Types of Vulnerabilities of IoT

As it was already told in the previous point, IoT is the problematic platform giving very ample opportunities not only for direct users but also and for violators. As well as by operation with any other information technologies, IoT includes the range of utterly different vulnerabilities, beginning from a human factor (inadvertent errors of maintenance), finishing with shortcomings of the firmware of devices. Indeed, to provide the due protection level, it is necessary to define and whenever possible to eliminate the highest possible number of such vulnerabilities [1].

The first question concerns the problems connected to the safety of the web interfaces which are built in IoT devices which allow the user to interact with the device, but at the same time can allow the malefactor to get illegal access to the device. Specific vulnerabilities of safety, which can lead to this problem include:

  • feeble registration data by default – logins and passwords,
  • the registration data displayed in network traffic,
  • cross-site scripting (XSS),
  • SQL injection,
  • careless control of a session,
  • feeble settings of lock and deleting accounting entry.

It is also possible to select the specific area of vulnerabilities considering the ineffective mechanisms authenticating users of IoT or bad mechanisms of authorisation. Specific vulnerabilities of safety, which can lead to these problems include:

  • the absence of an optimum password policy,
  • the absence of two-factor authentication,
  • an unprotected recovery of the password,
  • the absence of monitoring of access by roles.

Vulnerabilities in network services which are used for access to the IoT device allowing the malefactor to get illegal access to the device or the related data should not be underestimated. Specific vulnerabilities of safety, which can lead to this problem include:

  • vulnerable services,
  • buffer overflow,
  • open ports through UPnP,
  • operational services of UDP,
  • DoS and DDoS of the attack.

The insufficient configuration of safety is relevant when users of the device have limited opportunities or cannot change the safety of the control. The poor shape of security is apparent when the web interface of the device has no possibility of the creation of detailed user permissions or, for example, for forced use of reliable passwords. The risk with it is that the IoT device could be attacked easier, allowing illegal access to the device or data. Specific vulnerabilities of safety, which can lead to this problem include:

  • the absence of the granular model of permission,
  • the absence of monitoring of safety,
  • the absence of journalizing of events of safety.

There is also a set of the vulnerabilities using shortcomings of mobile and cloudy interfaces. The range of these vulnerabilities is truly wide because it includes all types of vulnerabilities: the human factor expressing in carelessness and inadvertent errors, negligent attitude to a configuration of IoT devices, etc. [2].

Weaknesses of physical security are relevant when the malefactor can get physical access to the data media and any data which are stored on this carrier. Deficiencies are also present when USB ports or other external ports can be used for access to the device with use of the functions intended for setup or service. It can lead to illegal access to the device or data.


[1] A. C. Sarma, and J. Girão, “Identities in the Future Internet of Things,” in Wireless Personal Communications 49.3, 2009, pp. 353-363.
[2] R. Roman, P. Najera, J. Lopez, “Securing the Internet of Things,” Computer, vol.44, no.9, 2011
en/iot-open/security_and_privacy_in_iot_ume/iot_security/types_of_vulnerabilities_of_iot.txt · Last modified: 2020/07/20 09:00 by 127.0.0.1
CC Attribution-Share Alike 4.0 International
www.chimeric.de Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0