The IoT attack surface is the sum total of all potential security vulnerabilities in IoT devices and associated software and infrastructure in a given network, be it local or the entire Internet.
A thing, in the Internet of Things, can be any natural or man-made object that can be assigned an IP address and provided with the ability to transfer data over a network. A recent study from Hewlett Packard concluded that 70% of IoT devices contain serious vulnerabilities.
Hackers and government agencies can use vulnerabilities in IoT devices to gain access to a network to monitor users and potentially gain access to any other connected devices for any number of purposes. According to many security experts, our dependence on Internet-connected technology is outpacing our ability to secure it. Joshua Corman, a security strategist and the chief technology officer at the software firm Sonatype, explains:
"You're taking things that weren't connected and weren't vulnerable and putting vulnerability and connectivity on all of them. So if the Internet is a perfect surveillance machine, what happens with the Internet of Things? It's just gonna take that to the next order of magnitude."
Concerned about the dangers posed by the rapidly growing IoT attack surface, the FBI released a public service announcement, FBI Alert Number I-091015-PSA: "Internet of Things poses opportunities for cyber crime." The PSA warns about potential vulnerabilities and advocates protective measures that should be taken to mitigate risk associated with them.