IoT Attacks and Threats

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
7 hours 6 minutes
Difficulty
Intermediate
CEU/CPE
7
Video Transcription
00:01
Hey, everyone, welcome back to the course in this video. We're just gonna talk about some I o t attacks and threats. So specifically, we'll talk about some challenges of I o. T. We'll talk about I o t Attack Surface Areas and we'll talk about I o t threats as well.
00:13
So what are some of the challenges we have with I O T Well, number one. A lack of security and privacy, right? Think of the all the fitness trackers out there. How insecure are those by default,
00:25
using default or week or even hard coded credentials on these i. O. T devices again going back to best practices of security during the manufacturing process. Many of these have very weak credentials.
00:38
Open ports, so, Port said,
00:40
are really unnecessary that we don't need or even using clear text protocols.
00:47
It's sometimes can be difficult depending on the device to update the firmware, so manufacturers might make it difficult for you to update the firmware and operating system. So because of that, there might be more prevalent attacks because you're using outdated firmware and software,
01:03
no vendor support. So once you get that Fitbit, for example, there's no support on the actual devices for our security
01:10
coding errors. So are we hard coating credentials? Are there other heirs? Are there parameter airs that allow for things like a buffer overflow attack? So just different coding errors in the manufacturing process in the build process
01:23
and then storage issues. Where do we actually store this data? Where, Where? How is the data stored? Is it encrypted while it's on our on the device or not? That might allow an attacker to compromise the device and then take the data just because we don't have it encrypted.
01:40
So what are some of the attack surface areas on I O. T devices? Well, things like device memory, network services, ecosystem access control systems,
01:49
the physical interface on the device, Web interfaces, firmware. You notice there's a whole lot of these right admin interface. There's so many different ways to get in local data storage.
01:57
The Cloud Web interface
02:00
Third party AP eyes update mechanisms The mobile application itself
02:06
the vendor a p I. So the back end AP Ice
02:08
Network traffic as well, right? So just a lot of different ways that an attacker might be able to compromise the device and unfortunately ah, lot of times the manufacturing process is not secure.
02:19
So what are some of the i o. T. Threats out there? Well, a lot of them are common across many areas, right? And not just coyote, but things like DDOS attacks so distributed denial of service attacks. We talked about that throughout this course attacks directly on H V A C systems. Things like rolling cold attacks, blue born attacks, jamming attacks.
02:38
Essentially, where the Attackers, You're jamming that communication between the wireless I ot device. And so here in the US, if you're doing jamming attacks, just be mindful, even if you're doing it on your own devices that you may get some friendly people in suits knocking at your door
02:54
because in in many cases, uh, we're not giving legal advice. But in many cases, jamming is illegal here in the US,
03:02
using things like Grant somewhere, right. So different types of malware attacking the device. Remote access, using backdoors, remote access, using things like telnet.
03:12
Things like civil attack exploit kits, man in the middle
03:15
side channel attacks. There's just so many different ways that an I. O. T. Device might be compromised
03:23
so just a quick, quick question here. All the following our challenges of i o t. Accept which one? Privacy, strong credentials or storage? This one's pretty easy,
03:34
All right, if you get strong credentials, that's correct. Remember, we talked about their typically using week or default credentials or even, in some cases, hard coded credentials on the I O. T. Devices? And that opened up we vulnerability for an attacker to exploit.
03:47
So in this video, we just talked about some of the challenges of I O. T. The Different Coyote Attack Surface Areas and then some examples of I o T threats.
Up Next
Penetration Testing and Ethical Hacking

The Penetration Testing and Ethical Hacking course prepares students for certifications, like CEH. This course walks students through the process of gaining intelligence, scanning and enumerating and hacking the target.

Instructed By