1.5 Explain the threats and vulnerabilities associated with specialised technology

  • Mobile: malware; unpatched devices; jailbreaking; data leaks; OS vulnerabilities

  • IoT: weak passwords; insecure services; lack of security update; outdated component use; insecure data transfer/storage; lack of secure/physical device management

  • Embedded: programming errors; web vulnerability; weak access control/authentication

  • RTOS: RCE; DoS; information leak; improper access control

  • SoC: low-level hardware bugs (boot header modification; partition header table parsing)

  • FPGA: fault injection; hardware trojans; design leaks; foundry fabrication

  • Physical access control: insufficient access control; lack of training; unattended assets

  • Building automation systems: hardcoded secret; BOF; XSS; path traversal; auth bypass

  • Vehicles and drones:

    • CAN bus: DoS; unauthorized remote access

  • Workflow and process automation systems: 3rd party platform vulnerabilities; IAM issue

  • ICS: improper credentials management; weak firewall rules; network design weaknesses

  • SCADA:

    • Modbus: plaintext transmission; no authentication; command injection; weak sessions

Previous1.4 Given a scenario, analyse the output from common vulnerability assessment toolsNext1.6 Explain the threats and vulnerabilities associated with operating in the cloud

Last updated