IoT Security 1.1 Chapter 5 Quiz Answers

Explanation: Payload encryption works at the application layer and provides end to end encryption, protecting all messages between the client and the broker.

Explanation: An XXE attack can be prevented by disabling XML external entity and DTD processing in the application.

Explanation: Web front-end vulnerabilities apply to apps, APIs, and services. Some of the most significant vulnerabilities are as follows:

• Cross-site scripting: In a cross-site scripting (XSS) attack, the threat actor injects code, most often JavaScript, into the output of a web application. This forces client-side scripts to run the way that the threat actor wants them to run in the browser.
• SQL injections: In an SQLi the threat actor targets the SQL database itself, rather than the web browser. This allows the threat actor to control the application database.
• Broken authentication: Broken authentication includes both session management and protecting the identity of a user. A threat actor can hijack a session to assume the identity of a user especially when session tokens are left unexpired.
• Security misconfiguration: Security misconfiguration consists of several types of vulnerabilities all of which are centered on the lack of maintenance to the web application configuration.

Explanation: On some home routers, security can be compromised by running a flash applet which can change the DNS server settings when an UPnP request is made. This could be used to redirect legitimate traffic to malevolent websites.

Explanation: Web front-end vulnerabilities apply to apps, APIs and services. Some of the most significant vulnerabilities are as follows:

• Cross-site scripting: In a cross-site scripting (XSS) attack, the threat actor injects code, most often JavaScript, into the output of a web application. This forces client-side scripts to run the way that the threat actor wants them to run in the browser.
• SQL injections: In a SQLi the threat actor targets the SQL database itself, rather than the web browser. This allows the threat actor to control the application database.
• Broken authentication: Broken authentication includes both session management and protecting the identity of a user. A threat actor can hijack a session to assume the identity of a user especially when session tokens are left unexpired.
• Security misconfiguration: Security misconfiguration consists of several types of vulnerabilities all of which are centered on the lack of maintenance to the web application configuration.

Explanation: UPnP (universal plug and play) will enable all UPnP devices to communicate with each other easily. It is used mainly in residential setups as the multicast nature of the UPnP consumes too many resources on networks for it to be efficiently deployed in an enterprise network.

Explanation: According to Open Web Applications Security Project (OWASP), the most widely exposed vulnerabilities are these:

• Username enumeration – The threat actor is able to find valid usernames through the authentication application.
• Weak passwords – The threat actor uses default passwords which have not been changed or is able to set account passwords that the threat actor chooses.
• Account lockout – The threat actor finds a way to attempt to authenticate many times after multiple failed attempts.
• Lack of multifactor authentication – It is easier for a threat actor to gain access when only one form of authentication is required.
• Insecure 3rd party components – As vulnerabilities are discovered, they often become patched. When components such as Secure Shell (ssh), BusyBox, or web servers are not kept up to date, the threat actor might expose these vulnerabilities and gain access.

Explanation: Hardened passwords should consist of at least 12 characters with a combination of uppercase, lowercase, numbers, and special characters.

Explanation: Some of the most popular local exploits targeted by threat actors are as follows:

• Firmware Replacement – Updates and patches to devices are usually done remotely. If the process is not secure, threat actors could intercept the update and install their own malicious update.They could have full control over the device and begin attacking other devices in the system.
• Cloning – By creating a duplicate device, both in physical form and the software and firmware running on that device, the threat actor could replace a legitimate device. When the device is up and running, the threat actor could then steal information, or compromise additional devices.
• Denial of service (DoS) – The threat actor could launch a DoS attack to fill the communications channel, causing devices to respond to requests late, or not at all. Depending on the devices, this could cause a lot of damage.
• Extraction of Security Parameters – When a device is not protected properly, the threat actor may be able to extract security parameters from it such as authentication information or security keys.

Explanation: Threat actors frequently attempt to access devices over the internet through communication protocols. Some of the most popular remote exploits are as follows:

• Man-In-the-middle attack (MITM) – The threat actor gets between devices in the system and intercepts all of the data being transmitted. This information could simply be collected or modified for a specific purpose and delivered to its original destination.
• Eavesdropping attack – When devices are being installed, the threat actor can intercept data such as security keys that are used by constrained devices to establish communications once they are up and running.
• SQL injection (SQLi) – Threat actors uses a flaw in the Structured Query Language (SQL) application that allows them to have access to modify the data or gain administrative privileges.
• Routing attack – A threat actor could either place a rogue routing device on the network or modify routing packets to manipulate routers to send all packets to the chosen destination of the threat actor. The threat actor could then drop specific packets, known as selective forwarding, or drop all packets, known as a sinkhole attack.

Explanation: CoAP uses a client-server model that allows for efficient sensor and node communication. CoAP is a lightweight protocol that uses UDP (but can use TCP) and is mainly used for M2M communication.

Explanation: Some of the most popular local exploits targeted by threat actors are as follows:

• Firmware Replacement – Updates and patches to devices are usually done remotely. If the process is not secure, threat actors could intercept the update and install their own malicious update. They could have full control over the device and begin attacking other devices in the system.
• Cloning – By creating a duplicate device, both in physical form and the software and firmware running on that device, the threat actor could replace a legitimate device. When the device is up and running, the threat actor could then steal information, or compromise additional devices.
• Denial of Service (DoS) – The threat actor could launch a DoS attack to fill the communications channel causing devices to respond to requests late, or not at all. Depending on the devices, this could cause a lot of damage.
• Extraction of Security Parameters – When a device is not protected properly, the threat actor may be able to extract security parameters from it such as authentication information or security keys.

Explanation: Threat actors frequently attempt to access devices over the internet through communication protocols. Some of the most popular remote exploits are as follows:

• Man-In-the-middle attack (MITM) – The threat actor gets between devices in the system and intercepts all of the data being transmitted. This information could simply be collected or modified for a specific purpose and delivered to its original destination.
• Eavesdropping attack – When devices are being installed, the threat actor can intercept data such as security keys that are used by constrained devices to establish communications once they are up and running.
• SQL injection (SQLi) – Threat actors uses a flaw in the Structured Query Language (SQL) application that allows them to have access to modify the data or gain administrative privileges.
• Routing attack – A threat actor could either place a rogue routing device on the network or modify routing packets to manipulate routers to send all packets to the chosen destination of the threat actor. The threat actor could then drop specific packets, known as selective forwarding, or drop all packets, known as a sinkhole attack.

Explanation: MQTT is used for machine to machine (M2M) IoT communications and has an option to retain messages that can be used to provide status updates. MQTT allows clients to receive many messages when subscribed to a topic within subtopics. It also supports an option called the last will and testament option that ensures that the client receives the most current updates of the topics subscribed to. Clients connected do not prevent other clients from connecting and the traffic model that is used helps to keep traffic to a minimum, thus enabling reduction in power.

Explanation: Threat actors can gain access and control mobile devices through compromised mobile applications, even though both Android and iOS are relatively secure. Some of the most widely exposed vulnerabilities are as follows:

• Insecure communication – The communication technology and channel must be secured. When there is weak negotiation, poor handshake practices, and the use of incorrect versions of SSL, the communication is not secure.
• Insecure data storage – Many applications have access to data storage areas of mobile devices, even though they may not need it. Data storage must be secured and applications must be tested to ensure there is no data leakage.
• Insecure authentication –A session must be managed properly to ensure that it is performed securely. Users must be identified when necessary, and their identity must be maintained securely.
• Improper platform usage – Mobile apps use features built into the platforms such as TouchID, Keychain, and Android intents. Should these security controls be misused, access to the device and other apps can be compromised.
• Insufficient cryptography – The cryptography used to encrypt sensitive data must be sufficient and must be applied when necessary.

Explanation: According to Open Web Applications Security Project (OWASP), the most widely exposed vulnerabilities are these:

Username enumeration – The threat actor is able to find valid usernames through the authentication application.
Weak passwords – The threat actor uses default passwords which have not been changed or is able to set account passwords that the threat actor chooses.
Account lockout – The threat actor finds a way to attempt to authenticate many times after multiple failed attempts.
Lack of multi-factor authentication – It is easier for a threat actor to gain access when only one form of authentication is required.
Insecure 3rd party components – As vulnerabilities are discovered, they often become patched. When components such as Secure Shell (SSH), BusyBox, or web servers are not kept up to date, the threat actor might expose these vulnerabilities and gain access.

Explanation: MQTT requires a message broker that manages communication between publisher and subscriber clients.

Explanation: CoAP (Constrained Application Protocol) is a document transfer protocol that utilizes the User Datagram Protocol (UDP).

Explanation: Devices that measure real-time data in microseconds are good candidates for DDS (data distribution service). DDS will filter the data and send the required data efficiently to endpoints requiring it. DDS is the protocol of choice when dealing with applications that require speed and reliability.

Explanation: XMPP uses an addressing scheme ([email protected]) to simplify connections and enable communication when data is sent between distant points.