Consumer, Commercial, and Industrial IoT (In)Security: Attack Taxonomy and Case Studies

Internet of Things (IoT) devices are becoming ubiquitous in our lives, with applications spanning from the consumer domain to xmlns:xlink="http://www.w3.org/1999/xlink">commercial and xmlns:xlink="http://www.w3.org/1999/xlink">industrial systems. The steep growth vast adoption IoT reinforce importance sound robust cybersecurity practices during device development life cycles. IoT-related vulnerabilities, if successfully exploited can affect, not only itself but also application field which operates. Evidently, identifying addressing every single vulnerability an arduous, impossible, task. Attack taxonomies assist classifying attacks their corresponding vulnerabilities. Security countermeasures best then be leveraged mitigate threats vulnerabilities before they emerge into catastrophic ensure overall secure operation. Therefore, this article, we provide attack taxonomy, takes consideration different layers stack, i.e., device, infrastructure, communication, service, each layer’s designated characteristics, by adversaries. Furthermore, using nine real-world incidents that had targeted deployed consumer, commercial, industrial sectors, describe exploitation procedures, attacks, impacts, potential mitigation mechanisms protection strategies. These (and many other) highlight underlying security concerns systems demonstrate impacts such connected ecosystems, while proposed taxonomy provides a systematic procedure categorize based on affected layer impact.