Lecture 9 - What are Some IOT Vulnerabilities (Extraction from Main Set) Flashcards
1
Q
Deficient physical security
A
- Unauthorized physical access possible
2
Q
Improper Encryption
A
- Resource limitations of IoT affects encryption
2
Q
Inadequate authentication
A
- Simple authentication due to limited processingpower and energy
3
Q
Insufficient energy harvesting
A
- Stored energy can be drained by an attacker by legitimate or corrupt messages.
4
Q
Unnecessary open ports
A
- IoT devices have unnecessarily open ports while running vulnerable services
4
Q
Insufficient Access control
A
- IoT devices in conjunction with their cloud management solutions do not force a password of sufficient complexity
- Default user credentials not forced to change
- Most of the users have elevated permissions and can be misused.
5
Q
Improper patch management capabilities
A
- Manufacturers either do not recurrently maintain security patches or do not have in place automated patch-update mechanisms.
- Moreover, even available update mechanisms lack integrity guarantees, rendering them susceptible to being maliciously modified
6
Q
Weak programming practices
A
- IoT manufacturers release firmware with known vulnerabilities
7
Q
Insufficient audit mechanisms
A
- IoT devices lack thorough logging procedures, rendering it possible to conceal IoT-generated malicious activities
