|
| Ref | Security weaknesses | Description |
|
| [95] | Inadequate authentication | A significant risk arises as a result of poor or inefficient authentication procedures, allowing unauthorized access to IoT devices |
| [96] | Poor encryption | Weak or non-existent encryption protocols can leave data transmissions susceptible to interception and compromise, jeopardising the secrecy of critical information |
| [97] | Vulnerable firmware | Outdated or inadequately patched firmware can be exploited, leaving devices susceptible to known vulnerabilities that may have been addressed in newer versions |
| [98] | Insecure interfaces | Interfaces and APIs that lack sufficient security safeguards can be used by malicious actors to influence device functionalities or undermine their integrity |
| [99] | Insufficient patching | Patch management practises that are irregular or poor may expose devices to known vulnerabilities for lengthy periods of time, raising the chance of exploitation |
| [100] | Default credentials | Manufacturers’ use of default usernames and passwords makes it easier for unauthorized individuals to gain access, a significant security oversight |
| [101] | Lack of physical security | Insufficient safeguards against physical tampering, or an adversary can expose IoT devices to both direct physical attacks and unauthorized access, potentially leading to device compromise |
| [102] | Inadequate user education | End-users, often lacking awareness or understanding of IoT device security best practices, may inadvertently contribute to security breaches through misconfiguration or uninformed usage |
| [103] | Privacy concerns | Inadequate data protection and privacy measures may expose user data to unnecessary risks, raising concerns about unauthorized data collection and misuse |
| [104] | Denial of service (DoS) | IoT devices may be susceptible to DoS attacks, rendering them inoperative and disrupting critical services or functions |
|
