Definition

IoT attack surface

TechTarget Contributor

By

TechTarget Contributor

The IoT attack surface is the sum total of all potential security vulnerabilities in IoT devices and associated software and infrastructure in a given network, be it local or the entire Internet.

A thing, in the Internet of Things, can be any natural or man-made object that can be assigned an IP address and provided with the ability to transfer data over a network. A recent study from Hewlett Packard concluded that 70% of IoT devices contain serious vulnerabilities.

Hackers and government agencies can use vulnerabilities in IoT devices to gain access to a network to monitor users and potentially gain access to any other connected devices for any number of purposes. According to many security experts, our dependence on Internet-connected technology is outpacing our ability to secure it. Joshua Corman, a security strategist and the chief technology officer at the software firm Sonatype, explains:

"You're taking things that weren't connected and weren't vulnerable and putting vulnerability and connectivity on all of them. So if the Internet is a perfect surveillance machine, what happens with the Internet of Things? It's just gonna take that to the next order of magnitude."

Concerned about the dangers posed by the rapidly growing IoT attack surface, the FBI released a public service announcement, FBI Alert Number I-091015-PSA: "Internet of Things poses opportunities for cyber crime." The PSA warns about potential vulnerabilities and advocates protective measures that should be taken to mitigate risk associated with them.

This was last updated in February 2016

Continue Reading About IoT attack surface

HP study reveals 70 percent of IoT devices vulnerable to attack

Hackers sound alarm about Internet of Things

Pervasive sensing: How it affects enterprise and IoT security

IoT tutorial: Mitigating security risks in connected environments

Security in the world of Internet of Things

Dig Deeper on Internet of things security

CIO

What are the 4 different types of blockchain technology?
Public, private, hybrid or consortium, each blockchain network has distinct pluses and minuses that largely drive its ideal uses ...
White House seeks public comment on national AI strategy
The White House wants to know about AI risks and benefits, as well as specific measures such as regulation that might help ...
Meta fine highlights EU, US data sharing challenges
Until the new EU-U.S. Data Privacy Framework is established, Meta's $1.2 billion euro fine should serve as a warning to U.S. ...

Security

Zyxel vulnerability under 'widespread' exploitation
Researchers warned that threat actors are widely exploiting an unauthenticated command injection vulnerability to target multiple...
Zero-day vulnerability in MoveIt Transfer under attack
Rapid7 observed exploitation of a SQL injection vulnerability in Progress Software's managed file transfer product, which was ...
Low-code/no-code use cases for security
Low-code/no-code development approaches have their fair share of security issues, but that doesn't mean they can't be used to ...

Networking

Google interconnects with rival cloud providers
Video platform provider Pexip said Google's Cross-Cloud Interconnect reduced the cost of connecting Google Cloud with Microsoft ...
How to interact with network APIs using cURL, Postman tools
Network engineers can use cURL and Postman tools to work with network APIs. Use cases include getting interface information and ...
Modular network design benefits and approaches
Modular network design is a strategic way for enterprises to group network building blocks in order to streamline network ...

Data Center

Data center redundancy: The basics
Downtime can cost businesses thousands, and redundancy is one way to minimize disruptions. Assess uptime requirements when ...
Differences between Green Globes vs. LEED for data centers
Consider Green Globes and LEED certifications when building green data centers. Learn the differences in how the assessments are ...
6 data center migration best practices
Data center migrations can be a complex process. Use best practices when migrating a data center to ensure maximum uptime, avoid ...

Data Management

6 ways Amazon Security Lake could boost security analytics
Amazon's new security-focused data lake holds promise -- including possibly changing the economics around secure data storage.
How to approach data mesh implementation
Data mesh takes a decentralized approach to data management, setting it apart from data lakes and warehouses. Organizations can ...
Fivetran's new funding a hedge against economic uncertainty
The data integration vendor added $125 million in financing to not only fuel R&D but also ensure that operations remain smooth if...

Close