Definition

IoT attack surface

This definition is part of our Essential Guide: A comprehensive guide to enterprise IoT project success
Contributor(s): Matthew Haughn

The IoT attack surface is the sum total of all potential security vulnerabilities in IoT devices and associated software and infrastructure in a given network, be it local or the entire Internet.

thing, in the Internet of Things, can be any natural or man-made object that can be assigned an IP address and provided with the ability to transfer data over a network.  A recent study from Hewlett Packard concluded that 70 percent of IoT devices contain serious vulnerabilities.  

Hackers and government agencies can use vulnerabilities in IoT devices to gain access to a network to monitor users and potentially gain access to any other connected devices for any number of purposes. According to many security experts, our dependence on Internet-connected technology is outpacing our ability to secure it. Joshua Corman, a security strategist and the chief technology officer at the software firm Sonatype, explains:

“You’re taking things that weren’t connected and weren’t vulnerable and putting vulnerability and connectivity on all of them. So if the Internet is a perfect surveillance machine, what happens with the Internet of Things? It’s just gonna take that to the next order of magnitude.” 

Concerned about the dangers posed by the rapidly growing IoT attack surface, the FBI released a public service announcement, FBI Alert Number I-091015-PSA:  “Internet of Things poses opportunities for cyber crime.” The PSA warns about potential vulnerabilities and advocates protective measures that should be taken to mitigate risk associated with them.

This was last updated in February 2016

Continue Reading About IoT attack surface

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close