Internet of Things (IoT) devices are becoming ubiquitous in our lives, with applications spanning from the consumer domain to commercial and industrial systems. The steep growth and vast adoption of IoT devices reinforce the importance of sound and robust cybersecurity practices during the device development life cycles. IoT-related vulnerabilities, if successfully exploited can affect, not only the device itself but also the application field in which the IoT device operates. Evidently, identifying and addressing every single vulnerability are an arduous, if not impossible, task. Attack taxonomies can assist in classifying attacks and their corresponding vulnerabilities. Security countermeasures and best practices can then be leveraged to mitigate threats and vulnerabilities before they emerge into catastrophic attacks and ensure overall secure IoT operation. Therefore, in this article, we provide an attack taxonomy, which takes into consideration the different layers of the IoT stack, i.e., device, infrastructure, communication, and service, and each layer’s designated characteristics, which can be exploited by adversaries. Furthermore, using nine real-world cybersecurity incidents that had targeted IoT devices deployed in the consumer, commercial, and industrial sectors, we describe the IoT-related vulnerabilities, exploitation procedures, attacks, impacts, and potential mitigation mechanisms and protection strategies. These (and many other) incidents highlight the underlying security concerns of IoT systems and demonstrate the potential attack impacts of such connected ecosystems, while the proposed taxonomy provides a systematic procedure to categorize attacks based on the affected layer and corresponding impact.
The number of Internet of Things (IoT) devices keeps increasing. By the end of 2030, the number of connected devices is expected to reach 24.1 billion, compared with around 500 million devices in 2003, which corresponds to around 3.47 IoT devices per person , . Out of the 24.1 billion devices, it is estimated that 5.8 billions will be allocated only for enterprises and industrial applications . These numbers highlight the importance of IoT as people and devices are drastically transforming the way they measure, sense, and communicate with their connected ecosystems. The extensive deployment of IoT devices, however, raises security concerns. Given the plurality of IoT architectures, incorporating a plethora of sensing and communication modules, integrating such devices results in complex, and dynamic landscape .
In this paper, we demonstrate an attack taxonomy architecture designed with real-world IoT attack incidents in mind. We divide our attack taxonomy into categories and map IoT attacks to their corresponding attack class (Table III). Furthermore, we disclose the underlined security vulnerabilities of the investigated IoT attacks and propose potent countermeasures which – if enforced – can subvert such vulnerabilities from commencing to full-blown attacks. Additionally, we examine three different IoT domains, i.e., the consumer, commercial and industrial sectors, given their diverse operational objectives and constraints, e.g., asset security, real-time operation, device life-cycles, etc. For each sector, we dissect three realworld attack incidents delineating the vulnerabilities and attack paths that adversaries exploited to mount them and map them to our taxonomy. We provide mitigation strategies and security recommendations to overcome the discussed attacks, as well as potential future attacks targeting similar IoT devices, operating in similar ecosystems while harboring similar vulnerabilities. Our attack taxonomy enables the systematic investigation of attack clusters (i.e., device, infrastructure, communication, service) instead of specific attacks – overcoming the requirement to singularly investigate every newly encountered attack – thus, expediting security retribution.