1.5 Explain the threats and vulnerabilities associated with specialised technology

• Mobile: malware; unpatched devices; jailbreaking; data leaks; OS vulnerabilities

• IoT: weak passwords; insecure services; lack of security update; outdated component use; insecure data transfer/storage; lack of secure/physical device management

• Embedded: programming errors; web vulnerability; weak access control/authentication

• RTOS: RCE; DoS; information leak; improper access control

• SoC: low-level hardware bugs (boot header modification; partition header table parsing)

• FPGA: fault injection; hardware trojans; design leaks; foundry fabrication

• Physical access control: insufficient access control; lack of training; unattended assets

• Building automation systems: hardcoded secret; BOF; XSS; path traversal; auth bypass

• Vehicles and drones:

  • CAN bus: DoS; unauthorized remote access

• Workflow and process automation systems: 3rd party platform vulnerabilities; IAM issue

• ICS: improper credentials management; weak firewall rules; network design weaknesses

• SCADA:

  • Modbus: plaintext transmission; no authentication; command injection; weak sessions