Top 10 IoT vulnerabilities

Security questions have dogged the Internet of Things (IoT) since before the name was invented. Everyone from vendors to enterprise users to consumers is concerned that their fancy new IoT devices and systems could be compromised. The problem is actually worse than that, as vulnerable IoT devices can be hacked and harnessed into giant botnets that threaten even properly secured networks.

But what exactly are the biggest problems and vulnerabilities to avoid when building, deploying, or managing IoT systems? And, more to the point, what can we do to mitigate these issues?

That’s where OWASP—the Open Web Application Security Project—comes in. In its own words, “The OWASP Internet of Things Project is designed to help manufacturers, developers, and consumers better understand the security issues associated with the Internet of Things, and to enable users in any context to make better security decisions when building, deploying, or assessing IoT technologies.”

OWASP’s top 10 IoT vulnerabilities

To that end, on Christmas Day, OWASP released its top 10 IoT vulnerabilities for 2018, complete with an infographic (see below). Let’s take a look at the list, with some commentary:

1. Weak, guessable, or hardcoded passwords

“Use of easily brute-forced, publicly available, or unchangeable credentials, including backdoors in firmware or client software that grants unauthorized access to deployed systems.”