OWASP’s Top 10 IoT vulnerabilities(OWASP TOP 10 IoT)

Internet of Things (IoT) Top 10 2014

• I1 Insecure Web Interface
• I2 Insufficient Authentication/Authorization
• I3 Insecure Network Services
• I4 Lack of Transport Encryption
• I5 Privacy Concerns
• I6 Insecure Cloud Interface
• I7 Insecure Mobile Interface
• I8 Insufficient Security Configurability
• I9 Insecure Software/Firmware
• I10 Poor Physical Security

Internet of Things (IoT) Top 10 2018

• I1 Weak Guessable, or Hardcoded Passwords

• I2 Insecure Network Services

• I3 Insecure Ecosystem Interfaces

• I4 Lack of Secure Update Mechanism

• I5 Use of Insecure or Outdated Components

• I6 Insufficient Privacy Protection

• I7 Insecure Data Transfer and Storage

• I8 Lack of Device Management

• I9 Insecure Default Settings

• I10 Lack of Physical Hardening

 

OWASP Top 10 IoT device security vulnerabilities

1. Weak, guessable, or hardcoded passwords

Passwords authenticate a valid user, giving access to a device’s security settings, administrative powers, and private data. Poor password creation or management is a critical, ongoing security issue, especially as many device owners do not change the default password.

Hardcoding makes it easier for developers or engineers to sort problems out on remote devices but they can easily be used for unauthorized access. It also means that if a hacker manages to get one password, they can use it to break into every similar device. Manufacturers should remove any such backdoors and make sure that every device is provisioned with a unique set of credentials. Devices should come with strong default passwords and disallow setting of weak passwords.

2. Insecure network services

Insecure connectivity features such as open ports or unneeded services increase the attack surface of an IoT device, leading to the possibility of data leaks or remote code execution. Device manufacturers can address these vulnerabilities by restricting connective services to the necessary minimum and using secure transmission protocols at all times.

3. Insecure ecosystem interfaces

The interfaces that an IoT device interacts with can also be affected by serious security flaws. Web, mobile, backend API, or cloud interfaces offer hackers access to significant information about a device’s software, functions, and data. Weak authentication allows hackers to gain unauthorized access through a device’s interface, while poor encryption or input and output filters put the data the device sends and receives at risk.

4. Lack of secure update mechanism

Updates are a key weapon in tackling IoT device security vulnerabilities, as developers use them to eliminate bugs and close off security flaws. Without secure update mechanisms however, software and firmware updates can actually put devices at risk. Updates can be subject to tampering, either at source or in transit.  To prevent this, updates should be digitally signed, delivered over secure channels, and the signature verified before applying. In addition, IoT manufacturers should include mechanisms that stop hackers from rolling back updates and users should be informed of any time-urgent security updates.

5. Use of insecure or outdated components

Legacy technology that is compromised or can no longer be updated poses an enormous threat to IoT device security. Insecure components can effectively build-in flaws that hackers can use to gain access across a whole range of unrelated devices. A recent example is the speculative execution attacks affecting Intel, ARM, and AMD processors.  The best defense is to not use legacy technology and replace it as quickly as possible. In the case of legacy devices that have not been provisioned with secure identities, manufacturers can build in security after deployment using specialized PKI services that use a white-box cryptographic solution to securely deliver keys.

6. Insufficient privacy protection

Privacy protection is not just good corporate behavior; it’s also a major compliance risk. Legislation such as GDPR defines expected privacy protections for all tech-involved companies, including IoT device manufacturers. For IoT devices, privacy protection can be a security vulnerability due to insecure local data storage or even the unauthorized collection and storage of personal data.

7. Insecure data transfer and storage

Staying with data issues, the next entry on the OWASP list of IoT device security vulnerabilities focuses on poor data encryption and lack of authentication mechanisms. Data can be exposed at various phases: at rest, in transmission, or during processing. This gives hackers multiple opportunities to steal and understand data. Weak encryption, along with poor or absent access controls, makes a device’s data a soft target. 

8. Lack of device management

Tracking devices once they have been deployed is vital to ensure a secure environment. Without adequate asset management, it becomes impossible to monitor and defend IoT networks effectively through processes such as update management, secure decommissioning, and certificate revocation for compromised devices in a public key infrastructure. Without a complete picture of what is happening with all the IoT devices on a network, it becomes impossible to manage defenses and threat responses, making all devices more vulnerable.

9. Insecure default settings

Default settings should always be applied with the safety of the final user and the device’s long-term security in mind. Often, however, the default settings represent a “bare-minimum” approach or may even introduce vulnerabilities, for example hardcoded passwords or exposed services running with root permissions. Manufacturers should give device admins the ability to cure these as well as set and enforce permissions to restrict users from modifying configurations without proper approval.

10. Lack of physical hardening

It’s important not to neglect physical hardening of the device against attacks that extract sensitive information which could be used in a remote attack or to gain control of the device. Some measures that can be taken to physically harden a device include disabling or isolating debug ports, using secure boot to validate firmware, and not storing sensitive information on a removable memory card. 

--해석--

취약점 1. 쉬운 암호, 유추할 수 있는 암호 또는 하드코딩된 암호
 “무차별 대입 공격으로 손쉽게 노출되거나 펌웨어 또는 클라이언트 소프트웨어의 백도어를 포함하여 배포된 시스템에 대한 무단 액세스 권한을 부여하는 공개적인 인증 정보 또는 변경할 수 없는 인증 정보를 사용하는 것”

취약점 2. 안전하지 않은 네트워크 서비스
“디바이스 자체에서 실행되면서 정보의 기밀성, 무결성/신빙성 또는 가용성을 훼손하거나 무단 원격 제어를 허용하는 불필요하거나 안전하지 않은 네트워크 서비스(특히 인터넷에 노출되는 서비스).”

취약점 3. 안전하지 않은 생태계 인터페이스
 “디바이스 또는 관련 구성요소의 침해를 허용하는 디바이스 외부 생태계의 안전하지 않은 웹, 백엔드 API, 클라우드 또는 모바일 인터페이스. 일반적인 문제에는 인증/승인의 부재, 암호화의 부재 또는 빈약함, 입출력 필터링의 부재 등이 포함된다.”

취약점 4. 안전한 업데이트 메커니즘의 부재
 “디바이스를 안전하게 업데이트할 수 있는 기능의 부재. 여기에는 디바이스의 펌웨어 검증 부재, 안전한 전송 방법의 부재(전송 중 암호화되지 않음), 롤백 방지 메커니즘의 부재, 업데이트로 인한 보안 변경 알림의 부재가 포함된다.”

취약점 5. 안전하지 않거나 오래된 구성요소 사용
 “디바이스 침해를 유발하는, 지원이 중단되거나 안전하지 않은 소프트웨어 구성요소/라이브러리 사용. 여기에는 운영 체제 플랫폼의 안전하지 않은 개조, 침해된 공급망에서 나온 서드파티 소프트웨어 또는 하드웨어 구성요소를 사용하는 것이 포함된다.”

취약점 6. 불충분한 개인정보 보호
 “사용자의 개인 정보가 디바이스 또는 생태계에 저장되어 안전하지 않게, 부적절하게 또는 사용자 허가 없이 사용되는 것.”

취약점 7. 안전하지 않은 데이터 전송 및 저장
“보관, 전송 또는 처리 중을 포함하여 생태계 내의 어디서든 민감한 데이터의 암호화 또는 액세스 제어가 이뤄지지 않는 것”

취약점 8. 디바이스 관리의 부재
 “프로덕션에 배포된 디바이스에 대한 자산 관리, 업데이트 관리, 안전한 폐기, 시스템 모니터링 및 응답 기능을 포함한 보안 지원의 부재”

취약점 9. 안전하지 않은 기본 설정
 “안전하지 않은 기본 설정 상태로 출하되는 디바이스 또는 시스템. 또는 작업자에 의한 구성 수정을 제한하여 시스템을 더 안전하게 보호하는 기능의 부재”

취약점 10. 물리적 보호 수단의 부재
 “물리적 보호 수단이 없어 잠재적 공격자가 미래의 원격 공격에 활용할 민감한 정보를 입수하거나 디바이스를 장악할 수 있도록 하는 것”