Whether you have a software development background or system and networking background, you may be familiar with attack surfaces or vectors within each respective area. Attack surfaces refer to the many ways in which a device can be compromised via a source of input. This source of input may be via hardware, software, or wirelessly. Generally speaking, the more attack surfaces a device contains, the higher the likelihood of compromise. Attack surfaces are entry points into the IoT device. Sometimes, these entry points are inherently trusted by the IoT device or application. Each attack surface discovered will have an associated risk, likelihood, and impact. In essence, attack surfaces are threats which have the potential to negatively affect a device to perform unintended actions. In order to discover each attack surface, theoretical use cases will need to be thought...

Threat modeling is more or less associated with software development as an exercise that occurs after the software design phase but prior to software deployment. These exercises are known to take place in software development, system, network, and security teams upon major software releases by either drawing a full end-to-end data flow diagram or a data flow and network diagram to determine how to employ security controls and countermeasures. These drawings can be physically on a white board or via software tools such as Microsoft's free Threat Modeling Tool and web applications such as https://draw.io which have a number of template diagrams that can be used for a variety of purposes. The idea is to map out all of the device's functionalities and features to their associated technical dependencies. It is up to the company...

In 2016, we witnessed mass exploitation of IoT devices that consisted of IP cameras and digital video recorders (DVRs) that contributed to the world's largest distributed denial of service (DDoS) ever recorded. This DDoS was possible due to vendor negligence that could have been prevented by basic threat model exercises. Considering the prevalence of these types of devices on the internet and the risk they pose to the internet, we will conduct a threat modeling exercise and walk through the threat modeling process for a connected DVR IP camera security system. These connected security systems can be purchased by consumers or small/medium size businesses via e-commerce sites as well as through a number of electronic stores for a fairly low price. Connected DVRs are a good example of an IoT system because they contain a number of entry...

In the previous recipe, we conducted a threat model of a DVR system and rated a threat case that would help with prioritizing vulnerabilities to test. In this recipe, we will go through threat modeling firmware for the same DVR system.

In this exercise, we will use the free https://draw.io online diagram software to help with demonstrating relationships in diagrams within firmware. This tool is a Chrome app and ties to third-party services for storage such as Google Drive or GitHub. We can draw relationships and processes that overlap, which is not possible in the Microsoft tool. Any tool that can effectively draw the architecture with their respective relationships of the target device...

Continuing our threat modeling exercises for our DVR, we will work on breaking down its web applications. Our DVR contains two types of web applications. One web application is embedded, running off of the DVR itself. The second web application is a SaaS application provided by the vendor for remote access to the DVR and its camera feeds.

The SaaS application accesses the embedded DVR within the LAN. We have a better sense of what runs on the embedded web application locally on the DVR rather than the vendor SaaS application. Earlier in the chapter, we did mention some technologies utilized for the vendor web application but no additional information is known at this time. We will start by drawing out the architecture of the embedded web application and touch on the vendor SaaS application in the threats section rather than drawing its...

For our next threat modeling exercise, we will examine IoT mobile applications for our DVR system. This DVR system (like many others in IoT) has several mobile applications available developed by resellers and different OEMs. For demonstration purposes, we will only threat model one Android and one iOS application.

Since we have the majority of our data flow diagrams created from previous recipes, we will continue to use the same Microsoft Threat Modeling Tool for this recipe.