Internet of Things (IoT) Concept
How does the Internet of Things works?
The architecture of IoT depends upon five layers which are as follows:
- Application Layer
- Middleware Layer
- Internet Layer
- Access Gateway Layer
- Edge Technology Layer
IoT Communication Models
Device-to-Device Model
Device-to-Cloud Model
Device-to-Gateway Model
Back-End Data-Sharing Model
Understanding IoT Attacks
Challenges to IoT
Some major challenges to IoT technology are as follows
- Lack of Security
- Vulnerable Interfaces
- Physical Security Risk
- Lack of Vendor Support
- Difficult to update firmware and OS
- Interoperability Issues
OWASP Top 10 IoT Vulnerabilities
IoT Attack Areas
- Device memory containing credentials.
- Access Control.
- Firmware Extraction.
- Privileges Escalation.
- Resetting to an insecure state.
- Removal of storage media.
- Web Attacks.
- Firmware Attacks.
- Network Services Attacks.
- Unencrypted Local Data Storage.
- Confidentiality and Integrity issues.
- Cloud Computing Attacks.
- Malicious updates.
- Insecure APIs.
- Mobile Application threats.
IoT Attacks
- DDoS Attack
- Rolling Code Attack
- BlueBorne Attack
- Jamming Attack
- Backdoor
- Eavesdropping
- Sybil Attack
- Exploit Kits
- Man-in-the-Middle Attack
- Replay Attack
- Forged Malicious Devices
- Side Channel Attack
- Ransomware Attack
IoT Hacking Methodology
- Information Gathering
- Vulnerability Scanning
- Launch Attack
- Gain Access
- Maintain Attack
Countermeasures
Countermeasure for IoT devices includes the following measures which are recommended by the manufacturing companies.
- Firmware update
- Block unnecessary ports
- Disable Telnet
- Use encrypted communication such as SSL/TLS
- Use strong password
- Use encryption of drives
- User account lockout
- Periodic assessment of devices
- Secure password recovery
- Two-Factor Authentication
- Disable UPnP
