Information Assurance - 4

Question 1

• physical devices that are equipped with sensors, software, and internet connectivity.
• These devices can collect and exchange data with other devices and systems over the internet or other networks.
• In simpler terms, it’s about everyday objects becoming smart and interconnected.

Answer 1

Internet of Things (IoT)

Question 2

The term “Internet of Things” is coined by

Answer 2

Kevin Ashton “The Father of IoT” in 1999.

Question 3

FEW APPLICATIONS OF IOT

Answer 3

1. Building and Home automation
2. Manufacturing
3. Medical and Healthcare Systems
4. Media
5. Environmental Monitoring
6. Infrastructure Management
7. Energy Management
8. Transportation
9. Better quality of life for the Elderly

Question 4

Examples of IOT

Answer 4

1. Smart Home Devices
2. SENSORS
3. Wearable technologies
4. IoT-Enabled Prosthetics
5. Personal Medical Devices
6. Smart Inhalers

Question 5

are electronic devices that are physically worn by individuals in order to track, analyze and transmit personal data

Answer 5

Wearable technologies

Question 6

These devices - such
as FitBit, Nike FuelBand,
or Withings – generally
communicate using
BlueTooth to
nearby personal
mobile devices.

Answer 6

Consumer products for health monitoring

Question 7

FOUR CATEGORIES OF NETWORKED MEDICAL DEVICES

Answer 7

1. Consumer products for health monitoring
2. Wearables
3. Internally embedded medical devices
4. Stationary medical devices

Question 8

one that can drive itself from a starting point to a predetermined destination in “autopilot” mode using various in-vehicle technologies.

Answer 8

Autonomous Vehicle

Question 9

a malicious attempt to exploit vulnerabilities in internet-connected devices, such as smart home devices, industrial control systems, and medical devices

Answer 9

IoT Attack

Question 10

How does an IoT attack
differ from IT attacks?

Answer 10

1. Attack surface
2. Diversity of devices
3. Physical impact
4. Legacy devices

Question 11

• IoT devices are often designed with limited resources and processing power.
• So they may lack security features to protect against attacks, making them more vulnerable to attacks compared to IT.

Answer 11

Attack surface

Question 12

IoT devices often have longer lifes. Many older devices will be in use and connected. Legacy devices may not receive software updates or security patches, making them more vulnerable.

Answer 12

Legacy devices

Question 13

The types of IoT devices vary significantly in form factor,operating systems, and network connectivity. So standardized security measures are more complex, leaving some more vulnerable to attacks than
others.

Answer 13

Diversity of devices

Question 14

IoT devices are often used in critical infrastructure or life-sustaining systems, such as medical devices, which means that an attack on these devices can have severe physical consequences. In contrast, most IT attacks are focused on stealing data or disrupting services.

Answer 14

Physical impact

Question 15

Challenges faced by IoT

Answer 15

1. Scalability
2. Security
3. Technical Requirements
4. Technological Standardization
5. Software Complexity

Question 16

IoT Attacks Examples

Answer 16

1. The Mirai Botnet
2. Verkada Hack
3. Cold in Finland IoT Attack

Question 17

Common IoT
Vulnerabilities

Answer 17

1. Weak, guessable, or hardcoded passwords
2. Lack of secure update mechanism
3. Insecure Networks
4. Insecure or Outdated Components

Question 18

are among the most frequent methods attackers use to compromise IoT devices. Weak and reused passwords, which are short or easy to guess, are simple for attackers to crack, which they then use to compromise devices and launch large-scale attacks.

Answer 18

Weak, guessable, or hardcoded passwords

Question 19

make it easy for cyber criminals to exploit weaknesses in the protocols and services that run on IoT devices. Once they have exploited a network, attackers can breach confidential or sensitive data that travels between user devices and the server. Insecure networks are particularly susceptible to man-in-the-middle (MITM) attacks, which aim to steal credentials and authenticate devices as part of broader cyberattacks.

Answer 19

Insecure Networks

Question 20

Devices with insecure update processes risk installing malicious or unauthorized code, firmware, and software. Corrupt updates can compromise IoT devices, which could be critical for organizations in the energy, healthcare, and industrial sectors.

Answer 20

Lack of secure update mechanism

Question 21

The IoT ecosystem can be compromised by code and software vulnerabilities and legacy systems. Using insecure or outdated components, such as open-source code or third-party software, can present vulnerabilities that expand an organization’s attack surface.

Answer 21

Insecure or Outdated Components

Question 22

entails reviewing and restricting the access permissions of smart devices, such as limiting unnecessary access to sensitive data like contacts, thus minimizing potential privacy breaches.

Answer 22

Monitor permissions

Question 22

involves ensuring that WiFi networks are protected by strong, unique passwords and avoiding connections to unfamiliar or untrusted networks, reducing the risk of unauthorized access.

Answer 22

Use secure networks

Question 22

involves implementing network security measures, like firewalls, to shield IoT devices from attacks and block unauthorized access to hidden protocols, enhancing overall security posture.

Answer 22

Protect your devices

Question 23

regularly installing updates released by manufacturers to address known vulnerabilities and enhance security features, thus safeguarding IoT devices against potential threats.

Answer 23

Keep Firmware Updated

Question 24

involves altering usernames, passwords, and network configurations on IoT devices to prevent unauthorized access, as default settings are often exploited by attackers.

Answer 24

Change default settings

Question 25

Mitigating IOT

Vulnerabilities

Answer 25

1. Change default settings
2. Keep Firmware Updated
3. Use secure networks
4. Monitor permissions
5. Protect your devices