Dobësitë e Zakonshme të IoT-së

Fillestar 13 min Siguria e IoT-së

Hyrje

IoT devices share a recurring set of weaknesses that have been documented by OWASP IoT Top 10 for over a decade.

Teoria

The list reads like a rogues gallery: weak or hardcoded passwords, insecure network services (telnet, open SSH with default credentials), lack of secure update mechanisms, use of unsupported components, insecure data transfer (HTTP instead of HTTPS, no cert validation), and insufficient privacy protections. The Mirai botnet exploited exactly these weaknesses in 2016, taking over hundreds of thousands of IP cameras and DVRs and launching some of the largest DDoS attacks ever recorded. Underneath, the root causes are economic: IoT vendors compete on price and time-to-market, security is rarely visible to buyers, and devices are often expected to run without updates for 5–10 years. Even when vulnerabilities are disclosed responsibly, patching depends on the customer updating the firmware — which most consumers never do. Countries like the UK (PSTI Act 2024) and the EU (Cyber Resilience Act) are now legislating minimum security requirements for connected products, which is starting to change vendor behavior. For individuals, the best defense is network segmentation: put IoT devices on a separate Wi-Fi SSID routed through a dedicated VLAN with restricted inter-VLAN traffic, so a compromised smart lightbulb cannot reach your workstation. For organizations, maintain an inventory of IoT devices, isolate them from production networks, and require a vendor security questionnaire before deploying new products.

Mjetet

Kategori zakonshme:

  • Fjalëkalime të parazgjedhura (admin/admin).
  • Firmware pa update, pa signature.
  • Shërbime telnet/FTP të hapura në LAN.
  • Komunikim i pakriptuar (HTTP, MQTT pa TLS).
  • Debug UART/JTAG i lënë i ekspozuar fizikisht.

Praktika

Skan IoT me Nmap dhe detection i banner-ave:

nmap -sV --script=banner,vuln -p 1-65535 10.0.0.0/24
nmap --script=http-default-accounts 10.0.0.50

Ushtrime

  1. Inventarizo 5 pajisje IoT në shtëpi. Kontrollo porta të hapura.
  2. Ndrysho fjalëkalimet e paracaktuara dhe aktivizo update automatik.

Burime

  • OWASP IoT Top 10.
  • ENISA — Baseline Security Recommendations for IoT.

Vlerësimet dhe komentet

Kyçu për të lënë një vlerësim.

Ende pa komente. Bëhu i pari!

Diskutime

Ende pa diskutime. Hap një temë të re