Complex Structure of IoT Devices

Questions and Answers

What challenge do IoT devices face due to their complex structure?

• They perform updates automatically.
• They can be easily secured.
• They are immune to malware.
• Owners are often unaware of hacks. (correct)

Why is regular software update crucial for IoT devices?

• They improve hardware performance.
• They make the devices easier to use.
• They are not necessary once the device is secured.
• They protect against evolving threats. (correct)

What is a common outcome of an outdated IoT device?

• Better user compatibility.
• No changes in functionality.
• Enhanced security features.
• Increased risk of being hacked. (correct)

What is identity theft primarily concerned with?

Accessing a person's vital information (A)

What trend has been observed in malicious software related to IoT devices?

Rapid increase in ransomware. (D)

Which of the following best describes sabotage?

Destroying a company's website to harm its reputation (A)

Why do small-scale attacks on IoT devices often go unnoticed?

Manufacturers focus on large-scale threats. (C)

What is a major risk associated with new technology in relation to security?

Security features are often compromised to keep devices competitive (D)

What does information extortion typically involve?

Locking a victim's files with ransomware for payment (B)

What is a significant risk associated with the large scale of IoT devices?

Secure data transmission is challenged. (A)

What would you likely find in a device that has been successfully hacked?

Connection to a malicious botnet. (C)

What threat is posed by mobile malware?

Gaming applications can lure users to install harmful software (D)

What is a potential consequence of insecure data transfer in IoT environments?

Data may be leaked or corrupted. (C)

What kind of attacks might cyber criminals conduct on social media?

Infecting websites frequented by individuals from a specific organization (A)

What is a common consequence of using devices that lack proper security?

Higher risk of data theft and information compromise (A)

Which of the following reflects the ongoing nature of cyber threats?

Old generation attacks continue to persist alongside newer threats (D)

What technique is used in cyber reconnaissance to gain access to secret information?

Cracking techniques and malicious software (A)

What is a common method used in a brute force attack?

Using automated software to attempt multiple password guesses (B)

What security threat arises from tracking IoT devices?

Exposure of precise location information (B)

What commonly leads to physical threats on mobile devices?

Using a password that is easy to crack (B)

Why is it important to get familiar with connected IoT devices?

To prevent unauthorized access and network vulnerability (A)

Which statement best describes IoT devices in relation to security?

They act as a double-edged sword, offering benefits while posing security threats. (A)

Which of the following is NOT a characteristic of network-based threats?

Physical theft of the mobile device (C)

What does the increasing number of connected IoT devices imply for network security?

The network is more vulnerable to attacks. (A)

Why can mobile devices be particularly vulnerable when using public Wi-Fi?

Public networks can be controlled by hackers (C)

What is a recommended precaution for IoT device users to take?

Implement security measures to guard against threats. (C)

What is a significant risk associated with application-based threats?

Malware disguised as genuine software (A)

What type of encryption is often insufficient to protect against physical threats?

Only software-specified encryption on client servers (C)

What challenge does the growth of IoT present to technology users?

Heightened threats related to security. (D)

Which of the following scenarios exemplifies a network exploit?

Unauthorized software installation via a network connection (D)

Which of these actions can help mitigate the risk of physical threats?

Regularly updating the device's operating system (C)

What effect do malware programs have on mobile devices?

They send unwanted messages and access personal information. (C)

What distinguishes a threat from a vulnerability in cybersecurity?

A threat has the potential to cause asset loss. (B)

Which of the following is an example of a social engineering threat?

Phishing emails (B)

What does the CIA triad encompass in the context of information security?

Confidentiality, Integrity, and Availability (B)

Which classification model is most commonly used for identifying security threats?

STRIDE (D)

How can countermeasures affect the realization of a threat?

They can minimize the probability of the threat being realized. (C)

Which of the following is NOT considered a type of security threat?

Electrical currents (B)

In what year was the STRIDE model proposed?

1999 (D)

What is the main effect of a cyber threat on information assets?

Loss of confidentiality, integrity, or availability (C)

Flashcards are hidden until you start studying

Study Notes

Security Threats Overview

• Events or conditions that may lead to asset loss and negative consequences are categorized as threats.
• Cyber threats should not be confused with vulnerabilities; the former denotes potential harm, while vulnerabilities indicate actual weaknesses.
• Countermeasures can reduce the likelihood of threats realizing but cannot eliminate them entirely.

Types of Security Threats

• Threats encompass both events (natural disasters, fire, power outages) and conditions in cybersecurity, including:
  • Viruses
  • Trojan horses
  • Denial of Service (DoS) attacks
  • Phishing emails targeting sensitive data

CIA Triad and STRIDE Model

• Threats impact the Confidentiality, Integrity, or Availability (CIA) of information assets.
• STRIDE, developed by Microsoft, classifies threats using first letters of its categories: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege.

Specific Threats

• Identity Theft: Unauthorized access to personal information through another's credentials.
• Theft of Equipment and Information: Rising due to the mobility and data capacity of devices.
• Sabotage: Destruction of online assets to diminish customer trust.
• Information Extortion: Theft of data with demands for ransom (e.g., ransomware).

New Generation of Threats

• Weak Security in Technology: New devices often lack comprehensive security features due to competition.
• Social Media Attacks: Cyberspace criminals target websites frequented by specific organizations to gather information.
• Mobile Malware: Threats from mobile applications can compromise devices and data security.

Human Attacks on IoT Devices

• Cyber Reconnaissance: Use of malicious software to spy and gain sensitive information.
• Brute Force Attack: Automated attempts to guess user passwords for unauthorized access.
• Tracking: Monitoring users through IoT devices can reveal their exact location.

Security Tips for IoT Devices

• Familiarize with the network and connected devices to identify vulnerabilities.
• Complexity of IoT architecture can obscure unnoticed hacks (e.g., an infected smart refrigerator).
• Regular software and hardware updates are crucial to maintaining security.
• Address the increasing threat of ransomware affecting IoT devices.
• Small-scale attacks on IoT devices are often overlooked; they can exploit weaker countermeasures.
• Insecure data transfer poses risks as vast data amounts grow.

Physical and Password Threats

• Physical access to devices (e.g., lost or stolen mobile phones) can lead to significant data breaches.
• Many users neglect to set strong passwords, increasing susceptibility to attacks.
• Insufficient encryption on client-server communications may expose data.

Network-Based Threats

• Public Wi-Fi networks can be exploited, leading to potential data leaks.
• Vulnerabilities in operating systems can allow malware installation when connected to compromised networks.

Application-Based Threats

• Malware often masquerades as legitimate software and can initiate malicious activities.
• Users must be cautious when downloading software from untrusted websites.