Weaknesses and risks of the Consumer Internet of Things
Abstract: The Consumer Internet of Things (CIoT) is a term to describe everyday items connected to the internet. The number of CIoT devices is growing rapidly and with it comes a number of security problems. One way to tackle these security issues is by learning from mistakes and to be aware of the risks at hand at both production and consumer level. This report examines vulnerabilities from the years 2008-2018 in the National Vulnerability Database (NVD). With the Common Vulnerability Scoring System (CVSS) and the Common Weakness Enumeration (CWE) the following questions are answered: Which are the most common types of vulnerabilities in CIoT products, what risks do they pose and is there evidence of a connection between type of product and type of vulnerability? The study found that the most common weaknesses were CWE-119, CWE200 CWE-20 and CWE-264. However, the vulnerabilities of type CWE-119 turned out to be highly concentrated to Apple products and do not reflect the overall trends. The before mentioned weaknesses pose risks to users’ confidentiality, integrity and the availability of the software (CIA). The CWEs with the greatest risk of exploitation were CWE-264 with the highest percentage of complete impact on the CIA attributes, and CWE-119 with lower percentage of complete impact but with far more occurrences. The study found no conclusive answer whether there is a connection between products and weaknesses, but an indication of a relation between certain CWEs and the company Apple. Further intensive and recurring studies should be conducted in the field.
AT THIS PAGE YOU CAN DOWNLOAD THE WHOLE ESSAY. (follow the link to the next page)