IDEAS home Printed from https://ideas.repec.org/a/aes/infoec/v25y2021i1p31-41.html
   My bibliography  Save this article

Technical and Economical Evaluation of IoT Attacks and Their Corresponding Vulnerabilities

Author

Listed:
  • Stefan Sabin NICULA
  • Razvan Daniel ZOTA

Abstract

An increase in popularity and adoption of IoT products encountered a direct proportionate interest in attacks and exploits on such solutions, having a measurable economic impact on the business industry and the IoT customers. The research analysis conducted on various IoT devices revealed security issues with patterns that are strongly related to high-risk vulnerabilities used in common exploit chains and malware campaigns. This includes vulnerabilities such as weak or default credentials, usage of outdated and vulnerable software, sensitive data exposure and missing security best practices and standards. This paper tackles multiple vectors of attack that are threatening the privacy and security integrity level of IoT devices in order to discover potential entry points and post-exploitation techniques that are often used on IoT attacks. The research perspective covers the malware incident aspect, vulnerabilities that are affecting different components and the overall security level provided by the products, with a focus on the economic impact delivered by such outcomes. Malware outbreaks are studied along with the impact of publicly known vulnerabilities, the attack surface of an IoT device and the mitigation enforced by some vendors. The security evaluation methodology was based on Penetration Testing practices, targeting all the components exposed by the IoT devices that were studied. This included the network capabilities, web and mobile applications and targeted the physical attack vectors as well. The recent IoT attacks were studied in order to draw conclusions and create potential recommendations and improvements to the IoT landscape.

Suggested Citation

  • Stefan Sabin NICULA & Razvan Daniel ZOTA, 2021. "Technical and Economical Evaluation of IoT Attacks and Their Corresponding Vulnerabilities," Informatica Economica, Academy of Economic Studies - Bucharest, Romania, vol. 25(1), pages 31-41.
    • Handle: RePEc:aes:infoec:v:25:y:2021:i:1:p:31-41
    as

    Download full text from publisher

    File URL: http://revistaie.ase.ro/content/97/03%20-%20nicula,%20zota.pdf
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Ioan ADASCALITEI, 2019. "Smartphones and IoT Security," Informatica Economica, Academy of Economic Studies - Bucharest, Romania, vol. 23(2), pages 63-75.
    2. Naudé, Wim & Liebregts, Werner, 2020. "Digital Entrepreneurship Research: A Concise Introduction," IZA Discussion Papers 13667, Institute of Labor Economics (IZA).
    3. Antonio CLIM, 2019. "Cyber Security Beyond the Industry 4.0 Era. A Short Review on a Few Technological Promises," Informatica Economica, Academy of Economic Studies - Bucharest, Romania, vol. 23(2), pages 34-44.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Răzvan Daniel ZOTA & Antonio CLIM, 2019. "Smart healthcare for smart cities," Smart Cities International Conference (SCIC) Proceedings, Smart-EDU Hub, vol. 7, pages 177-183, November.
    2. Dashi Nazarov & Anton Klarin, 2020. "Taxonomy of Industry 4.0 research: Mapping scholarship and industry insights," Systems Research and Behavioral Science, Wiley Blackwell, vol. 37(4), pages 535-556, July.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:aes:infoec:v:25:y:2021:i:1:p:31-41. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Paul Pocatilu (email available below). General contact details of provider: https://edirc.repec.org/data/aseeero.html .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.