1.2.3 Lab - Learning The Details of Attacks

Uploaded by

Alleya Albhar

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

45 views2 pages

1.2.3 Lab - Learning The Details of Attacks

Uploaded by

Alleya Albhar

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

You are on page 1/ 2

Lab - Learning the Details of Attacks

Objectives
Research and analyze IoT application vulnerabilities.
Part 1: Conduct a Search of IoT Application Vulnerabilities

Background / Scenario
The Internet of Things (IoT) consists of digitally connected devices that are connecting every aspect of our
lives, including our homes, offices, cars, and even our bodies to the internet. With the accelerating adoption of
IPv6 and the near universal deployment of Wi-Fi networks, the IoT is growing at an exponential pace.
According to Statista, industry experts estimate that by 2030, the number of active IoT devices will approach
50 billion.
However, IoT devices are particularly vulnerable to security threats because security has not always been
considered in IoT product design. Also, IoT devices are often sold with old and unpatched embedded
operating systems and software.

Required Resources
 PC or mobile device with internet access

Instructions

Part 1: Conduct a Search of IoT Application Vulnerabilities

Using your favorite search engine, conduct a search for Internet of Things (IoT) vulnerabilities. During your
search, find an example of an IoT vulnerability for each of the IoT verticals: industry, energy systems,
healthcare, and government. Be prepared to discuss who might exploit the vulnerability and why, what
caused the vulnerability, and what could be done to limit the vulnerability.
Note: You can use the web browser in the virtual machine that was installed in a previous lab to research
security issues. By using the virtual machine, you may prevent malware from being installed on your
computer.
From your research, choose an IoT vulnerability and answer the following questions:
Questions:

a. What is the vulnerability?

Medtronic Insulin Pump Vulnerability
The Medtronic insulin pump vulnerability allowed attackers to intercept or alter the wireless
communication between the insulin pump and its paired device. This enabled unauthorized control over
insulin dosage.

b. Who might exploit it? Explain.

- Malicious actors: Hackers intending to harm patients or prove a security point.
- Ransomware attackers: Cybercriminals might target healthcare organizations for ransom by
threatening patient safety.
- Hacktivists: They may exploit vulnerabilities to raise awareness of insecure medical devices.
c. Why does the vulnerability exist?

- Outdated software: The insulin pumps used insecure protocols that lacked encryption.
- Lack of security in product design: IoT medical devices often prioritize functionality over security.
- Poor patching mechanisms: Healthcare devices sometimes use legacy systems, and patching may
not be timely due to regulatory hurdles.
d. What could be done to limit the vulnerability?

 Encrypt communication: Secure communication protocols (like TLS) could protect against interception.
 Regular software updates: Manufacturers should release and enforce firmware updates.
 Patient awareness: Users should be informed to avoid unsecure connections and maintain device
security.
 Network segmentation: Hospitals and healthcare providers can isolate IoT devices on separate
networks to limit potential damage.

Regular software updates: Manufacturers should release and enforce firmware updates.

 Patient awareness: Users should be informed to avoid unsecure connections and maintain device security.

 Network segmentation: Hospitals and healthcare providers can isolate IoT devices on separate networks to limit potential damage.