OWASP Top 10 Vulnerabilities IoT Security: Lack of Physical Hardening

OWASP Top 10 Vulnerabilities IoT Security: Lack of Physical Hardening

With ever increases attack surfaces with IoT devices, physical hardening is also one of the important aspects of IoT Security. Many times these devices are being part of critical infrastructure and threat actors will desire to backdoor it abusing the OWASP top 10 vulnerabilities.


There are a majority of ways in which an Iot device can be compromised and exploited.


The OWASP top 10 vulnerabilities are such that even a person who has almost zero knowledge about hacking can abuse the vulnerabilities to their ease.


Let’s say your IoT product connects to the MQTT server remotely and exposes the root shell over UART, in this scenario an attacker can gain access to the device. After basic enumeration, they will find your credentials to connect to the MQTT instance on a device that you shipped to customers. And this MQTT server is being used for pushing sensor data and common for everyone since the same creds will be inside of the firmware on the production device. You can now understand how quickly one can escalate from physical to remote access in our own infrastructure.


One more example that can be added here is the case of smart locks. Often these fancy smart locks with fingerprint and mobile app-control lack a simple thing. Yes, you guess it right, it lacks physical hardening. See the video below really laughable case where you can just open the lock by removing three screws, despite having cool and advance technological features.


[embedded co ..

Support the originator by clicking the read the rest link below.