Introduction
Whether you have a software development background or system and networking background, you may be familiar with attack surfaces or vectors within each respective area. Attack surfaces refer to the many ways in which a device can be compromised via a source of input. This source of input may be via hardware, software, or wirelessly. Generally speaking, the more attack surfaces a device contains, the higher the likelihood of compromise. Attack surfaces are entry points into the IoT device. Sometimes, these entry points are inherently trusted by the IoT device or application. Each attack surface discovered will have an associated risk, likelihood, and impact. In essence, attack surfaces are threats which have the potential to negatively affect a device to perform unintended actions. In order to discover each attack surface, theoretical use cases will need to be thought of before testing has taken place, or before software is written. This exercise is known as threat modeling.
This...
