IoT Security and Malware

2.

The IoT Attack Surface and Threat Modeling

2.1.

Understanding the Attack Surface

2.1.1.

Device-Level Attack Vectors

2.1.1.1.

Physical Interfaces

2.1.1.1.1.

Debug Ports (JTAG, UART)

2.1.1.1.1.1.

JTAG Exploitation

2.1.1.1.1.2.

UART Console Access

2.1.1.1.1.3.

SWD Interface Attacks

2.1.1.1.2.

USB and SD Card Access

2.1.1.1.2.1.

USB Device Emulation

2.1.1.1.2.2.

Mass Storage Attacks

2.1.1.1.2.3.

Firmware Loading via USB

2.1.1.1.3.

Serial Consoles

2.1.1.1.3.1.

Console Access Methods

2.1.1.1.3.2.

Privilege Escalation via Console

2.1.1.1.3.3.

Configuration Extraction

2.1.1.2.

Firmware and Software

2.1.1.2.1.

Firmware Vulnerabilities

2.1.1.2.1.1.

Buffer Overflows

2.1.1.2.1.2.

Format String Vulnerabilities

2.1.1.2.1.3.

Integer Overflows

2.1.1.2.1.4.

Use-After-Free Vulnerabilities

2.1.1.2.2.

Insecure Bootloaders

2.1.1.2.2.1.

Unsigned Boot Code

2.1.1.2.2.2.

Bootloader Bypass Techniques

2.1.1.2.2.3.

Secure Boot Failures

2.1.1.2.3.

Outdated Software Components

2.1.1.2.3.1.

Vulnerable Libraries

2.1.1.2.3.2.

Unpatched Operating Systems

2.1.1.2.3.3.

Legacy Protocol Implementations

2.1.1.3.

Local Data Storage

2.1.1.3.1.

Unencrypted Storage

2.1.1.3.1.1.

Plaintext Configuration Files

2.1.1.3.1.2.

Unprotected Databases

2.1.1.3.1.3.

Clear-Text Logs

2.1.1.3.2.

Sensitive Data Exposure

2.1.1.3.2.1.

Credential Storage

2.1.1.3.2.2.

Private Key Exposure

2.1.1.3.2.3.

User Data Leakage

2.1.1.4.

Wireless Interfaces

2.1.1.4.1.

Wi-Fi Vulnerabilities

2.1.1.4.1.1.

WEP/WPA Attacks

2.1.1.4.1.2.

Evil Twin Attacks

2.1.1.4.1.3.

Wi-Fi Direct Exploitation

2.1.1.4.2.

Bluetooth Attacks

2.1.1.4.2.1.

BlueBorne Vulnerabilities

2.1.1.4.2.2.

Bluetooth Pairing Attacks

2.1.1.4.2.3.

BLE Security Issues

2.1.1.4.3.

Zigbee and Other Protocols

2.1.1.4.3.1.

Key Management Flaws

2.1.1.4.3.2.

Protocol Implementation Bugs

2.1.1.4.3.3.

Mesh Network Attacks

2.1.2.

Network-Level Attack Vectors

2.1.2.1.

Insecure Communication Protocols

2.1.2.1.1.

Lack of Encryption

2.1.2.1.1.1.

Plaintext Protocols

2.1.2.1.1.2.

Weak Encryption Algorithms

2.1.2.1.1.3.

Poor Key Management

2.1.2.1.2.

Weak Authentication

2.1.2.1.2.1.

No Authentication

2.1.2.1.2.2.

Default Credentials

2.1.2.1.2.3.

Weak Password Policies

2.1.2.2.

Man-in-the-Middle (MitM) Attacks

2.1.2.2.1.

Traffic Interception

2.1.2.2.1.1.

Packet Sniffing

2.1.2.2.1.2.

Protocol Downgrade Attacks

2.1.2.2.1.3.

Certificate Spoofing

2.1.2.2.2.

Session Hijacking

2.1.2.2.2.1.

Session Token Theft

2.1.2.2.2.2.

Session Replay Attacks

2.1.2.2.2.3.

Cookie Manipulation

2.1.2.3.

Network Service Exploitation

2.1.2.3.1.

Open Ports and Services

2.1.2.3.1.1.

Unnecessary Service Exposure

2.1.2.3.1.2.

Default Service Configurations

2.1.2.3.1.3.

Service Enumeration

2.1.2.3.2.

Exploitable Network Daemons

2.1.2.3.2.1.

Web Server Vulnerabilities

2.1.2.3.2.2.

FTP Service Exploits

2.1.2.3.2.3.

SSH Brute Force Attacks

2.1.3.

Cloud and Application-Level Attack Vectors

2.1.3.1.

2.1.3.1.1.

Lack of Input Validation

2.1.3.1.1.1.

2.1.3.1.1.2.

Command Injection

2.1.3.1.1.3.

2.1.3.1.2.

Inadequate Authentication

2.1.3.1.2.1.

Missing Authentication

2.1.3.1.2.2.

Broken Authentication

2.1.3.1.2.3.

Session Management Flaws

2.1.3.2.

Web Interface Vulnerabilities

2.1.3.2.1.

Cross-Site Scripting (XSS)

2.1.3.2.1.1.

2.1.3.2.1.2.

2.1.3.2.1.3.

2.1.3.2.2.

Cross-Site Request Forgery (CSRF)

2.1.3.2.2.1.

State-Changing Requests

2.1.3.2.2.2.

Token Validation Bypass

2.1.3.2.3.

2.1.3.2.3.1.

Union-Based Injection

2.1.3.2.3.2.

Blind SQL Injection

2.1.3.2.3.3.

Time-Based Injection

2.1.3.3.

Data Breaches in the Cloud

2.1.3.3.1.

Misconfigured Storage Buckets

2.1.3.3.1.1.

Public S3 Buckets

2.1.3.3.1.2.

Exposed Databases

2.1.3.3.1.3.

Unsecured File Shares

2.1.3.3.2.

Insecure Data Sharing

2.1.3.3.2.1.

Overprivileged Access

2.1.3.3.2.2.

2.1.3.3.2.3.

Third-Party Access Issues

2.2.

Threat Modeling for IoT Systems

2.2.1.

STRIDE Model Application

2.2.1.1.

2.2.1.1.1.

Device Impersonation

2.2.1.1.1.1.

MAC Address Spoofing

2.2.1.1.1.2.

Device ID Cloning

2.2.1.1.1.3.

Certificate Spoofing

2.2.1.1.2.

2.2.1.1.2.1.

User Account Compromise

2.2.1.1.2.2.

Service Impersonation

2.2.1.1.2.3.

False Device Registration

2.2.1.2.

2.2.1.2.1.

Firmware Modification

2.2.1.2.1.1.

Malicious Firmware Installation

2.2.1.2.1.2.

Firmware Downgrade Attacks

2.2.1.2.1.3.

Bootloader Modification

2.2.1.2.2.

Data Manipulation

2.2.1.2.2.1.

Sensor Data Falsification

2.2.1.2.2.2.

Configuration Tampering

2.2.1.2.2.3.

Log File Modification

2.2.1.3.

2.2.1.3.1.

Lack of Audit Trails

2.2.1.3.1.1.

Missing Event Logs

2.2.1.3.1.2.

Insufficient Logging

2.2.1.3.1.3.

2.2.1.3.2.

Untraceable Actions

2.2.1.3.2.1.

Anonymous Access

2.2.1.3.2.2.

Missing Digital Signatures

2.2.1.3.2.3.

Weak Accountability Mechanisms

2.2.1.4.

Information Disclosure

2.2.1.4.1.

2.2.1.4.1.1.

Sensitive Data Exposure

2.2.1.4.1.2.

Side-Channel Attacks

2.2.1.4.1.3.

2.2.1.4.2.

2.2.1.4.2.1.

Network Traffic Interception

2.2.1.4.2.2.

Wireless Signal Interception

2.2.1.4.2.3.

Acoustic Emanations

2.2.1.5.

Denial of Service

2.2.1.5.1.

Resource Exhaustion

2.2.1.5.1.1.

2.2.1.5.1.2.

Memory Exhaustion

2.2.1.5.1.3.

Storage Depletion

2.2.1.5.2.

Service Disruption

2.2.1.5.2.1.

Network Flooding

2.2.1.5.2.2.

Protocol Exploitation

2.2.1.5.2.3.

Physical Interference

2.2.1.6.

Elevation of Privilege

2.2.1.6.1.

Privilege Escalation Attacks

2.2.1.6.1.1.

Local Privilege Escalation

2.2.1.6.1.2.

Remote Privilege Escalation

2.2.1.6.1.3.

Kernel Exploits

2.2.1.6.2.

Exploiting Misconfigurations

2.2.1.6.2.1.

Default Permissions

2.2.1.6.2.2.

Overprivileged Services

2.2.1.6.2.3.

Weak Access Controls

2.2.2.

DREAD Model for Risk Assessment

2.2.2.1.

Damage Potential

2.2.2.1.1.

Impact Assessment

2.2.2.1.2.

Business Continuity Risk

2.2.2.1.3.

Safety Implications

2.2.2.2.

Reproducibility

2.2.2.2.1.

Attack Consistency

2.2.2.2.2.

Exploit Reliability

2.2.2.2.3.

Environmental Dependencies

2.2.2.3.

2.2.2.3.1.

Skill Level Required

2.2.2.3.2.

Tool Availability

2.2.2.3.3.

Access Requirements

2.2.2.4.

2.2.2.4.1.

User Base Impact

2.2.2.4.2.

Critical System Dependencies

2.2.2.4.3.

Cascading Effects

2.2.2.5.

Discoverability

2.2.2.5.1.

Vulnerability Visibility

2.2.2.5.2.

Attack Surface Exposure

2.2.2.5.3.

Detection Difficulty

Previous

1. Introduction to IoT and its Security Landscape

Go to top

Next

3. Common IoT Vulnerabilities