackers can gain unauthorized access to sensitive information stored on a device
IoT Attack Surface Areas
According to OWASP, the following are the IoT attack surface areas: Device Memory
This is one of the most important components of the IoT ecosystem. A device’s memory is necessary to store important information about certain events.
Some of the vulnerabilities present in this component are discussed below:
Unencrypted credentials or clear-text credentials may lead to credentials and information leak from a device.
o Consideration:
To keep the device and its information secure, the credentials that are used to access some devices and even the communication between two endpoints should be carried out in an encrypted form so that it cannot be easily accessed or compromised to obtain unauthorized access to the platform.
A device can be accessed and exploited using third-party credentials o Consideration: Only certain functionalities should be exempted to access the third parties, and the credentials used by third parties should be encrypted using a strong encryption mechanism so that even if the hacker obtains them, he/she should not be able to decrypt them to gain access to the device.
Encryption keys can be obtained by the hackers, using which they can obtain an unauthorzed access to the device
o Consideration:
A proper key management system must be used to protect the encryption keys from hackers. Encryption keys should not be stored with the data they decrypt; otherwise, if the machine on which both are located is compromised, the keys are also compromised.
▪ Implicit Trust between Components o Vulnerability: Implicit trust can result in trusting malicious components that, in turn, can result in malfunctions of all components
o Consideration: Before any interaction, each component should authenticate itself with other components. When trusted relationships are acquired, there should be strong mechanisms and procedures to ensure that they cannot be abused.
o Vulnerability: Enrolling the device in the absence of certain restrictions or authentication mechanisms can result in the installation of a malicious device that can put the network’s security at risk
o Consideration: Each device should authenticate itself before getting enrolled
▪ Decommissioning System
o Vulnerability: Any single device may put the whole system at risk by compromising it
o Consideration:
The compromised devices should be handled carefully by analyzing the problem and developing methods to counter the problem. Certain techniques should also be adopted to prepare the system for any unwanted situations, such as clearing data and resetting the device from the cloud, debugging and decommissioning the system, etc.
o Vulnerability: Failing to define the purpose of each device and its access level may result in a situation known as right escalation
o Consideration: A proper method must be proposed where each device has the ability to be configured, and its functionalities are well-defined. ACL at the device and network levels should be implemented, which would eventually decrease the security gaps and improve the control over devices.
Hidden vulnerabilities in the system can be exposed if the firmware can be accessed
o Consideration: The security consideration for this would be the use of firmware in an encrypted form
▪ User CLI
o Vulnerability: If the user is allowed to access all parts of a device, or has an administrator-level right, it can put the device security at high risk
o Consideration: The preferred approach would be to limit users’ access to the core of the device, and only certain changes to the devices should be allowed
▪ Admin CLI
o Vulnerability: Access to the user console or admin console to perform administrative tasks or to access data received by the device may expose it to exploitation and may compromise it
o Consideration: The security consideration for such a vulnerability is not to expose the console access to the devices for purposes such as debugging. The administrative rights should be limited and debugging ports should be blocked for live devices.
o Vulnerability: Physical access to the device, if not configured properly, may result in an elevated access to the system resources, which is usually not allowed for a user. This may result in the exploitation of the device functions.
o Consideration: Design the firmware in such a way that the user cannot access that part of the device he/she is not supposed to access.
▪ Reset to Insecure State
o Vulnerability: In the case of physical access to the device, there is a possibility of resetting the storage memory of the device to an unwanted or undesired state.
o Consideration: Firmware needs to be designed such a way that access to resetting a device should be denied
o Vulnerability: Physical access to the device may result in access to the storage media, which can further expose the firmware, data stored in the device, and credentials
o Consideration: Additional hardware-level security or hardware encryption should be implemented
▪ SQL Injection
o Vulnerability: SQL injection is a code injection technique where a malicious code is injected in the application to extract and modify the database content
o Consideration: Strong mitigation strategy against SQL injection includes the use of prepared statements with parameterized queries
▪ Cross-site Scripting
o Vulnerability: Cross-site scripting or XSS is a type of attack on web applications, using which an attacker can inject malicious code into the application to obtain unauthorized access to the web application
o Considerations: Carefully monitoring and validating all inputs that are assumed to be insecure, and not trusting data coming from an unknown source
▪ Cross-site Request Forgery o Vulnerability: A cross-site request forgery is a type of attack in which a malicious web site, blog, instant message, or program causes a user’s web browser to behave abnormally on a trusted site for which the user is authenticated at that moment.
o Considerations: Adoption of additional authentication data into requests that allow the web application to detect requests from unauthorized locations.
o Vulnerability: User Enumeration is a technique in which an attacker finds out whether some username is already existing or not with the help of forgot password form. Once a set of existing or valid usernames are obtained, they can be used to obtain further access to their accounts.
o Considerations: Applications should specify their own usernames, they should not be predictable, and CAPTCHA can be used to avoid user enumeration to a certain extent.
o Vulnerability: Weak or easy-to-guess passwords can be easily brute-forced by an attacker to access the user’s personal and confidential data
o Considerations: Strong passwords with lower case, upper case, and alpha-numeric characters should be used. One should also avoid using dictionary words as their password, as they are easy to crack.
o Vulnerability: An account lockout mechanism is used to prevent the system from brute-force password guessing attacks. The absence of a lockout mechanism can allow an attacker to brute force the password and gain access to the user’s account and access his/her private data.
o Considerations: A proper lockout mechanism should be implemented, which locks out an individual’s account of after 3-5 unsuccessful login attempts for a certain period
▪ Known Default Credentials
o Vulnerability: If default credentials are not changed, they can be easily cracked, and the device can go into wrong hands
o Considerations: Users should change the credentials of any device they buy to prevent it from any unauthorized access.
▪ Hardcoded Credentials
o Vulnerability: Most devices bought by a customer come with default credentials set by manufacturing companies, and users usually do not reset the default credentials, making them vulnerable to unauthorized access. After successfully compromising such devices, hackers can turn them into a bot.
o Consideration: IoT device users need to change/reset the default credentials to obtain an additional layer of security against attacks
o Vulnerability: Leak of sensitive or confidential data via URLs may expose the devices to attacks
o Consideration: All information transmitted through URLs must be properly encrypted. Firmware should be designed in such a way that the information stored in a device is strongly encrypted.
▪ Encryption Keys
o Vulnerability: Access to encryption keys may result in the decryption of and access to confidential data.
o Consideration: The encryption keys used for decrypting the data should not be available directly from the device’s memory; rather, it should be stored in the cloud and sent across the network to the device when required.
o Vulnerability: Sensitive information about the device (such as credentials, controls keys, update information, etc.) should not be visible to all, that is, it should be encrypted and not shared among devices.
o Consideration: The preferred approach would be to use separate control keys, and the same credentials or control keys should not be shared across the network. Different security keys for different devices provide an additional level of security against threats.
▪ Information Disclosure
o Vulnerability: Leak of sensitive or confidential data may expose a device to attacks
o Consideration: Firmware should be designed in such a way that the information stored in a device is strongly encrypted
▪ Denial-of-Service
o Vulnerability: Any denial-of-service attack may impact the services offered by the cloud
o Consideration: An intrusion detection mechanism should be deployed to handle different denial-of-service attacks.
▪ UPnP
o Vulnerability: Unwanted ports such as Universal Plug and Play (UPnP) devices are enabled by default in some devices, putting their security at risk as it allows malware to enter and destroy the device and the local network.
o Consideration: The manufacturer should design the devices such that these types of vulnerable ports are disabled by default
▪ Vulnerable UDP Services
o Vulnerability: Vulnerable UDP services can put the security of a system at high risk. Certain unwanted or malicious files can be transferred using such services, which can destroy the system and important data.
o Consideration: Firmware should be designed in such a way that certain risky services are disabled by default.
▪ User and admin CLI
▪ Injection and unencrypted services
▪ Poorly implemented encryption
▪ SQL injection
▪ Cross-site scripting and Cross-site request forgery
▪ Username enumeration and known default credentials
▪ Weak passwords and account lockout
▪ Security/encryption and logging options
▪ Two-factor authentication
▪ Inability to wipe device
▪ Unencrypted Data
o Vulnerability: Clear-text or unencrypted communications in a network are prone to attacks such as data interception
o Consideration: Strong encryption mechanisms that encrypt data should be adopted so that it cannot go into wrong hands and cannot be misused
o Vulnerability: Can lead to ransomware attacks where an attacker who has encrypted the data and has the keys can ask for the ransom to decrypt the data
o Consideration: Update the device on a regular basis and avoid opening an email from an unknown source, as it might contain a malicious attachment
o Vulnerability: Weak encryption mechanisms may result in data interception and loss of important information.
o Consideration: Security considerations for such issues should consider the use of strong encryption techniques such as transport layer security (TLS).
Cloud Web Interface
▪ Transport Encryption
o Vulnerability: Transport encryption is an essential step toward device security, a lack of which can result in the loss of important information, loss of privacy, and compromised devices.
o Consideration: Proper transport encryption techniques should be implemented to keep the data encrypted and protected when in transit.
▪ SQL injection
▪ Cross-site scripting and cross-site request forgery
▪ Username enumeration and known default credentials
▪ Weak passwords and account lockout
▪ Insecure password recovery mechanism
▪ Two-factor authentication
Update Mechanism
o Vulnerability: Unavailability of secure update transferring mechanism opens the door for cyber-attacks
o Consideration: Tested and strong encryption mechanisms should be incorporated to secure the transmission of updates to devices
▪ Updates Not Signed
o Vulnerability: Updates that are not signed from a trusted or reliable source might contain malicious files that can harm the device or the system
o Consideration: Verify whether the updates to be installed are signed and are from a trusted source. If not, avoid installing them.
▪ Update Verification
o Vulnerability: The update verification mechanism verifies the updates that will be installed in a device. If this option is not turned on, then the system would not be able to distinguish between malicious and genuine updates that can eventually harm the device.
o Consideration: Keep the update verification option turned on so that when some malicious updates or updates from an unknown source pops up, it will be discarded.
o Vulnerability: Provides unauthorized access to attackers, using which he/she can perform malicious activities using the device
o Consideration: Verify if the update is from a trusted source; if not, it should be discarded
▪ Missing Update Mechanism
o Vulnerability: Usually, updates remove system vulnerabilities, thus preventing various attacks. Missing update mechanisms can make the device or system prone to various online and offline attacks.
o Consideration: Make sure any device you buy has an update mechanism installed in it; if it is already there, ensure it is turned on.
▪ No Manual Update Mechanism
o Vulnerability: Some updates are not automatically installed in your system; you must install them manually. Therefore, the absence of a manual update mechanism can make your device vulnerable to certain attacks. Updates usually include various security patches to update the device’s software and remove all existing vulnerabilities.
o Consideration: Make sure the device you buy has a manual update mechanism present in it and gives you the liberty of manually updating the device for updates that are not installed automatically.
Third-party Backend APIs
▪ Unencrypted PII sent
o Vulnerability: Unencrypted personally identifiable information (PII) can potentially identify a specific individual. It contains important information that can distinguish one person from another. Therefore, if the hackers get access to this information, they can carry out malicious activities such as identity theft by accessing the device illegitimately.
o Consideration: PII should be kept and sent in encrypted form, so that the hackers will not be able to see the information in clear text or will be unable to decrypt it.
o Vulnerability: Lack of information storage security policies can lead to information leak, the consequences of which could be a loss of sensitive and confidential data that, in turn, could help the hackers gain unauthorized access to the device.
o Consideration: Firmware should incorporate certain security policies that keep personal as well as device information protected
▪ Location Leaked
o Vulnerability: Leak of a device location could result in physically accessing the device and the information in it or compromising the device.
o Consideration: Firmware should ensure that sensitive information such as location, identity, device banner, etc. is encrypted so that it becomes inaccessible to the attacker through debugging or at a physical level.
▪ Implicitly Trusted by Device or Cloud
o Vulnerability: Trusting each device connected to the network or the cloud without having any doubts about it can be risky. For example, a device connected to the network might be fake or infected, connection to which can infect the entire network.
o Consideration: Implementation of trust policies is appropriate to counter this problem. Policies should be such that a device or the cloud should be properly analyzed (based on identity, location, not infected, etc.) before it is considered trusted.
o Vulnerability: Some web applications have a security loophole where they reveal whether an entered username exists on the system. Exploiting this vulnerability, an attacker can guess and find the username, and then, can gain access to the device with that username using brute-force attacks.
o Consideration: Best practice to overcome this issue would be to design a system where the usernames cannot be easily found, and after certain failed attempts, the application should stop responding or providing service to the user for a certain period of time, and this time may continue increasing with an increase in the number of failed attempts.
o Vulnerability: Unavailability of account lockout mechanism after a certain period of inactivity on a system can result in unauthorized access to the device by hackers.
o Consideration: Account lockout mechanism incorporated in the device should lock out the user after a defined period of time so that no illegitimate users can access the account and obtain important information.
▪ Known Default Credentials or Weak Passwords
o Vulnerability: Lack of proper authentication mechanism or known default usernames and passwords may increase the chances of a credentials leak, which can put the device at risk.
o Consideration: An authentication mechanism should be used from the cloud side. Rather than transferring the credentials to the cloud every time, a mechanism such as a token should be used; keeping the token’s life span short (a few minutes) can automatically increase the security level.
o Vulnerability: Unsecured data storage can lead to a leak or exposure of sensitive or confidential data.
o Consideration: Firmware should be designed in such a way that all data storage layers of IoT is properly protected. Some storage layers in memory are NoSQL, RDBMS, and Big Data Hadoop.
▪ Transport Encryption, insecure password recovery mechanism, and two-factor authentication
▪ Inherent Trust of Cloud or Mobile Application
o Vulnerability: Trusting each mobile application or cloud without having any doubts about it leads to high risks. For example, a device using a malicious mobile application that may be fake or infected could result in the entire network being infected.
o Consideration: The implementation of trust policies is a perfect step to counter this problem. Policies should be such that a mobile application or the cloud is properly analyzed (based on identity, script, not infected, etc.) before it can be trusted.
o Vulnerability: As security is entirely dependent on the strength of the authentication mechanism and credentials used, a weak authentication mechanism may lead to device security issues such as loss of privacy, unauthorized access, change in device settings, and infection of different device components.
o Consideration: Two-factor or multi-factor authentication mechanisms should be used to increase the device’s security level
o Vulnerability: Failing to properly define the purpose of each device and its access level may result in a situation known as right escalation.
o Consideration: Proposing a method where each device can be configured, and its functionalities can be defined. ACL should be implemented at the device and network levels, which would eventually decrease the security gaps and improve the control over the devices.
▪ Health Checks
o Vulnerability: Any vulnerability present in a health care device can be exploited by an attacker and can put a patient’s life at risk. Vulnerable medical devices are also connected to many monitors and sensors, making them potential entry points to the larger network of a hospital.
o Consideration: Manufacturing companies, rather than increasing other features in healthcare devices, should increase security features, thus making it impossible for attackers to bypass the device’s security.
o Vulnerability: Security flaws in a pacemaker or features that make it accessible from a remote location, can be exploited by the potential hacker, which can even result in the death of a patient.
o Consideration: Manufacturing companies should emphasize more on medical device security and secure devices from potential attacks
▪ Ecosystem Commands
o Vulnerability: Lack of verification of any command coming from the system exposes it to exploits or attacks
o Consideration: Commands that alter the system or update the device’s configuration should have additional verification systems to check whether the command is from a genuine source
▪ De-provisioning
o Vulnerability: Devices that are not in use but still connected to the Internet can also lead to various attacks on the device and the network
o Consideration: Unused devices should be detached or terminated from the Internet. Removal of access to certain devices is also an effective solution to this problem.
▪ Pushing Updates
o Vulnerability: Malicious updates from the attackers through an attachment in the email or through compromised third parties can impact the system security badly by installing unwanted or malicious files that can lead to data loss and an inability to access the device or ransom demands to get access back to the device.
o Consideration: Device users should be more cautious while opening some links or attachments that seem suspicious or come from unknown sources
network Traffic
▪ LAN
o Vulnerability: The absence of robust security or configured security, lack of secure locations, and lack of network monitoring can result in problems such as connection interception, jamming signal attacks, man-in-the-middle attacks, etc.
o Consideration: Before deploying a LAN, its location security must be ensured, and a software level firewall should be deployed to keep hackers away from the network.
▪ LAN to Internet
o Vulnerability: Not having proper security infrastructure (Firewall, anti-virus, DMZ), lack of proper network monitoring, and insecure location of deployment can result in various attacks from internal or external networks.
o Consideration: The very first consideration when deploying a LAN is the location. Ensure that it is secure and proper security policies and practices are followed to enhance the network’s security, making it difficult for the attacker to breach the network security.
Short Range
o Vulnerability: Short-range devices such as Bluetooth devices are vulnerable to various attacks if the frequency on which they work is known to the intruder. They can easily see all personal or sensitive information present in your device.
o Consideration: In order to secure short-range communication, a good security design should be implemented to harden the device’s security.
▪ Non-standard
o Vulnerability: Non-standardized network traffic might contain malicious files that could harm the network security and devices
o Consideration: Each piece of passing network traffic should be standardized and checked before entering or leaving the network
Hacker Computer School
PlayGround For Hackers