IoT Policy and Attack Report II
GCA Internet Integrity Papers, Issue II
IoT Policy and Attack Report II
The second issue of the GCA Internet Integrity Papers series presents the results of the second phase of the IoT Policy and Attack research project, conducted jointly by the Global Cyber Alliance (GCA) and Microsoft.
Based on real IoT attack data obtained from GCA’s AIDE platform and ProxyPot honeypot technology, the project focuses on providing factual evidence about the applicability and effectiveness of some of the most widespread policies, recommendations, and standards on IoT security.
Whereas the first report explored some of the basic IoT security recommendations, this one has analyzed the role that the IoT devices’ software stacks —and their known vulnerabilities— play as factors to drive targeted attacks.
The key findings of the report can be summarized as follows:
- Separately from the IoT device’s own software, the application software stack is a magnet for an incessant flow of attacks that try to exploit known vulnerabilities
- There is a clear correlation between items published in the CVE framework, a widely accepted and constantly updated list of common vulnerabilities, and exploits used in attacks; this should be noteworthy to IoT manufacturers
- Risk remediation practices, industry standards, policy efforts… should not forget the software-side of IoT security
- Highly configurable honeypot technologies like ProxyPot are powerful allies in the research of this ever-changing threat landscape
Note that the report is being shared as a ‘Final Draft.’ The findings are all up to date but we are now reviewing them in the light of the Cyber Resilience Act debate in the European Union, which is closely connected with the scope of our project. An updated, final version of the report will be published as soon as that review is complete.