IoT Attacks and Threats
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Transcription
00:00
>> Hi everyone. Welcome back to the course.
00:00
In this video we're just going to talk about
00:00
some IoT attacks and threats.
00:00
Specifically, we'll talk about some challenges of IoT,
00:00
we'll talk about IoT attack surface areas,
00:00
and we'll talk about IoT threats as well.
00:00
What are some of the challenges we have with IoT?
00:00
Number 1, a lack of security and privacy.
00:00
Think of the all fitness trackers out there.
00:00
How insecure are those by default?
00:00
Using default or weak even hardcoded credentials
00:00
on these IoT devices.
00:00
Going back to best practices of
00:00
security during the manufacturing process,
00:00
many of these have very weak credentials. Open ports.
00:00
Ports that are really unnecessary that we don't
00:00
need or even using clay clear text protocols.
00:00
It's sometimes can be difficult
00:00
depending on the device to update the firmware.
00:00
Manufacturers may make it difficult for you to
00:00
update the firmware and operating system.
00:00
Because of that, there might be
00:00
more prevalent attacks because you're using
00:00
outdated firmware and software. No vendor support.
00:00
Once you get that Fitbit, for example,
00:00
there's no support on the actual
00:00
device as far as security.
00:00
Coding errors. Are we hardcoding credentials?
00:00
Are there other errors?
00:00
Are there parameter errors
00:00
that allow for things like a buffer overflow attack?
00:00
Just different coding errors in
00:00
the manufacturing process and the build process.
00:00
Storage issues. Where do we actually store this data?
00:00
How is the data stored?
00:00
Is it encrypted while it's on our device or not?
00:00
That might allow an attacker to compromise the device
00:00
and then take the data just
00:00
because we don't have it encrypted.
00:00
What are some of the attacks surface areas
00:00
on IoT devices?
00:00
Things like device memory, network services,
00:00
ecosystem access control systems,
00:00
the physical interface or
00:00
the device, web interfaces, firmware.
00:00
You notice there's a whole lot of these. Admin interface.
00:00
There's so many different ways to get in,
00:00
local data storage,
00:00
the cloud web interface, third-party APIs,
00:00
update mechanisms, the mobile application itself,
00:00
the vendor APIs or the backend APIs,
00:00
network traffic as well.
00:00
So just a lot of different ways that
00:00
an attacker might be able to compromise the device.
00:00
Unfortunately, a lot of times
00:00
the manufacturing process is not secure.
00:00
What are some of the IoT threats out there?
00:00
A lot of them are common across
00:00
many areas and not just IoT but
00:00
things like DDoS attack,
00:00
distributed denial-of-service attacks.
00:00
We've talked about that throughout this course.
00:00
Attacks directly on HVAC systems.
00:00
Things like rolling cold attacks,
00:00
BlueBorne attacks, jamming attacks,
00:00
essentially worthy attackers to channeling
00:00
that communication between the wireless IoT device.
00:00
Here in the US, if you're doing
00:00
jamming attacks, just be mindful,
00:00
even if you're doing it on your own devices that you may
00:00
get some friendly people in suits knocking at your door.
00:00
Because in many cases,
00:00
might not giving legal advice, but in many cases
00:00
jamming is illegal here in the US.
00:00
Using things like ransomware.
00:00
Different types of malware attacking the device,
00:00
remote access using backdoors,
00:00
remote access using things like telnet,
00:00
things like civil attack,
00:00
exploit kits, man-in-the middle,
00:00
side-channel attacks, there's just so many different ways
00:00
that an IoT device might be compromised.
00:00
Just a quick quiz question here.
00:00
All the following are challenges of IoT except which one?
00:00
Privacy, strong credentials,
00:00
or storage. This one's pretty easy.
00:00
If you guessed strong credentials, that's correct.
00:00
Remember we talked about they're typically using
00:00
weak or default credentials or even in some cases,
00:00
hardcoded credentials on IoT devices that opened
00:00
up a vulnerability for an attacker to exploit.
00:00
In this video we just talked about some
00:00
of the challenges of IoT,
00:00
the different IoT attack surface areas,
00:00
and then some examples of IoT threats.
Up Next
Instructed By
Similar Content
