IoT Threats and Vulnerabilities - Paiet/SEC-335 GitHub Wiki

Objectives:

OWASP Top 10 IoT Threats (2018)
- https://owasp.org/www-project-internet-of-things/
IoT Attack Surfaces
- Ecosystem
- Admin Portals and Web Interfaces
- Physical Interfaces
- Firmware
- Network Traffic/Communication
- Vendor and/or 3rd-Party APIs
- Local Storage
- Mobile App
IoT Vulnerabilities
- Many Oldies-but-goodies
  - Weak/No Encryption
  - Weak/No Passwords
  - No MFA/2FA
  - No lockout policy/capability
  - DoS
  - Theft
  - Lack of updates/patches/support
  - Physical console access
  - Insecure 3rd-Party components
  - JTAG(Joint Test Action Group) and side-channel