The Internet of Things (IoT) is growing rapidly, its potential to empower and advance nearly each and every individual and business is knwon. This open doors for tremendous opportunities for enterprises to develop new services and products that will offer comfort to their consumers.
The significant escalation of the IoT adoption also increases the number of security risks that businesses and consumers have to face. Any device connecting to the internet becomes a target and is subject to numerous attacks and theats that could compromise it and could even lead into becoming a backdoor for attackers into the enterprise.
The following list contains the IoT common threats and how they can harm your business/product:
Remote Control
An attacker remotely connecting and taking control over the smart device could lead to enabling/disabling of a service (for example, disarming an alarm), executing actions and commands and stealing any data held by the smart device, change the behavior or control flow of the device or even change its purpose.
This could be done by analyzing commands sent by a legitimate device, which are then repeated (such as startup and shutdown commands). This is usually done in order to bypass protection mechanisms such as encryption and digital signature. If the device supports ongoing connection (such as a TCP connection), an attacker might either impersonate a legitimate device (spoof/impersonate) or hijack an already existing connection.
Privacy Breach
Sensitive data, being used by the smart device (e.g. PII, Geolocations, HIPAA, etc.) is leaked through a remote Man-in-the-Middle (MitM) attacker, or via physical access to the smart-device.
For example, an attacker who gains access to a security camera, has the ability to detect the presence of people or objects, such as security guards, or to use it to spy on people.
Connected Device - Denial of Service (DoS)
A smart-device and its functionalities are disabled or affected by an attacker, via physical or remote access to the smart-device.
An attacker can deny the device the ability to send and receive communication, for example by using a jammer that will interfere with the signal through the use of an over-powered signal in the same frequency range.
Also, if a device supports external connections (the number of which is usually limited), an attacker can exhaust the connection pool by performing multiple connections that reach the connection threshold so a legitimate device can no longer connect.
Server Side - Denial of Service (DoS)
Server-side functionality, intended to serve smart-devices, is affected and denied by a malicious user, attacking the service from his own smart-device.
An attack on the server can further increase the potential damage caused by Denial of Service (similar to Disabling the Device) to affect all of the other users that consume the service.
Client Impersonation
An attacker connecting to the smart-device/server from a malicious, fake, endpoint/smart-device, intending to attack the smart-device/server.
If an attacker compromises a client and impersonates it, he could perform unauthorized actions or produce incorrect data. In some cases, the attacker might be able to disclose sensitive information by impersonating a legitimate client.
Server Spoofing
An attacker creating a fake endpoint/smart-device in order to connect and attack the endpoint/server and its data.
An attacker can use this to trick a legitimate user into providing sensitive information (such as credentials), which could be used for other attacks.
Exposure of Data in Transit
An attacker performing a MitM (Man in the Middle) attack between the smart device and the endpoint/server, in order to steal data exposed during the communication, whether they communicate over Wifi, Bluetooth, RF or any other protocol.
Exposure of Data at Rest
An attacker connecting to a smart-device and stealing any data stored insecurely on the connected device’s local storage.
Intellectual Property Theft
A malicious user, exposing and stealing intellectual property by connecting to the device due to an insecure implementation.
Network Pivoting
An attacker hacking into the “closed” server (which otherwise will be inaccessible), by serving as a (malicious) smart-device, which has access to the server.
An attacker can then “move” around inside the server or even the network in order to disclose sensitive information or perform actions (based on the device’s authorization).
Mobile App Attacks
A malicious user attacking and exploiting the IoT mobile application, used to communicate with the smart-device.
Unauthorized Operations
An attacker performing unauthorized operations on the smart-device, and/or using the smart-device maliciously to perform unauthorized operations on the server/end-point.
This can lead to unauthorized manipulation of data at the device level or even the entire infrastructure (using the server side).
Server Side Attacks
A remote attacker, exploiting server-side functionalities, used to serve smart-devices. This could lead to data leakage, controlling remote devices, disabling devices, and more.
Insecure Firmware and Device Updates
An insecure firmware and/or device update, allowing an attacker to target the subjected smart-device. This could lead to installation of malware, backdoors, disabling of the device (brick the device) and more.
Specific Industry Threats
An attacker using insecure smart-devices to perform industry-specific attacks, such as faking health data, exposing financial information in order to steal money, causing real-life threats, and more.
In other cases, for devices such as a pacemaker, an attacker can put the user (a person) in a life-threating situation. Another example can be, if an attacker is able to hijack a car’s internal computer and disable alarm systems or even the breaks.
Regulations / Complinace
Insecure implementation, violating desired regulations, such as PCI, HIPAA, SOX, etc. Violating regulations can lead to financial penalties and service halts.
Some companies can even break deals with other companies if certain regulations are not met.
Insecure Trust between Components
A smart-device relying on weak authentication, allowing malicious endpoints/apps to easily impersonate and connect to it.
An attacker can use these to impersonate a user or another device.
Device Enrollment and Provisioning
Insecure enrollment and provisioning processes, allowing malicious users to impersonate or authenticate to a protected smart-device, delete legitimate users, cause Denial of Service (making a legitimate user unable to enroll or connect) and more.
Lack or Insecure Encryption
A smart-device lacking encryption, or using weak encryption for either the smart-device data, stored in the device’s local storage or the data sent during the communication between the smart-device to the server/end-point/app could lead to privacy breach, sensitive data leakage or even impersonation of legitimate users.
Sensor Manipulation
An attacker manipulating IoT sensors to provide a misrepresentation of the actual state. This could lead to the user completely distrusting the device and/or service given by the provider, or even to actual physical and/or property damage.
Insecure Admin Interfaces
An administrative interface, providing smart-devices commands and control solutions, attacked and accessed by an attacker, either remotely or through a legitimate smart-device. This could lead to administrative actions performed by an attacker, such as manipulating data, controlling/disabling smart-device and more.
Replay Attacks
An attacker could recording a request being sent from a legitimate smart-device, and re-send it at a time convenient to the attacker in order to perform the intended action. This could lead to activating/deactivating states, locking/unlocking devices, and more.
3rd Party APIs and Components
Smart-devices using an insecure/vulnerable 3rd-party API(s) as part of the IoT product, exposing them to potential risks, introduced by the 3rd party.
For list of AppSec Labs’ attacks and tests, visit the IoT Attacks and Tests page.
