出版社:Academy of Economic Studies - Bucharest, Romania
摘要:An increase in popularity and adoption of IoT products encountered a direct proportionate interest in attacks and exploits on such solutions, having a measurable economic impact on the business industry and the IoT customers. The research analysis conducted on various IoT devices revealed security issues with patterns that are strongly related to high-risk vulnerabilities used in common exploit chains and malware campaigns. This includes vulnerabilities such as weak or default credentials, usage of outdated and vulnerable software, sensitive data exposure and missing security best practices and standards. This paper tackles multiple vectors of attack that are threatening the privacy and security integrity level of IoT devices in order to discover potential entry points and post-exploitation techniques that are often used on IoT attacks. The research perspective covers the malware incident aspect, vulnerabilities that are affecting different components and the overall security level provided by the products, with a focus on the economic impact delivered by such outcomes. Malware outbreaks are studied along with the impact of publicly known vulnerabilities, the attack surface of an IoT device and the mitigation enforced by some vendors. The security evaluation methodology was based on Penetration Testing practices, targeting all the components exposed by the IoT devices that were studied. This included the network capabilities, web and mobile applications and targeted the physical attack vectors as well. The recent IoT attacks were studied in order to draw conclusions and create potential recommendations and improvements to the IoT landscape.
