|
Ref | Security weaknesses | Description |
|
[95] | Inadequate authentication | A significant risk arises as a result of poor or inefficient authentication procedures, allowing unauthorized access to IoT devices |
[96] | Poor encryption | Weak or non-existent encryption protocols can leave data transmissions susceptible to interception and compromise, jeopardising the secrecy of critical information |
[97] | Vulnerable firmware | Outdated or inadequately patched firmware can be exploited, leaving devices susceptible to known vulnerabilities that may have been addressed in newer versions |
[98] | Insecure interfaces | Interfaces and APIs that lack sufficient security safeguards can be used by malicious actors to influence device functionalities or undermine their integrity |
[99] | Insufficient patching | Patch management practises that are irregular or poor may expose devices to known vulnerabilities for lengthy periods of time, raising the chance of exploitation |
[100] | Default credentials | Manufacturers’ use of default usernames and passwords makes it easier for unauthorized individuals to gain access, a significant security oversight |
[101] | Lack of physical security | Insufficient safeguards against physical tampering, or an adversary can expose IoT devices to both direct physical attacks and unauthorized access, potentially leading to device compromise |
[102] | Inadequate user education | End-users, often lacking awareness or understanding of IoT device security best practices, may inadvertently contribute to security breaches through misconfiguration or uninformed usage |
[103] | Privacy concerns | Inadequate data protection and privacy measures may expose user data to unnecessary risks, raising concerns about unauthorized data collection and misuse |
[104] | Denial of service (DoS) | IoT devices may be susceptible to DoS attacks, rendering them inoperative and disrupting critical services or functions |
|