Lab 1.3

Download as pdf or txt
Download as pdf or txt
You are on page 1of 2

Lab – Learning the Details of Attacks

Objectives
Research and analyze IoT application vulnerabilities

Background / Scenario
The Internet of Things (IoT) consists of digitally connected devices that are connecting every aspect of our
lives, including our homes, offices, cars, and even our bodies to the Internet. With the accelerating adoption of
IPv6 and the near universal deployment of Wi-Fi networks, the IoT is growing at an exponential pace. Industry
experts estimate that by 2020, the number of active IoT devices will approach 50 billion. IoT devices are
particularly vulnerable to security threats because security has not always been considered in IoT product
design. Also, IoT devices are often sold with old and unpatched embedded operating systems and software.

Required Resources
• PC or mobile device with Internet access

Conduct a Search of IoT Application Vulnerabilities


Using your favorite search engine, conduct a search for Internet of Things (IoT) vulnerabilities. During your
search, find an example of an IoT vulnerability for each of the IoT verticals: industry, energy systems,
healthcare, and government. Be prepared to discuss who might exploit the vulnerability and why, what
caused the vulnerability, and what could be done to limit the vulnerability? Some suggested resources to get
started on your search are listed below:
Cisco IoT Resources
IoT Security Foundation
Business Insider IoT security threats
Note: You can use the web browser in the virtual machine installed in a previous lab to research security
issues. By using the virtual machine, you may prevent malware from being installed on your computer.
From your research, choose an IoT vulnerability and answer the following questions:

a. What is the vulnerability?


The Mirai Botnet exploits weak or default credentials on IoT devices to gain control over them. These devices
include routers, IP cameras, and other connected devices with inadequate security configurations. Once
compromised, these devices are used to launch Distributed Denial of Service (DDoS) attacks.

b. Who might exploit it? Explain.


• Cybercriminals: To launch large-scale DDoS attacks, disrupt services, or extort businesses.
• Hacktivists: To promote political or ideological causes by targeting organizations.
• State-Sponsored Actors: To weaken infrastructure or critical systems of adversary nations.
The Mirai botnet has been used in high-profile attacks, such as the one on Dyn DNS in 2016, which caused
widespread disruption to services like Netflix, Twitter, and Reddit.

© Cisco and/or its affiliates. All rights reserved. Cisco Confidential Page 1 of 2 www.netacad.com
Lab – Learning the Details of Attacks

c. Why does the vulnerability exist?


• IoT devices are often shipped with default factory credentials, such as "admin" or "password," which
are rarely changed by users.
• Many IoT devices run outdated and unpatched firmware, making them susceptible to known exploits.
• Lack of security-by-design in IoT products prioritizes cost and functionality over robust cybersecurity.
• Users lack awareness or expertise to implement adequate security measures for their IoT devices.

d. What could be done to limit the vulnerability?


• Enforce Strong Credentials: Manufacturers should require users to set unique, strong passwords upon
device setup.
• Regular Firmware Updates: IoT vendors must release patches to fix vulnerabilities, and users should
apply them promptly.
• Network Segmentation: Isolating IoT devices from critical systems can minimize the impact of attacks.
• Adopt Security Standards: Industry-wide adoption of IoT security guidelines, like those from the IoT
Security Foundation.
• User Education: Raise awareness about IoT security risks and best practices for device management.

© Cisco and/or its affiliates. All rights reserved. Cisco Confidential Page 2 of 2 www.netacad.com

You might also like