Internet of Things (IoT) Security Resource: OWASP Top 10
We recently wrote a blog describing how the Internet of Things (IoT) affects the data center. Not too surprisingly, the number one challenge was security. A recent study by HP on the state of IoT revealed some startling insights that bring this challenge to light, not the least of which was that 70 percent of the most commonly used IoT devices contained serious vulnerabilities.
The report identified that, on average, they found 25 vulnerabilities per device, including:
- Privacy concerns
- Insufficient authorization
- Lack of transport encryption
- Insecure web interface
- Inadequate software protection
The Open Web Application Security Project (OWASP) was created—in part by HP—to improve the security of software, and now the IoT has its own top 10 that we think is worth sharing:
- Insecure Web Interface
- Insufficient Authentication/Authorization
- Insecure Network Services
- Lack of Transport Encryption
- Privacy Concerns
- Insecure Cloud Interface
- Insecure Mobile Interface
- Insufficient Security Configurability
- Insecure Software/Firmware
- Poor Physical Security
Clicking on each hyperlink above will take you to a page that identifies the threat agents, attack vectors, security weaknesses, technical and business impacts. It also provides example attack scenarios, which can be helpful.
Gartner predicts that by 2020 there will be more than 26 billion items connected to the IoT, so dialing into information from OWASP should be worthwhile. We’ll continue to bring you updates and share resources on IoT security as we identify them.